Q&A on Employee Provisioning with Joerg Hirschmann: Part 3
This is the third and final entry in our Q&A series on questions related to employee provisioning and VPNs. Last week, we addressed how provisioning can benefit an organizations' overall security postures as well as the de-provisioning tactics necessary to mitigate security risks during employee transitions.
Question: Certain scenarios, such as short-term business partnerships, will require adaptable provisioning. How can VPN technology enable temporary and secure remote access? What are other solutions companies can use to incorporate flexibility into their
Joerg Hirschmann: VPN solutions offer different access points for various types of remote access users. In general, employees will require deeper access to corporate network resources than external partners will need. For that reason, companies should deploy VPN clients to their entire workforce, depending on the necessary access requirements, whereas external partners should access the relevant applications through client-less SSL VPNs, if possible. This will allow external partners to avoid the process of deploying software and licenses.
Organizations can also achieve temporary access, whether it be on-demand or limited hourly access, by implementing a Remote Authentication Dial-In User Service (RADIUS) server. With this approach, general access limitations can be set automatically, whereas on-demand access will have to be enabled--as well as disabled--manually by an administrator. Again, process quality is important.
If you have any questions that you would like answered on VPNs, remote access, network security and the like, send them to firstname.lastname@example.org.
Joerg Hirschmann is CTO at NCP Engineering GmbH.