Adding MFA to your VPN to Secure Your Remote Workforce

Written by Kayla Coco-Stotts on April 22, 2020

Share This Article

The dramatic turn of worldwide events forced organizations to completely transform the way they work. Whereas before, most IT teams maintained a singular, on-premises working environment, now countless IT professionals are scrambling to provide remote access to vital resources for all users.

Virtual private networks (VPNs) have been widely used for many years to securely connect remote users to an organization’s main network from anywhere. VPNs have become critical in recent months to ensure that IT professionals protect user access to their resources from the safety of their homes. 

As such, these vital endpoints need to be secured, and multi-factor authentication (MFA) is widely considered to be the best method for doing so. Below, we’ll discuss the value of adding MFA to your VPN and cover avoiding administrative maintenance so the job of securing VPNs is seamless and simple.

The Value of Adding MFA to Your VPN

Traditionally, remote workers would simply log in to their VPN via credentials, and the VPN allowed access to their IT resources — such as applications and files — behind that VPN. However, the No. 1 attack vector for any organization is compromised credentials, so credentials alone are not sufficient to protect VPN access to critical resources. 

With mandatory remote work, internal IT has focused on leveling up their security practices with MFA. Adding MFA to your VPNs requires that users combine something they have (typically a token generated by their mobile device) with something they know (typically their credentials). So, even if a bad actor obtains their credentials, they only have half the components required to access an organization’s core network through a VPN. In fact, Microsoft reported in 2019 that enabling MFA can block over 99.9% of account compromise attacks.

By adding MFA to your VPN, you can take away the impact that compromised credentials have on organizational security. With so many critical resources often behind VPNs, adding MFA to your endpoints could save your organization from devastating attacks.

The Challenge of Adding MFA to Your VPN

By implementing MFA, you not only protect against credential theft attacks, but you can also use it to gain consistent, secure access to vital resources and maintain compliance for auditors. However, the challenge is that manually adding MFA to your VPN can be difficult to implement and maintain. 

It requires extensive time and effort on part of the internal IT team to provision, deprovision, and modify user access to the VPN. Even more so if your core identity provider (IdP) is managed on-prem, since legacy infrastructure requires in-person contact to address issues. The maintenance or troubleshooting of MFA-enabled VPNs for legacy IdPs is tricky for admins forced to work from home. 

A Modernized Solution

With JumpCloud’s RADIUS-as-a-Service, IT professionals can manage user accounts for their VPN with ease and include built-in MFA to protect their endpoints. Using RADIUS-as-a-Service, admins bridge network authentication with their core IdP, eliminating remote user access challenges and securing both the VPN and RADIUS networks with MFA. Then, IT teams can use RADIUS-as-a-Service to connect with their preferred VPN solution, seamlessly boosting security with MFA — all provided through a single cloud-based console. 

Therefore, enabling a remote workforce to securely access resources can be done without manual implementation and maintenance. Centralized under a modernized identity and access management (IAM) platform, JumpCloud® Directory-as-a-Service® makes protecting your remote workforce seamless and hassle free.

Learn More

Interested in solutions to help you secure your remote workforce? Feel free to reach out to one of our representatives; JumpCloud is here to help you transition during these trying times. 

You can also read our guide to working from home with JumpCloud, or you can listen to this webinar that describes how our internal IT team transitioned JumpCloud to a remote environment in three days.

Continue Learning with our Newsletter