Networking

Seven features to consider for mobile VPN services

Scott Lowe offers a list of features to keep in mind when considering smartphone mobile VPN services.

The mobile revolution is upon us. With the explosion of mobile device usage and a related rise in employee desire to use their own personal devices for work purposes, organizations need to take appropriate steps to protect corporate information and provide access in a reasonable, consistent, and supportive way.

Many users make use of free Wi-Fi services that are available at coffee shops and McDonald's restaurants everywhere, but these connections are often unencrypted, which means they're basically wide open and ripe for exploitation. For uses who need to access systems behind the corporate firewall, VPN services help carefully and completely control access rights and ensure that all communication that takes place is encrypted, which keeps information safe from prying eyes.

When considering smartphone mobile VPN services, keep the following features in mind:

  1. Connectivity. VPN-based connectivity turns a mobile device into an extension of the corporate network.
  2. Authentication. This answers the question of "Who is accessing my infrastructure?" by requiring users to provide a username and password before access to services is granted. Better yet, consider mobile VPN clients that support multifactor authentication, such as the use of one-time passcodes, RSA tokens, etc.
  3. Encryption. A mobile VPN service must ensure that all communication between the mobile device and the corporate network is encrypted. Again, with so many people using unencrypted Wi-Fi connections, it's too easy to sniff out passwords and gain access to other sensitive information.
  4. Reconnection/transparent roaming capability. Mobility means moving from place to place and potentially from network to network, so a mobile VPN service has to be able to survive and recover connectivity in a way that doesn't drive the user insane.
  5. Provisioning. IT doesn't want users to have to bring their devices to the service desk to get connected to a VPN. Rather, a mobile VPN service should provide some kind of provisioning capability so that users can get provisioned and underway as quickly as possible.
  6. Interoperability (in two ways). First of all, a mobile VPN client should be able to interoperate with your VPN solution. If not, you have a big problem! Second, in the interest of consistency and sanity, if you're able to do so, try to use a mobile VPN client that provides versions for multiple client device operating systems. Doing so will significantly ease your support burden since the help desk can support a single tool.
  7. Policy enforcement. Ideally, a VPN client will do more than simply provide connectivity. In a perfect world, a mobile VPN client will help you enforce organizational policies for what devices are and are not allowed to do. Obviously, policies can and probably will be different between corporate-owned and personally-owned devices. However, don't expect that all VPN services will include this capability. VPN is really about enabling secure connectivity, while policy enforcement lies more in the realm of endpoint management.

Summary

With the right policies and services in place around mobile VPN, IT managers can sleep well at night knowing that the data they steward is safe and that users are able to access appropriate data so that they can do their jobs. What mobile VPN solution(s) have you found that works best for your organization? Share your experience in the discussion thread below.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

6 comments
dan88888
dan88888

I am using this to encrypt the traffic on my iPhone in public places: http://www.sunvpn.com/ I`t very useful in coffee shops, airports, just Google  Firesheep if you don`t believe me..

Lairdo
Lairdo

I just wanted to comment that not all VPN providers are equal. I used to use HMA who claimed to protect my privacy and not log anything. Then come to find out that they apparently log data and freely turn it over. After this I switched to https://VPNme.com. They DO NOT log anything, and I have been very happy with the 5.83 / month price especially with all the protocols supported. And what I think is the best feature of all is that even their lowest plan includes two concurrent connections. I get to have my home online randomly getting a new IP through their service and I get to use my iPAD at work and hot spots at the same time with one account. If you already have a vpn you should check out VPNme's privacy policy https://vpnme.com/privacy and compare against the one you are currently using. I would also encourage you to check out eff.org to see if the country your current VPN provider operates out of requires logging like HMA's location does. my 2 cent to keep you safe. Lairdo

coolmacapps
coolmacapps

I use HMA (http://hidemyass.com/vpn/r1258/) on my iPhone and iPad and I really like it. The only probably is in u.s. airway clubs when i am travelling. I can't connect to the VPN server. Except that, I am very please with Hide My Ass VPN except its name.

Johnsonm90
Johnsonm90

As per my understanding, it happens because the process gets killed when the phone goes into autolock, sleep mode, Power saving mode or screen saver mode. But I would like to know more about it and would appreciate if someone can please elaborate this..

NickNielsen
NickNielsen

you aren't on the network. That's not a virtual private network, that's an [u]actual[/u] private computer.

Editor's Picks