Modern VPN can secure any cloud infrastructure

Modern VPN can secure any cloud infrastructure

IT security networks have become increasingly digital and flexible in recent years thanks to the cloud. Many companies are often now turning their backs on classic and proven solutions. But one thing remains certain: Cloud solutions in companies must be as secure as an on-premise infrastructure. Read on to find out how to achieve this.

Where a VPN server used to be the measure of all things in terms of professional IT security, it is now surpassed by cloud technology. Remote data centers are now more common than server rooms in corporate offices and we are now hearing more reports on Zero Trust, Single Sign On or SD-WAN than VPN technology which has been around for some time. But why is that? Is cloud connectivity replacing VPN? The answer couldn’t be further than the truth. Companies that opt for a modern solution benefit from contemporary VPN structures and digital cloud technology complementing each other perfectly. And there’s more: Set up correctly, their strengths can be combined to form a powerful IT security instrument.

Compatible and secure

Most companies value the spatial separation between their own equipment and the cloud, which also means that IT infrastructure does not have to be maintained and managed in-house. Nevertheless, the cloud is basically a data center that must be at least as secure as a local network solution due to the growing demands on security and access controls. In recent years, new cybersecurity concepts have been launched, especially SASE (Secure Access Service Edge), which connect computer networks and security solutions such as Zero Trust in a cloud service model. Classic structured VPNs may seem to be out of place in this dynamic network of state-of-the-art IT security solutions. But what if the VPN solution were just as dynamic as cloud technology and at the same time had a significantly higher level of security? In order for this approach to be successful, two main points must be met: Highly secure data communication via an IPsec tunnel and full compatibility with all major cloud technologies.

Next level security

Maximum security is achieved with a cloud-integrated VPN solution accessed through the gateway in conjunction with a management system. This can be, for example, the NCP Virtual Secure Enterprise VPN Server (vSES) in combination with the NCP Secure Enterprise Management (SEM). This combination has two major benefits: On the one hand, connections routed via it are transmitted by the IPsec protocol and not SSL. As a result, data packets are encrypted in a highly secure manner, and slow handshakes are dispensed with, meaning that users can use the full speed for data transfer. On the other hand, the gateway is not located directly in the cloud, but forms a secure environment directly on the server behind the firewall. In terms of servers, it is also advisable to opt for a data center based in Germany. This gives you maximum transparency on data streams and maintains digital sovereignty without backdoors.

VPN for the cloud

As we have already mentioned, highly secure VPN is not enough. To suit practical needs, the remote access solution must also be able to be used seamlessly with all important cloud services. This only works if the product is designed for this purpose. NCP’s enterprise VPN solutions can be used effortlessly as part of a SASE or SD-WAN infrastructure, for example. These solutions focus on gateway and VPN management, which can be run as pure software components on virtually any server hardware. Consequently, this type of VPN is already cloud-ready by nature and can interact with cloud applications.

VPN Gateway and Secure Enterprise Management can be understood as the entry point for cloud remote access. IT administrators can freely configure how the access requests are authenticated. Apart from individual queries with multi-factor authentication, the use of more complex systems such as SAML (Security Assertion Markup Language) is particularly suitable in the cloud. Here, the user is authenticated once via the SSO portal (Single Sign On) in the cloud. This authentication then applies to both internal services and external cloud applications. Administrators and users continue to enjoy all the advantages of their SAML interface, but at the same time are protected via a highly secure IPsec tunnel, which allows encrypted data transmission to company offices at full speed. This tunnel also offers an economic advantage for the company. With a suitable license model, the IPsec protection only becomes chargeable if the tunnel is actually connected. In this way, companies benefit from maximum flexibility in their remote access solution.

Zero Trust security from NCP

Technologies such as SAML/SSO are also often used as part of a higher-level Zero Trust strategy. Users only have access to the applications they need for their immediate work (least privilege principle). In practice, this is achieved via granularly defined firewall rules, which control access to the VPN gateway. Administrators benefit from a management component such as NCP Secure Enterprise Management (SEM) for configuring access rights of user groups and individual users centrally. Even if SAML/SSO access management is not combined with Zero Trust components, a good VPN solution offers powerful user authentication by means of multi-factor or user certificate verification. Companies also benefit from VPN software features such as central updates, endpoint policy checks or traffic management functions that extend the Zero Trust Concept.

From basic to advanced

Software features should not be overlooked, as they are essential to making the transition from basic security software to a universal cloud security solution. Features such as the NCP VPN Bypass or split tunneling help to manage data streams within a SAML system by sending data-hungry, but not security-relevant applications such as video streams past the VPN tunnel to the Internet. This reduces server loads and more computing power is left for the secure transmission of relevant traffic. For the security of the entire network, endpoint policy checks are indispensable in addition to multi-factor authentication. User end devices are checked for predefined security parameters before each login attempt. If, for example, a laptop does not meet the requirements because virus scanners or the operating system have not been updated, the connection is only established after the required updates have been completed. Administrators can also ensure compliance by distributing policies, firewall changes and software updates to individual user groups or the entire organization with just a few clicks through the VPN management components. Thanks to these powerful features, large numbers of users and WAN systems that are connected to the cloud are protected by the most advanced security available.

Single sign-on system
With a single sign-on system, users only have to log in once and can then access all applications securely.
Modern VPN solutions can handle the authentication process.

 

VPN Gateway and Secure Enterprise Management can be understood as the entry point for cloud remote access. IT administrators can freely configure how the access requests are authenticated. Apart from individual queries with multi-factor authentication, the use of more complex systems such as SAML (Security Assertion Markup Language) is particularly suitable in the cloud. Here, the user is authenticated once via the SSO portal (Single Sign On) in the cloud. This authentication then applies to both internal services and external cloud applications. Administrators and users continue to enjoy all the advantages of their SAML interface, but at the same time are protected via a highly secure IPsec tunnel, which allows encrypted data transmission to company offices at full speed. This tunnel also offers an economic advantage for the company. With a suitable license model, the IPsec protection only becomes chargeable if the tunnel is actually connected. In this way, companies benefit from maximum flexibility in their remote access solution.

Zero Trust security from NCP

Zero Trust concept
A comprehensive Zero Trust concept should include various components that are essential for the security
and ease of use of the overall solution.

 

Technologies such as SAML/SSO are also often used as part of a higher-level Zero Trust strategy. Users only have access to the applications they need for their immediate work (least privilege principle). In practice, this is achieved via granularly defined firewall rules, which control access to the VPN gateway. Administrators benefit from a management component such as NCP Secure Enterprise Management (SEM) for configuring access rights of user groups and individual users centrally. Even if SAML/SSO access management is not combined with Zero Trust components, a good VPN solution offers powerful user authentication by means of multi-factor or user certificate verification. Companies also benefit from VPN software features such as central updates, endpoint policy checks or traffic management functions that extend the Zero Trust Concept.

From basic to advanced

Software features should not be overlooked, as they are essential to making the transition from basic security software to a universal cloud security solution. Features such as the NCP VPN Bypass or split tunneling help to manage data streams within a SAML system by sending data-hungry, but not security-relevant applications such as video streams past the VPN tunnel to the Internet. This reduces server loads and more computing power is left for the secure transmission of relevant traffic. For the security of the entire network, endpoint policy checks are indispensable in addition to multi-factor authentication. User end devices are checked for predefined security parameters before each login attempt. If, for example, a laptop does not meet the requirements because virus scanners or the operating system have not been updated, the connection is only established after the required updates have been completed. Administrators can also ensure compliance by distributing policies, firewall changes and software updates to individual user groups or the entire organization with just a few clicks through the VPN management components. Thanks to these powerful features, large numbers of users and WAN systems that are connected to the cloud are protected by the most advanced security available.

 

Subscribe to blog

CAPTCHA image for SPAM prevention If you can't read the word, click here.