The Access LifelineKurt Roemer, chief security strategist, Citrix --
SSL/VPN continues to be the technology lifeline of remote workers who require access to rich applications and data sources. Originally, these workers viewed the SSL/VPN as a simple extension of network connectivity, with many now finding greater utility in managing application access – both inside and outside the organization.
SSL/VPN technology has opened the doors wide to accommodate remote access needs. That’s no surprise, but what is surprising is how the control and management granularity of SSL/VPN are being applied to internal applications’ needs. There are many drivers behind this evolution, including access fluidity, support, granular application-level control and compliance.
In today’s highly regulated economy, “distributed everything” doesn’t make sense anymore. However, overly restricting the capabilities of the workforce leads to diminishing productivity – and an increasingly upset user community. In the face of deploying traditional “solutions” that would only deepen the chasm between technology and users, balancing the straightforward access methods and strict controls of SSL/VPN started to make sense for all classes of user needs.
By brokering virtualized access to application, desktop, network and data resources, the SSL/VPN has proven to be a mighty delivery vehicle.
Whether the access is from the office, home, an outsourcer or a personal mobile device, ease-of-access and security needs can be met. The application-level enforcement of security and compliance policies, including strong authentication, encryption, detailed audit logging and user controls that are consistent across applications has been a tremendous benefit for IT. Compliance is also a primary benefactor of these extensive capabilities and controls.
In the future, it’s logical to see this technology expand to become much more focused on brokering increasingly intelligent access and being intertwined with dynamic personal and business policies. A consistent access method for all flavors of access solves real problems, such as the separation of home and work environments on a personally owned device, as well as the assurance for the business that a managed barrier exists between personal and business usage and users’ divergent interests.
As an example, a worker attempting to access a highly-sensitive document will be subject to layered scrutiny, seamlessly automated through rich policy. As this worker issues the access request from their personal device, the policy notices that the worker is not using a managed device and that the requested application displays information that is subject to regulatory concerns. The workflow engine kicks in transparently and requires strong authentication, displays the application virtually for use and restricts the ability to copy, paste and print.
This situation requires on-line access, but what if the worker needed to complete the report on an airplane? On a managed device, workflow policy may have requested manager approval to copy the report to the device, after verifying that the report can only be saved to a properly encrypted managed partition.
By consolidating access methods and automating workflow and policy, the SSL/VPN has become the gateway that delivers the worker’s access lifeline. Now we just need a catchier name that portrays the true power of evolving “SSL/VPN” usage!