Remote App Access for Users—Without the Usual Pain of VPNs

In his recent remote work journey post, our Global CTO  Nicolas Fischbach describes the stages that many organizations are going through as they quickly adjust to a “new normal:”

• Infrastructure – Do we have enough internet bandwidth and VPN capacity?
• Application Access – Can our people get to the apps they need?
• Fine-tuning Access and Protecting Data – How do we make things more sustainable and secure?

By now, you’re probably gotten through stages 1 and 2, with people managing some way to get their jobs done. But, if your business depends upon a lot of internal applications, you may have spent a lot of time wrestling with VPNs. Frankly, I’ve never met anybody who liked setting up or using a VPN. They’re complicated and tend to be delicate. Worse yet, all too often they’re the source of nightmares for security teams.

VPNs are a very sharp tool—powerful but dangerous

The good part about VPNs is that they can fully expose your internal network so that your users can work the same way from home (or anywhere else) as they do from the office. But this is also the bad part of VPNs… eliminating the barrier that used to separate your internal network from anybody—and anything—on the internet. While it is possible to configure VPNs and firewalls to limit what remote users can access, when you’re rushing to get huge numbers of people productive, that may not be at the top of your list to figure out how to do.

Making the problem simpler: do your people need your network or your apps?

Fortunately, depending on what your people really do on your internal network, you may be able to take an easier—and safer—approach. For many users outside of IT, internal network access is a means to an end: getting to legacy business applications that aren’t yet based in the cloud. This distinction is important because application access is often much simpler to provide than network access.

Application access without VPN connections

Provide full network access through a VPN just to deliver web-based applications is overkill. There are a growing number of ways to enable your people to get to internal apps via a web browser; you may even have the tools in place already.

Many next-generation firewalls have full VPN connectivity built in for augmenting or even replacing the VPN you’re already using. But some, like our Forcepoint NGFW, also enable you to use the firewall act as a middleman between your remote users and the internal apps. Rather than push VPN clients to every endpoint device, you configure what’s called an “SSL VPN Portal” to know the internal address of your legacy apps. This portal provides a web page that people log into from their browser (usually with the same credentials they use for logging into your network). From there, they simply click on an icon for the application they want to use and the portal takes care of connecting them as if they were in the office. It’s much easier for people to use, and it dramatically reduces the risk that malware on the user’s device can sneak into your internal network.

See remote access best practices in action

We’ve created a microsite with a variety of materials about this and other aspects of enabling your remote workforce. There, you can quickly learn ways to take the pain out of securing access to cloud apps, protecting data in those apps, and keeping your employees safe as they work from home. We even have a webcast with a panel discussion and demo of how you can set up browser-based remote access to internal apps with the SSL VPN Portal in Forcepoint NGFW. Click on the Watch the Webcast button on the green banner on the right to view it. 

And, as always, if there is any way that we can help you protect your people and your business in these trying times, please don’t hesitate to ask.