Secure Remote Access for Financial Services at Scale


Secure Remote Access for Financial Services at Scale

Financial institutions have provided remote access to the corporate network via VPN appliances in their data centers for many years. This allows remote or mobile employees to connect to desired corporate resources upon typically multi-factor authentication. This architecture may include several variants:

User-initiated tunnel: This VPN model lets users initiate the tunnel as needed for access to the internal data center. Generally, users will connect for a short time, complete their work with a given application, and then disconnect. Even traffic destined for the internet is backhauled to the corporate data center for policy and security enforcement. Unfortunately, this leads to higher latency and may result in a poor user experience.

Split-tunnel VPN: A common but not secure method of deploying remote access VPN is to set up a split tunnel. With a split tunnel, traffic bound for the corporate domain goes over the VPN tunnel, and everything else goes directly to the internet. This may reduce latency for internet traffic, but it means there is no traffic inspection at all for internet or cloud traffic. Web proxy: To compensate for times when the user is not connected to the VPN, many organizations have tried using a cloud-based proxy for web browsing when off the network. However, a web proxy does not perform full inspection of all internet-bound traffic—only web. This is fundamentally different from the level of inspection conducted at the data center.

Leave a Reply

Your email address will not be published. Required fields are marked *