Unfortunately, most of the BYOD policy articles overlook a technology that has been the workhorse for secure remote access for more than a decade: SSL VPN.
Originally designed for secure remote PC and laptop access, SSL VPNs have adapted and evolved over the years as BYOD morphed from a buzzword to reality for many organizations. The SSL VPN solutions of today, like Array’s AG Series secure access gateways, offer a wide range of support for smart mobile devices. And, due to their unique position at the network edge, with visibility into the endpoints and policy-based control over access to network resources, SSL VPNs can be your first line of defense for BYOD – the foundation for your BYOD policy, if you will.
For example, Array’s SSL VPN solution provides granular access control based on user and role, and host-checking can verify device and user identity as well as whether the endpoint meets security parameters like anti-virus, anti-spyware, personal firewalls, allowed OS version, etc.
A mobile client supports secure access for native business apps and HTML5 apps via a secure browser, and all data associated with enterprise apps is stored in a secure container to prevent data leakage. The secure container can be remotely wiped in the event of loss or theft of a mobile device, and device-based identification can be used to prevent future SSL VPN connectivity by that device.
There’s much more to come – I’ll be posting part II of this blog series in the coming weeks. In the meantime, check out our secure mobile access page for more details on SSL VPN and BYOD.
One Note of Caution: All SSL VPNs Are Not Created Equal
You may have read over the past year or so of several vulnerabilities associated with OpenSSL, which is commonly used by other SSL VPN vendors. Heartbleed, Man-in-the-Middle, and GHOST are just a few of them. As you’re evaluating SSL VPN options, you may want to ask your vendor if their solution uses OpenSSL. Array’s AG Series uses a proprietary SSL stack, and thus has not been affected by any of the OpenSSL vulnerabilities.