As working from home becomes the new norm during this current global crisis, IT systems are coming under increasing strain to accommodate the demand for remote access. Enterprise Mobility and Security Infrastructure Expert, Richard Hicks and Kemp’s Principal Application Experience Architect, Frank Yue came together for this webinar where your top questions on Direct Access, Always On VPN, VDI and Load Balancing were addressed so that you can ensure your mission critical applications are always-on and secure.
How do you balance an end user’s need for urgency, which obviously we all have in today’s interesting world, with making sure that our remote access is secure?
I think you can deploy a solution fairly rapidly and do so in a very secure manner because there’s just a handful of security principles that you would need to abide by. Using modern authentication, using modern cryptography, and ultimately using robust authentication, meaning a certificate. So you can provision these solutions fairly quickly and support urgent user needs for scenarios like that and do so in a very secure manner.
And, of course, there’s some new technologies coming up that will allow us to very rapidly onboard users in the field. Specifically, I’m talking about things like Intune and AutoPilot, and literally provisioning these users’ devices in the field and giving them secure remote access in a very robust and secure way, and doing so very, very easily and without having to actually ever be in the building to provision the device. So there’s a number of options there.
Are Always On VPN connections frequently dropped? We use the device tunnel. Would you say that user tunnels are more resilient?
I would say yes and it’s mostly due to the transports that they use. We had a discussion earlier about IKEv2 and some of its limitations, operationally-speaking. We talked about fragmentation, we talked about just simple firewall availability and those types of things. The Windows 10 Always On VPN device tunnel uses IKEv2 exclusively so, yeah, there’s going to be challenges and issues with the device tunnel, mostly because those are issues with the protocol at the transport level. So, in those scenarios, yes, the user tunnel using SSTP would probably be more reliable simply because the VPN protocol, SSTP, is more widely available and is less prone to challenges and issues like we’ve seen with IKEv2.
What does the future of enterprise mobility look like? With everything being cloud-based, will there even be a need for VPN in the future?
The cloud is really changing that and it’s changing it rapidly. The bulk of our work is actually done over the Internet. We have productivity suites like Office 365 and all of our mail. Everything is cloud-based. So the requirement to have access to an on-premises data center is much less so today than it was 10 or 15 years ago. So the model is changing just a little bit. However, this assumption that everybody’s going to go to the cloud and be 100% cloud, I think is foolish. I think that the vast majority of organizations in the world will be hybrid. I think they will still have an on-premises presence, maybe much less so than it was.
And, at the end of the day, they’re going to have managed devices and they’re ultimately still going to be responsible for maintaining the security posture of those devices and, ultimately, providing visibility control over those devices when they are in the field
Administrators are still responsible for those field-based devices, their security, maintaining the configuration. And, again, visibility control, understanding that these devices, where they’re going, what they’re accessing and those types of things, if they’re exhibiting risky behaviour, if they’re exhibiting indicators of compromise, and be able to remediate those devices and so forth. And, at the end of the day, ultimately, protect their data. So there are a variety of ways in which to do that. But, ultimately, I think that the future of enterprise mobility is changing. I don’t think it’s going away any time soon. But I think the use cases will definitely change a little bit in the future, going forward.