We have sonicwall vpn for accessing work resources offsite. Its a pretty standard affair but my boss wants to have people who connect to Public Wifi (most commonly would be our salesmen) to have VPN. He wanted me to source another VPN solution like nord/express/ect stating that he doesn’t think we want them connecting to our vpn just for accessing email. So I have a few questions.
How well does a 3rd party vpn play with a work vpn like a sonicwall vpn
If its just security for when accessing email is 3rd party more secure or would sonicwall be more secure.
Any vpn recommendations that work well on Apple phones, especially for very non-tech savvy users.
Edit: Thanks for the replies everyone. At this point im gonna look into implementing MFA on users as we have O365 and the infrastructure is already there for that.
How are they accessing email? Why are they still using an archaic method that doesn’t already encrypt the connection between the workstation and the email server?
Could you broaden your existing SonicWall VPN to be ‘always on’ for your users? Wherever they are they automatically on the VPN for everything they do?
You could use split-tunneling to specify certain bandwidth-hogging apps or online meeting apps (Zoom, Teams, etc) to go outside of the tunnel to save you bandwidth/from performance issues.
If you allow connections from a public VPN service (that anonymizes) how will you defend against bad actors using that same public VPN to hack into your email system?
Your boss is wrong and need it explained that this is what the corporate VPN is for.
NordVPN is marketed towards consumers who want to bypass country restrictions to access online content. It’s not a solution for securing company data. Additionally you don’t need to secure traffic between the client and exchange server. SSL already does that. Nobody is realistically hacking your exchange server because you’re specifically on public wifi.
Are you experiencing issues that you are trying to solve?
A 3rd party VPN is an expense and doesn’t yield any benefit for talking to your mail server. In fact, it’s better your mail server knows where you are coming from and not from a Nord node somewhere.
You can get a hosted business VPN, yes. Remote workers connect to the hosted VPN. You can set up tunnels between the hosted service and your offices if required so remote workers can connect to on-prem systems (be aware that implicitly trusting anything VPN-connected without further authentication is a risk), but traffic to the internet goes to the service providers systems and then onto the destination without loading your office connections.
It provides an extra layer of security that may not be strictly necessary, but I’ve seen insurers and certification that like to see everything VPN-encrypted. (Or at least, that if everything is VPN-encrypted then some other requirements get relaxed.)
You can do it SaaS with a VPN provider such as Nord, or you can do it IaaS on generic hosting such as Azure, whatever works best for you.