We’re looking for a VPN solution for our remote workers but we don’t want to give them access to our internal network through the VPN, basically just protecting their laptop when they’re on public WiFi. Maybe something like NordVPN. I have a few questions regarding security.

Are there any security concerns when giving our employee a public VPN account?

What’s the best way to handle employee access to VPN other than our corporate VPN?

And will they still need to use MFA for services like NordVPN?

If yes, and they’re not accessing corporate network through the VPN then why does it make sense to use MFA?

I believe I have the answers but I just want to bump heads with other security professionals and get some ideas.

Share This Discussion

1 Comment

  • tweedge

    November 14, 2021

    Protecting them *from what?* Be clear about your goal here. Web applications et al which must be accessed securely? Use HTTPS Everywhere – don’t throw unprotected data through a budget service provider. Need to protect against local attackers? Mandate full disk encryption, patch management, et al. These are unmanaged devices? Then you certainly aren’t in a position to ensure that your employees are using a public VPN, so you’re setting up mostly to waste money, IMO.

    I have a very hard time seeing what security benefits you expect a public VPN provider to provide here, considering that you could just implement controls to solve the *actual* issues you face.

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.