If your team is working remotely, you need a VPN.
In the first installment of our series, we discussed the reasons for a small or midsize business to choose a point solution over a platform, or bundled solution, including flexibility and scalability. Once you’ve made the decision to move forward with a point solution, you may be asking yourself where to begin with finding the right solutions for your business where it currently stands and where you want to be in the future.
In this post, we spoke to our team of experts to share how to choose the right solutions for your business – be they a best-of-breed point solution or a bundled platform.
Recommended Reading: Navigating Cybersecurity: Choosing Between All-In-One Platforms and Point Solutions
Questions to ask before you begin assessing best-of-breed secure remote access solutions
Now that you’ve decided to go with a best-of-breed solution versus a larger platform, the options may seem limitless. To help narrow the field, ask yourself the following questions:
- What is your budget? Will your business be looking for ways to save on costs in the future?
- Does your business have a current secure remote access tool? If so, what purpose does your current service serve today, and what are you looking to accomplish?
- What types of assets are you looking to protect? Are the majority of your assets or applications in a SaaS or cloud environment?
- What is your overall work environment like – is the majority of your team fully remote, hybrid, or fully in-office? Will you need a remote access VPN? Does your team routinely use public wi-fi or private routers?
- Depending on the prior answer, do you see a need for a VPN tunnel from the employee or remote user workstation to your cloud/datacenter, or is routing your primary concern?
- Are your workstations domain-joined, or are they part of a workgroup? If so, do they talk to something like Azure or an on-prem active directory? Do you have a firewall in place?
- Do you believe that you will need more, or fewer, connections in the future?
- Does your security planning now, or will it in the future, require Zero Trust Network Access (ZTNA) tenets?
- Do you have any other cybersecurity tools that require an integration with your VPN or secure remote access tool?
Answering these questions internally will help gauge your organizations’ needs, maturity, and security posture — and will help you hone in on the solutions that may be able to meet your needs. You may not have the answer to some of these questions, and that’s okay too. However, these can serve as a baseline as you move through the buying process with a point solution of your choosing.
“It’s important to remember that not every solution is right for every single business,” says Rohit Kalbag, VP of Product Marketing at OpenVPN. “In fact, there are instances when we would tell customers that we are not the right solution for them. There are some enterprise size businesses who simply find it more convenient to use a tool provided by a platform they already have. However, there is value in seeking tools tailor-made for small and midsize businesses.”
7 tips to selecting the right point solution for secure remote access or site-to-site networking
Now that you’ve asked yourself the questions above, what do you do with that information?
Before you begin perusing the websites of your potential vendors, we have compiled a list to help you cut through the marketing speak and find the solution that works with, not against, your goals. Additionally, this list can help you avoid potentially expensive shelfware.
1. Flexible pricing
Price is often as important a consideration as functionality. In many platform and point solutions alike, small and midsize businesses are paying the same as, or in some cases more than, a much larger enterprise. Sticker shock, especially after you’ve been able to trial a point software, can be frustrating to say the least.
As you are evaluating point solutions, it’s important to consider:
- Is the vendor up front with their pricing?
- Does the vendor offer usage-based pricing?
- Will your business be expected to pay for unused seats or licenses?
- Will you be able to scale up or down as needed?
- Is there an added charge or cost associated with onboarding, troubleshooting help, or customer support?
2. Simplified Deployment
Simplified deployment sounds like an oxymoron – if you’ve been in corporate IT for any amount of time you know that deployment is rarely simple. However, lengthy deployment processes can cost more than just time and money; they can erode trust between decision makers and their teams.
A few considerations for your point VPN solution should include:
- The average amount of time used for setup and configuration. For example, you can fully set up and configure CloudConnexa or Access Server in under 20 minutes.
- Whether you can sign up and test the solution without speaking with a sales person first.
- Whether you can deploy the solution directly from an IaaS marketplace, like AWS or another preferred marketplace.
- If the solution is self-hosted or has an option for a managed (SaaS) version.
- The level of difficulty to deploy network controls to block potentially malicious or unauthorized websites. For example, is it as easy as a toggle switch? Or typing in a domain name to block a site? (You can do both with CloudConnexa’s Cyber Shield feature.)
- The level of difficulty to add or remove users or to scale up or down.
- The look and feel of the interface for both Admins and Users. Is it easy to deploy for Admins but very complicated for the average User on their company-issued laptop?
“The idea is that someone with minimal experience can learn how to set up and deploy the solution without needing hours of training and set up time, and the user can get up and running without the frustration of downtime,” says Kalbag. “For example, although Access Server runs on Linux, it’s so easy that a Microsoft Admin or someone with other operating system experience could set it up.”
3. Asset, app, and workspace environments
Earlier, we asked you to think about your environment relative to the assets you are trying to protect, the apps your team needs to access, and your workspace setup.
“Depending on the type of business and the number of years you have been in business, you could have a myriad of application types in your IT environment. These could range from legacy mainframe applications to the latest Web3 applications — and everything in between,” says Kalbag. “Ask whether the solution you’re considering can handle all the application types, including those you eventually plan to transition to the Zero Trust framework.”
Depending on your specific needs and current environment in these areas, you may also need to consider the following:
- Employee bandwidth for remote and hybrid workers who may benefit from split-tunneling technology, especially for those using public internet or an unsecured internet connection.
- Whether you have multiple internal web applications that need to be hidden from discovery to enhance protection and comply with ZTNA standards.
- Whether the solution you are considering has features like DNS-based content filtering to monitor and block threat actors.
- If the tool can secure IoT devices and communication.
- If you are able to specify traffic that travels over the VPN by website domain names — similar to per-app VPN policies, while other traffic routes outside the encrypted tunnel.
- If the tool can enforce SaaS access to only allow logins coming through the secure VPN.
- If you’ll be able to interconnect your private networks across multiple sites and public clouds.
- If you can use both site-to-site networking and secure remote access.
- How many points of presence (PoPs) the vendor has across the globe and whether it is enough to support your global workforce.
- Potential impacts on network speed and performance — and ways to increase network speed should a lag occur.
- Will your users need to connect via iOS or Android?
“What you will need is going to be different for every business – each environment is unique,” says Kalbag. “That's why a point solution can be so powerful – you can cater it to your needs, instead of forcing your needs to adjust to some overly complicated package.”
4. Security compliance
We talk a lot about security compliance for your secure remote access tools – be they point or platform – because it can make or break a successful cyber attack. Increasingly, for small businesses, the reality is, it is not a matter of if you and your SaaS vendors are attacked — it’s a matter of when. In fact, according to Enterprise Strategy Group, “three-quarters of organizations report experiencing an attempted ransomware attack within the past 12 months, with 27% indicating that attacks happened on a weekly basis or even more frequently.”
As OpenVPN CEO and co-founder Francis Dinha mentioned in an article for Forbes: “In my line of work, I've had the privilege of supporting countless small businesses over the years. While the people running these businesses are some of the hardest working in the world, there's one blind spot that almost all of them seem to have: Smaller businesses often don't realize just how vulnerable they are to cybercrime. It's true that these businesses don't have the same resources as larger corporations, but there's still plenty they can do to protect themselves. No matter their size, small businesses still need to protect sensitive information and keep their operations running smoothly.”
However, that doesn’t necessarily mean that SMBs are not taking necessary steps to protect themselves. A survey from ESG found that 70% of SMBs in 2023 had plans to invest in better cybersecurity initiatives overall (compared to 60% of enterprises surveyed), with 44% of SMBs also investing in better ransomware protection initiatives and 48% investing in multi-factor authentication. The missing factor is recognizing which of your SaaS vendors may pose an additional risk and understanding how those vendors mitigate risks on your behalf.
When considering any point solution, look for:
- SOC 2® compliance.
- Third-party security audits and validation.
- A list of vulnerabilities and exploits associated with the technology.
As a general rule, software that has an open source foundation is often safer and more frequently tested and validated than privately developed software. This is crucial, because open source is used across many private products. For example, OpenVPN’s VPN protocols are not only tried and tested but are a foundational piece of many VPN providers’ products and services.
5. Integrations and the impact on your existing tech stack
When you opt to use point solutions, it’s essential to make sure they integrate not only with your current strategy but also with your current tech stack and user authentication tools.
For example, you should look for:
- Integrations that are compatible with a self-hosted solution.
- Available integrations with a managed solution (SaaS).
- Whether there is easily accessible documentation to set up the integrations.
- Automation in the integration. Will you have to manually update any of the tools in the tech stack to keep them synced?
- Layers of protection in the integration and whether the integration is fully secure.
- Whether the point solution you’re considering will threaten the speed or connectivity of existing integrations.
- Compatibility or integrations with multi-factor authentication (MFA) tools that you already use.
6. Tenets of Zero Trust
We’ve said it before, and we will say it again: Zero Trust is not one singular tool or solution. This is critical to know if you fall into the 10% of SMBs surveyed by ESG that had plans to increase investments in implementing Zero Trust in 2023.
If your team has current plans to integrate Zero Trust in your strategy — or is looking into the possibility — there are multiple ways to achieve your goals.
“If we deconstruct the main functionality of ZTNA solutions into two main components, they would be: 1) applying the zero-trust security principles to ensure that there is no lateral movement and that permissions to applications are based on identity and context and 2) providing a means to get network access to those applications,” says Kalbag. “The ZTNA solutions in the market differ based on the technologies they use to accomplish the Zero Trust and network access functionality. The choice of technologies can give some products an edge over others or suit a particular market need better.”
A few examples of ZTNA capabilities to consider include:
- Whether it provides connectivity at the IP layer and therefore supports all internet application protocols. Using an approach other than IP layer connectivity implies that it will support only a limited set of applications, most likely web-based, and will try to convert other popular application protocols like RDP and SSH into HTTPS with limitations.
- Does the tunneling protocol provide access to the network and grant access to only those applications that are authorized based on authenticated identity and context?
And if you’re a small to mid-sized business and not sure if you should be considering ZTNA principles – you should. As we mentioned earlier, 10% of SMBs in 2023 planned to increase their investment in ZTNA, with 41% of businesses of all sizes reporting an increase in ZTNA investments in 2024. That’s because ZTNA enforces the idea to “never trust, always verify” – effectively reducing your attack surface, reducing the number of DoS and network attacks, and restricting access to applications on the network, to name a few.
7. Existing customer satisfaction
Let’s face it – there is nothing quite as valuable in helping you find the right tool as talking to a company’s existing customers. They will not hold back. As you peruse your shortlist of vendors’ websites, try to locate:
- Recent reviews and customer success stories on the business page.
- Social media comments or threads related to the product and your specific use case.
- Reviews on G2, Capterra, or another trusted review site.
- A way to request customer recommendations or references.
- The number of current customers on the company roster. For example, OpenVPN’s CloudConnexa has over 2,400+ small and medium business customers from organizations of all industries.
- A customer Net Promoter Score (NPS) or customer satisfaction rate. For example, CloudConnexa boasts a 93.5% customer satisfaction rate.
Additionally, look for reviews that name the specifics of what you currently use and for what you currently require support. For example:
“OpenVPN is a multi-platform solution (compatible with most popular systems and mobile devices), valued by users around the world, VPN server, which allows you to set up a connection between the host and a local computer encrypted with the use of OpenSSL library, supporting authentication with keys, as well as certificates, username and password, and, in a version for Windows, additional cards. Additional advantages of the application are support for NAT machines, dynamic IP addresses, high scalability, and load balancing mechanism.” - Kristian T. (G2)
Get started with OpenVPN
One final tip before making a final purchasing decision is to try before you buy. With OpenVPN, you can get started for free without a limit on product capabilities. Sign up for CloudConnexa or Access Server to try for free today.