Remember the good old days, when the only people who needed access to your virtual private network (VPN) were full-time, on-site employees using company-issued devices? Today, the people who need VPN access are as likely to be contractors as employees, and as likely to be logging in from a personal device as an office laptop. VPN access makes it easier for them to connect to the resources they need, improving your organization’s ability to work collaboratively and productively. But it can also increase your identity risk.
Think about it: How do you know that the third party who’s trying to access resources is really who they claim to be? Or that they haven’t shared their credentials with someone else in their organization who isn’t entitled to access? Just because someone has a legitimate username/password to access the VPN doesn’t mean they’re the legitimate owner of those credentials. According to the 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related data breaches involve weak or stolen passwords.
Given these two realities – that you need to make the VPN accessible to a far broader group than ever, and that doing so increases your identity risk – what can you do to make access both convenient and secure? Multi-factor authentication can help by requiring additional authentication to reduce identity risk. But not just any multi-factor authentication will serve you well. Look for one with these three characteristics:
- Risk Analytics
A multi-factor authentication solution with a powerful risk analytics component will be able to discern the level of risk posed by a request to access the VPN and respond accordingly. That means you can require more authentication only when access risk is high enough to warrant it, rather than every time there is a request. This makes it possible to reduce risk while minimizing the inconvenience to legitimate users.
- Multiple Authentication Options
The more kinds of users need access to your VPN, the more critical it is to provide them with a variety of means of access. Depending on the user, where they are and what they’re doing, some options for additional authentication will be preferable to others. Look for a multi-factor authentication solution that offers a variety of secure choices: mobile push-to-approve, one-time passcodes, biometrics, and hardware and software tokens. This helps you provide convenient VPN access without compromising security.
- One Solution for All Types of Access
For many organizations, the VPN is just one point of access to resources; others may include digital workspaces and the cloud, to name just two examples. Instead of adopting different multi-factor authentication solutions for them, look for one you can extend to multiple access scenarios. That way, users have a seamless experience no matter how they access resources, and you only have a single solution to manage.
Learn more about transforming secure access to meet today’s challenges by signing up for the RSA five-webinar series Access Transformation in Action, continuing through July 25 and available on demand after that date.