Virtual private networks (VPNs) are a tried and true method for providing remote access to internal applications. Essentially, they create a private, encrypted tunnel for an off-site user to connect to applications in a corporate data center. But VPNs aren’t a silver bullet – organizations that provide users with just a username and password to log into their VPN connections could be exposed to data breaches if those credentials are stolen.
Protecting your VPN access with multi-factor authentication (MFA) adds an additional layer of defense. Here are five reasons you should secure your VPN with MFA to ensure trusted access.
Protect Against Credential Theft
According to the Verizon 2018 Data Breach Investigations Report, 81% of hacking-related incidents leverage stolen or weak passwords. A VPN is not immune, with stolen credentials, an attacker can access the corporate network over the VPN and from there, can try to gain higher privileges and move to other systems, applications, and servers. An attacker could also potentially install malware on internal systems to gain persistent backdoor access to the network.
Layering strong MFA on top of a VPN defends against credential theft. MFA verifies the identity of all users with a second factor before granting access to corporate applications. This protects against phishing or other access threats.
Achieve Regulatory Compliance
Securing VPN access is also a data regulatory compliance requirement, and MFA helps achieve compliance. For example, PCI DSS 3.2 requires organizations with cardholder data environments (CDE) to secure all remote access—even through a VPN—with MFA. Other compliance requirements, such as HIPAA and NIST 800-171, also have similar MFA requirements.
Adding MFA with your VPN deployment instantly reduces the risk of a data breach while helping you easily meet compliance requirements.
Enable Consistent Access Security for On-Premises and Cloud Apps
While VPNs deliver remote access to on-premises applications, many organizations are moving workloads to the cloud. That can often introduce inconsistency into how users access applications—creating different processes for on-premises and for use of the cloud.
MFA ensures consistent access security across on-premises and cloud apps, meaning the process for logging into the VPN is the same as the process to log into email, file sharing, collaboration, or any other applications that have moved to the cloud.
Gain Visibility Into All Devices
Some MFA solutions open up a world of rich device telemetry to give you insights into the devices accessing all applications – on-premises and in the cloud, including your VPN deployment.
You can see the security posture of all user devices, such as laptops, desktops, and mobile devices, including all personal devices—aka bring your own devices (BYOD)—that access cloud applications.
Enforce Granular Access Security Policies
There are certain MFA solutions that offer the ability to enforce security policies based on user and device risk. For example, you can enforce a security policy for VPNs to allow access only from specific locations, such as the U.S., and from devices that have up-to-date software. This gives you a higher level of assurance before you grant a user or their device access to applications.
For many businesses, MFA is the first step along the path to a zero-trust security model – also called the “software-defined perimeter" – in which you base application access on user identity and the trustworthiness of devices.
Adding MFA to a VPN unlocks secure access to both on-premises and cloud applications—and ensures that access is trusted.
Kobargo Technology Partners delivers managed IT solutions with partners like Duo Securities, a leader in authentication and security, to protect your data and brand from cybercriminals. Leverage our 50 years of experience to protect, manage, and support your network, data, and users. Visit us to learn more, about what we can do for you!
Source: Duo Securities