VPN Meets IAM: Don’t Skip Out On Managing Remote Workers

By Rajat Bhargava Posted January 12, 2017

no vpn for directory

 

IT admins have been creating and using VPNs for their remote workers for a long time now. Initially, VPNs were used because of the view that every worker needs to connect back to the directory to authenticate to their on-prem resources and then branch out to the internet. In decades past, when remote workers really only could do their jobs by connecting to the internal LAN, the approach of having a VPN for each worker made sense as it offered users greater flexibility and the ability to work remotely. Today, the cloud is changing how IT admins approach remote workers. With this shift, VPN access is being managed via cloud-based directory service (IAM). Increasingly, IT organizations don’t want skip out on managing remote workers, but they also don’t want to be tethered to an on-prem domain controller.

Below, we’ll dive a little deeper into the history of VPNs and how that worked alongside the concept of the domain. We’ll also present our modern solution for seamless, secure access control to VPN sign-on from the cloud.

Identity Management and VPNs

VPNs are an extraordinarily useful tool. They create secure connections between remote workers and the on-prem network. For workers who are traveling, home sick, etc., VPNs empower users to work outside the main office and still be productive.

As more of a user’s work involved IT and on-prem applications and systems that were located within the network, VPNs became indispensable tools for organizations. Users connected to the VPN, then they could securely connect to the network and then navigate to the systems, files, or applications that they needed. It didn’t always happen so quickly though. Initially, connection speeds were very slow, but users were still able to get their work done. Over time, VPNs became fast, so the experience was almost like being on the local network.

While users liked being able to get their work done away from the office, IT admins liked VPNs because they were secure. A user was usually challenged to authenticate twice to access their resources. First, a user needed to log in to the VPN before they were allowed access to the network. Even after they gained access, the user would likely need to log in again to authenticate with Microsoft® Active Directory® before being allowed to access Windows®-based IT resources on the network. This was one of the core reasons that IT admins leveraged VPNs—it made users authenticate with AD.

But as IT organizations have migrated away from AD and to the cloud, more organizations are using cloud-based IAM tools to centrally manage and secure VPN access.

A Cloud-Based Solution Enables Centralized IAM

IT has come a long way. There is a new, cloud-based Active Directory alternative that supports the use of VPNs, but doesn’t require them to securely connect users to the resources on your network. That doesn’t mean that IT has to lose control over systems and users, and it doesn’t mean that users are barred from accessing their tools whether on-prem or in the cloud. It simply means that shifting the identity management system from Active Directory to JumpCloud® Directory-as-a-Service® provides IT organizations with the freedom to create the network security that meets their needs. If a VPN isn’t required, how do remote users authenticate to their resources securely?

Directory-as-a-Service shifts the authentication process to the cloud. It works like this: a lightweight agent is placed on each device. Then, a secure TLS connection is established between the device and the virtual identity provider. That means a VPN is optional, not necessary, because the connection is already secure and the TLS connection effectively acts like a point-to-point VPN. As a result, IT admins and users alike still have the ability to do their jobs, but they’re unencumbered by multiple credentials challenges. That being said, IT organizations can certainly choose to leverage VPNs with the JumpCloud platform as an extra layer of security, it’s just no longer an absolute requirement as it is with Active Directory remote users. Many organizations are benefitting from this, including Augeo FI (read the case study).

In all, when you utilize Directory-as-a-Service you gain the ability to tightly control user access to the system itself (Windows, Mac®, and Linux®), applications, files, and networks. The IDaaS platform works for the cloud-forward environment where the concept of the domain is largely irrelevant now, which is a good thing because Zero Trust Security stipulates nothing on the network can be trusted. Like those early days of the domain, end users get the benefit of True Single Sign-On™, where identities are leveraged for all of the IT resources they need access to. IT organizations, on the other hand, gain peace of mind knowing users are securely accessing IT resources on the network—whether that’s with or without a VPN in place.

Learn More About JumpCloud & VPN Authentication

Don’t skip out on managing remote workers! Centralize your identity and access management, including VPN access. You can register for our upcoming webinar, Securing VPN Authentication from the Cloud or just sign up today for a JumpCloud account. It’s free, and it enables you to manage up to 10 users and their systems. Also, be sure to check out our Knowledge Base or drop us a line if you need additional information.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts