Webinar: Learn how to improve WFH security in our Sept. 29 webinar with a former General Electric CIO & an industry analyst Register today

Securing VPNs with MFA




We live in an age of the remote worker. After all, 68% of global employees surveyed work from home at least once a month (Owl Labs). Of course, while there are benefits to employee satisfaction, remote work also presents a security risk. Since they are not physically on the network, remote workers can fall prey to attackers without the proper protection. A powerful defense mechanism that’s being used is the VPN. That’s why many IT admins are looking into securing VPNs with MFA.

Why MFA?

Traditionally, a VPN, or virtual private network, acts as a sort of tunnel between remote workers and the on-prem network. In essence, using a VPN creates a facsimile of the physical on-prem network experience and its associated protections that employees can use to work remotely without worry.

Unfortunately, in this day and age of identity security breaches, even VPNs can be compromised. For instance, if a bad actor has somehow made off with a user’s credentials through phishing or other means, they can then use those credentials to prey on the core network through the VPN.

What is MFA?

By implementing multi-factor authentication (MFA), IT admins have found that they can reduce attack vectors on their network dramatically. MFA adds an additional layer to the traditional login process (username and password), most often using a time-sensitive token generated by a phone app, a USB token, or even biometrics.

Adding this secondary factor gives hackers a large hurdle to leap. After all, they would need either an employee’s phone, USB, or other secure token in addition to their core username and password in order to authenticate and log in. Symantec found that adding an additional time-sensitive layer to authentication reduces the chances of a breach by 80%.

Securing VPNs with MFA

So, MFA is obviously a great way to step up identity security. How then can an organization start implementing MFA to help secure their VPN access?

The first step is to connect the VPN’s identity source to be a core directory service. Users will be prompted for their credentials, and through a setting in the directory service, can enable the requirement to add another factor for login. This second factor is attached to the user’s core identity and the 2FA process can be used on the VPN at login. Further, this second factor could potentially be used elsewhere, for example with systems and web applications.

In this cloud era, IT admins need solutions that are agile and cloud-forward, and perhaps more importantly, don’t break the bank. What options do IT organizations have then?

MFA for VPN and More, From the Cloud

There is a solution available to IT organizations that secures VPN access, among other things, with MFA. The solution is a cloud directory service, which also features SSO with SAML, LDAP app management, system management, and more, in a single solution.

One way admins can use this cloud directory service, JumpCloud® Directory-as-a-Service®, is to manage their users VPN access using RADIUS or LDAP. Admins can then use JumpCloud’s MFA for RADIUS to lock down VPN access even further.

Directory-as-a-Service doesn’t stop there, however. IT organizations can leverage JumpCloud to control their users and their access to systems, networks, applications, infrastructure, and more from a single admin console. This creates a True Single Sign-On™ experience, allowing end users to leverage one set of credentials for all of their IT resources?

Try JumpCloud Free

You can leverage all that JumpCloud has to offer for free, just by signing up for Directory-as-a-Service. A JumpCloud account includes ten users that your organization can use for free forever, and requires no credit card information. We also offer free live demos if you would like to see the product in the hands of an expert. Questions or comments? Feel free to reach out to us; we’d be happy to help you.


Recent Posts
IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.

Blog

The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA

IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.

Read this blog to compare using a handful of solutions to manage your IT environment versus using a single cloud directory platform. Try JumpCloud free.

Blog

JumpCloud versus AD + Okta + Jamf

Read this blog to compare using a handful of solutions to manage your IT environment versus using a single cloud directory platform. Try JumpCloud free.

Security is simultaneously the number one priority and challenge for most IT teams. Use JumpCloud to secure your identities free.

Blog

How to Ensure Organizational Security With JumpCloud

Security is simultaneously the number one priority and challenge for most IT teams. Use JumpCloud to secure your identities free.