IT admins have been creating and using VPNs for their remote workers for a long time now. The view was that every worker needs to connect back to the directory to authenticate to their on-prem resources and then branch out to the internet. In decades past, when remote workers really only could do their jobs by connecting to the internal LAN, the approach of having a VPN for each worker made sense as it offered users greater flexibility and the ability to work remotely. Today, though, the cloud is changing how IT admins approach remote workers. With this shift to the cloud, should IT organizations just skip the VPN for connecting users to the directory service?
When VPNs were Indispensable
VPNs have been an extraordinarily useful tool. They create secure connections between remote workers and the on-prem network. For workers who were traveling, home sick, etc., VPNs empowered users work outside the main office and still be productive.
As more of a user’s work involved IT and on-prem applications and systems that were located within the network, VPNs became indispensable tools for organizations. Users connected to the VPN, then they could securely connect to the network and then navigate to the systems, files, or applications that they needed. It didn’t always happen so quickly though. Initially, connection speeds were very slow, but users were still able to get their work done. Over time, VPNs became fast, so the experience was almost like being on the local network.
While users liked being able to get their work done away from the office, IT admins liked VPNs because they were secure. A user was usually challenged to authenticate twice to access their resources. First, a user needed to log in to the VPN before they were allowed access to the network. Even after they gained access, the user would likely need to log in again to authenticate with Microsoft® Active Directory® before being allowed to access Windows®-based IT resources on the network. This was one of the core reasons that IT admins leveraged VPNs—it made users authenticate with AD.
Remote Workers and IT: Forced into using VPNs
As more IT applications and resources moved to the cloud, the number of reasons to connect to the local network decreased. Eventually, IT admins were only interested in leveraging the VPN for authentication with Active Directory. There was one simple fact that propelled IT admins’ interest in AD; if AD was out of the equation, IT could not control and manage user accounts and the Windows-based systems themselves. That meant the usage of VPNs had to continue. For users, the consequence was that they had to log in an extra time. For it IT, they needed to manage the VPN software. As the IT network became more cloud-centric and resources became accessible via web browser, users and IT admins alike were wondering why they needed a VPN at all anymore.
A Cloud-Based Solution Enables Freedom of Choice
IT has come a long way, and the truth is that IT organizations now have a choice on whether or not they want to implement a VPN to bind remote users to the directory services. There is a new, cloud-based Active Directory alternative that supports the use of VPNs, but doesn’t require them to securely connect users to the resources on your network. That doesn’t mean that IT has to lose control over systems and users, and it doesn’t mean that users are barred from accessing their tools whether on-prem or in the cloud. It simply means that shifting the identity management system from Active Directory to JumpCloud® Directory-as-a-Service® provides IT organizations with the freedom to create the network security that meets their needs. If a VPN isn’t required, how do remote users authenticate to their resources securely?
Directory-as-a-Service shifts the authentication process to the cloud. It works like this: a lightweight agent is placed on each device. Then, a secure TLS connection is established between the device and the virtual identity provider. That means a VPN is optional, not necessary, because the connection is secure. As a result, IT admins and users alike still have the ability to do their jobs, but they’re unencumbered by multiple credentials challenges. That being said, IT organizations can certainly choose to leverage VPNs with the JumpCloud platform as an extra layer of security, it’s just no longer an absolute requirement as it is with Active Directory remote users.
In all, when you utilize Directory-as-a-Service you gain the ability to tightly control user access to the system itself (Windows, Mac®, and Linux®), applications, files, and networks. The IDaaS platform works for the cloud-forward environment where the concept of the domain is largely irrelevant now, which is a good thing because Zero Trust Security stipulates nothing on the network can be trusted. Like those early days of the domain, end users get the benefit of True Single Sign-On™, where identities are leveraged for all of the IT resources they need access to. IT organizations, on the other hand, gain peace of mind knowing users are securely accessing IT resources on the network—whether that’s with or without a VPN in place.
Learn More About JumpCloud
Whether you’re ready to skip the VPN with remote users just for Active Directory or ready to implement one, sign up today for a JumpCloud account. It’s free, and it enables you to manage up to 10 users and their systems, all with no VPN needed to authenticate against the directory. Also, be sure to check out our Knowledge Base or drop us a line if you need additional information.