Making Your Network Accessible but Secure

By Dan Muse | Posted September 09, 2003
Just because you run a small or midsized business (SMB) doesn't mean you don't have the same remote access needs as large corporations. With employees and contractors contributing from home-based offices, checking in from the road, or logging in at remote sites, the need to offer off-site access is increasing. Of course, you also have the same security concerns as large companies when it comes to granting remotes users access to network resources.

Setting up a virtual private network (or VPN) is an effective solution. But not many SMBs have both the expertise and the money to make it all work. NTT/Verio may have the answer with its SafeGuard VPN.Remote.

Announced today, SafeGuard VPN.Remote is a managed virtual private network service that will appeal to business of sizes, even those with as few as 10 remote users, according to Susan May, Verio's director of security product management. The service will be attractive to any company with remote users who access the company network via any IP methodology such as dialup, DSL, cable modem or ISDN, from any ISP, May said.

SafeGuard VPN.Remote is a network-based service, which means that Verio houses the necessary hardware and management and security software on its servers in its data centers and you pay a monthly fee for the services. However, your network manager controls rights and permissions through browser-based management software. "The Web-based portal removes the hassle to distributing client software and provisioning application and security profiles — things like which range of IPs or specific IP addresses a user can access, key materials, and so on," May said.

SafeGuard VPN.Remote taps the Internet Protocol security standard (IPsec), which is designed to provide a higher level of security than traditional remote access services (RAS) offerings. For example, while secure sockets layer (SSL) technology secures access at the network level, IPsec secures information at the application layer, May said. "It's not really an either or choice. SSL is well-suited for higher level uses, such as a corporate intranet. IPsec might be more suitable for higher-security applications such as access to financial or HR information."

Once remote access end user credentials are securely authenticated, access is secured by dynamically establishing IPSec tunnels via client software, which must be downloaded via a URL provided by Verio and installed by the customer on its computer, according to the company. Currently, VPN.Remote supports all versions of Windows on the client side, but, May said, Verio is also testing Mac and Soloris versions. Many initial customers are coming from both the Web and software development communities, Mac and Unix users abound.

VPN.Remote offers the following benefits according to Verio:

  • Affordability: With IP VPN-based remote access, private RAS services, along with long distance dial-up and related IT management costs, can be eliminated resulting in a significant cost savings.
  • Scalability: With a network-based remote access VPN solution, once the network VPN gateway is configured it can be scaled to support hundreds of thousands of end users, which allows Verio to keep its costs down. Scaling more traditional solutions requires the deployment of additional hardware and phone lines.
  • Broadband access: The increased use of broadband Internet connectivity from residences, hotels, Internet cafes and so on allows remote access VPN users to inexpensively access corporate resources at a much faster rate than with dial access.
  • Secure Extranets: Many business find it beneficial to allow outside organizations and individuals such as contract employees with varying degrees of trust to use the company's resources. VPN.Remote solution is designed to provide a secure and inexpensive means for extranet partners to connect.
  • Reduced Management Complexity: You can make changes to the VPN.Remote service via a customer Web portal with "flow-through provisioning." That means the administrator can view the current status of end-user connections and perform tasks in real time, such as adding or deleting users, changing passwords or viewing session history. Administrators don't have to have Verio open a job ticket for each user or task and this "provides greater security — especially if an employee leaves the company. You don't need to wait a few hours to remove them," May said.
  • Service Level Agreements (SLA): VPN.Remote is monitored and managed by Verio with a service outage notification SLA of 15 minutes and a solution failure SLA of eight hours.
The cost of the VPN service is not cheap, but it is more affordable than setting up your hardware and deploying your own software. Fees range from $6 to $6.50 per user, per month. The management fee is between $650 and $800 per month, according to Verio. May points out, however, that you pay by the session, so you can opt, for example, to pay for 10 monthly simultaneous users even though you may have 50 users in the field since they probably won't all need access at the same time. "It's easy to add users as you need."

According to market reseach firm IDC, thanks to the rise in telecommuting and growth of broadband netorks, companies spent about $2.3 billion on managed VPN services in 2002. However the research firms expects that number to grown to $3.1 billion in 2007.

Dan Muse is executive of internet.com's Small Business Channel.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date