Today, traditional VPN’s – such as IPsec VPN’s – the most common way for businesses to organize remote working and give access to satellite offices. The roots of the technology date back to the 80’s and have become a default building block for many network security platforms. Many firewalls will just have VPN capabilities built-in.
Time, however, has changed. On average, each one of us uses more than 3 devices and has become a lot more ‘mobile’ in the way we work. But also security and compliance threats have grown significantly, not in the least with the advent of the ‘Global Data Protection Regulation’ (GDPR).
So, yes, VPN’s are very cheap to set up and purchase. But how does it weigh-up to the challenges of the 21st century? In the table below we provide a summarized view:
|Any device||VPN’s are built to run on ‘managed’ devices. The clients need to be installed and updated. Especially the certificate management causes stress for many IT support organizations||Awingu gives access to all company IT assets via a browser. There are no clients to install. As such, Awingu is not limited to ‘managed’ devices, but just as easily non-managed devices are supported. Perfect for companies that have a ‘platform agnostic’ strategy or for those that enable ‘Bring Your Own Device’.|
|Security||IPsec and other VPN solutions were built as a security solution. And it does what it was intended to do: secure the end-to-end tunnel of data traffic.
· However, the reality is that a lot of (confidential) data resides on the local devices (typically the managed laptops) of the end-users.
· Due to this nature, a lot of VPN’s are ‘linked’ with the device’s security status (e.g. anti-virus must be up-to-date, or VPN access is not allowed). This is often a trigger for support calls and bad user experience.
· Furthermore, often IPsec VPN’s only leverage on a certificate that is installed on the device as “Multi-Factor Authentication” (MFA) solution.
|Awingu leverages is a browser-based solution. It leverages SSL to encrypt and secure the end-to-end tunnel of data traffic. But beyond that, Awingu will offer additional security layers:
· There is no local data on the device. Everything resides security in the companies’ centralized IT infrastructure. Any downloads’ to a local machine will be audited and identified.
· Multi-Factor Authentication. Awingu comes with a built-in ‘one-time password’ solution that enables businesses to use tools such as Google Authenticator free of charge. Besides, Awingu offers integrations with a very wide range of industry-leading MFA solutions
· File servers are not accessed directly. Everything must run via the browser, adding a lot of security again ransomware viruses that try to abuse on unprotected file servers.
|Support effort||VPN always requires the installation of a local agent and certificate. And, these need to be updated. Even with a proven and decades-old technology, this is where things often go wrong.||Awingu runs in a browser. There are not clients/agents to be installed or updated. Obviously, there is no link between Awingu and the local device (for example the local anti-virus agent) that can drive user frustration and support calls.
As a result, Awingu generates extremely few support tickets.
|Bandwidth usage||The essence of traditional VPN’s is that they move data to and from the local endpoint device. This means that bandwidth consumption can be very unpredictable: e.g. if 2 people are syncing a file share then overall performance of the VPN performance might be degraded for all users.||Awingu’s bandwidth consumption is highly optimized: 250kb/s (up & down) are sufficient for average usage. Only pixel changes are streamed via the browser to the end-user. Files remain in the company’s central data center. Meaning there is no down- or up-load traffic generated when manipulating heavy PowerPoint, Database or other files.|
|User management||User access management is not only linked to Active Directory (AD) but also the device certificates. I.e. when an employee leaves the company, then his device certificate needs to be revoked. Something which unfortunately is often forgotten.
|User access management is very transparent. The Active Directory (AD) is the only master. Revoking access to Active Directory is the only required access.|
|Compliance||The use of IPsec based VPNs imply that a lot of confidential data is typically available on the local device of the end-user. These devices get lost or stolen, creating the risk of compromising this data. From a GDPR perspective, businesses depending only on IPsec VPN will need to implement additional tools.||With Awingu, there is no local data on the device. Furthermore, there are is a full usage audit available out-of-the-box. As such, Awingu can enable a big step towards GDPR compliancy.|
Want to learn move about Awingu? Talk to us!