Business continuity is a great item for an IT managed service provider to have in their catalog of offerings. It’s really the type of service that does a fine job of selling itself considering how the entire focus is built around making sure operations continue to thrive in the event of a natural disaster or other happenings that threaten to disrupt business. It can be a lucrative addition for sure, but for most vendors, its success hinges heavily on three simple letters: VPN.
Virtual private network technology is critically important for an MSP. By providing remote access to the corporate network, a VPN ensures that employees can connect to the applications and services they need even if a sudden disruption causes them to leave the office. It’s that handy straw that keeps stirring the drink and making sure business misses as few beats as possible. For vendors, the biggest challenges lie in delivering a VPN that enables clients to quickly perform backups and get systems back online.
A few years ago, a former employee of Energy Future Holdings got into the corporate VPN and ended up costing the company $26,000 worth of damage. This highly publicized breach pointed an uncomfortable light on the security challenges tied to information technology and virtual private networks, in particular. Improper storage of passwords, middle-man attacks, and plain ole poor configuration are among the issues that can grant network access to unauthorized parties. With that access, intruders may leach off IT resources, or thieve sensitive data the client can’t afford to lose.
VPN Security Challenges and Solutions
Before you go touting your company as a seasoned business continuity expert, you need to be sure you can securely and efficiently supply this critical service. Here is a quick security checklist for MSPs who want the utmost confidence in their VPN offering.
Use up to date encryption
Encryption protects two vital components in the VPN process: the authentication part that allows the user to sign into the system, and the delivery part that actually transfers data over the network from one computer to another. Both of these components should be protected with the most recent encryption technology. Password Authentication Protocol (PAP) and Point-to-point Tunneling Protocol (PPTP) are examples of two methods that have been destroyed by hackers and no longer recommended due to their ineffectiveness. The exact protocols an MSP requires will be determined by factors such as your operating system and VPN platform.
Use a rock-solid platform
A managed service provider can eliminate several security concerns right off the bat by using a quality VPN solution. Some of these solutions are predominately hardware based while others are exclusively driven by software. You can get hardware from networking players like Cisco, Juniper and CheckPoint. Software is provided by vendors familiar and perhaps not so familiar in standalone formats and cloud-based versions available on flexible deployment models. Whether it’s hardware or software-powered, MSPs should be on the lookout for built-in security features and support that keeps their VPN platform running efficiently
When a client enters a managed services agreement, they are essentially entering a partnership. And as the party with the biggest responsibilities, the MSP should have their partner’s best interest at heart. Take the initiative to school your customers on VPN security. Teach them the importance of storing the usernames and passwords to the network in a safe place that is preferably not on the system they are connecting from. Help them understand that they introduce a bigger risk the more employees they grant access to the network, and why that network shouldn’t be abused by checking personal emails and social media updates.
Optimize the network
This one here is more efficiency than security-related. Dealing with backups is not only time consuming, it’s a blip on resources. This is often the case even in local environments. Imagine doing a huge backup from and to a system that is thousands of mile removed from your location. Plain and simple – remote backups are made and broken on the quality of the network. The adage better late than never is a slap in the face when restoring a backup takes so long to recover that it falls short of your established disaster recovery metrics and jeopardizes mission-critical business operations. Providers should conduct thorough evaluations and regular testing to make sure their network is optimized to support all of the client’s needs.
Enabling secure remote access to corporate resources from a broad range of computing devices is a monumental challenge for some organizations. The managed service provider that delivers this luxury can help their clients enjoy a piece of mind and score some huge loyalty points in the process.
Are you handling backups of offsite clients? Learn how to manage all of your remote backups in one place using StorageCraft ShadowControl CMD.