Scott Lowe offers a list of features to keep in mind when considering smartphone mobile VPN services.
The mobile revolution is upon us. With the explosion of mobile device usage and a related rise in employee desire to use their own personal devices for work purposes, organizations need to take appropriate steps to protect corporate information and provide access in a reasonable, consistent, and supportive way.
Many users make use of free Wi-Fi services that are available at coffee shops and McDonald's restaurants everywhere, but these connections are often unencrypted, which means they're basically wide open and ripe for exploitation. For uses who need to access systems behind the corporate firewall, VPN services help carefully and completely control access rights and ensure that all communication that takes place is encrypted, which keeps information safe from prying eyes.
When considering smartphone mobile VPN services, keep the following features in mind:
- Connectivity. VPN-based connectivity turns a mobile device into an extension of the corporate network.
- Authentication. This answers the question of "Who is accessing my infrastructure?" by requiring users to provide a username and password before access to services is granted. Better yet, consider mobile VPN clients that support multifactor authentication, such as the use of one-time passcodes, RSA tokens, etc.
- Encryption. A mobile VPN service must ensure that all communication between the mobile device and the corporate network is encrypted. Again, with so many people using unencrypted Wi-Fi connections, it's too easy to sniff out passwords and gain access to other sensitive information.
- Reconnection/transparent roaming capability. Mobility means moving from place to place and potentially from network to network, so a mobile VPN service has to be able to survive and recover connectivity in a way that doesn't drive the user insane.
- Provisioning. IT doesn't want users to have to bring their devices to the service desk to get connected to a VPN. Rather, a mobile VPN service should provide some kind of provisioning capability so that users can get provisioned and underway as quickly as possible.
- Interoperability (in two ways). First of all, a mobile VPN client should be able to interoperate with your VPN solution. If not, you have a big problem! Second, in the interest of consistency and sanity, if you're able to do so, try to use a mobile VPN client that provides versions for multiple client device operating systems. Doing so will significantly ease your support burden since the help desk can support a single tool.
- Policy enforcement. Ideally, a VPN client will do more than simply provide connectivity. In a perfect world, a mobile VPN client will help you enforce organizational policies for what devices are and are not allowed to do. Obviously, policies can and probably will be different between corporate-owned and personally-owned devices. However, don't expect that all VPN services will include this capability. VPN is really about enabling secure connectivity, while policy enforcement lies more in the realm of endpoint management.
With the right policies and services in place around mobile VPN, IT managers can sleep well at night knowing that the data they steward is safe and that users are able to access appropriate data so that they can do their jobs. What mobile VPN solution(s) have you found that works best for your organization? Share your experience in the discussion thread below.