In the first installment of our series, we discussed the reasons for a small or midsize business to choose a point solution over a platform, or bundled solution, including flexibility and scalability. Once you’ve made the decision to move forward with a point solution, you may be asking yourself where to begin with finding the right solutions for your business where it currently stands and where you want to be in the future.
In this post, we spoke to our team of experts to share how to choose the right solutions for your business – be they a best-of-breed point solution or a bundled platform.
Recommended Reading: Navigating Cybersecurity: Choosing Between All-In-One Platforms and Point Solutions
Now that you’ve decided to go with a best-of-breed solution versus a larger platform, the options may seem limitless. To help narrow the field, ask yourself the following questions:
Answering these questions internally will help gauge your organizations’ needs, maturity, and security posture — and will help you hone in on the solutions that may be able to meet your needs. You may not have the answer to some of these questions, and that’s okay too. However, these can serve as a baseline as you move through the buying process with a point solution of your choosing.
“It’s important to remember that not every solution is right for every single business,” says Rohit Kalbag, VP of Product Marketing at OpenVPN. “In fact, there are instances when we would tell customers that we are not the right solution for them. There are some enterprise size businesses who simply find it more convenient to use a tool provided by a platform they already have. However, there is value in seeking tools tailor-made for small and midsize businesses.”
Now that you’ve asked yourself the questions above, what do you do with that information?
Before you begin perusing the websites of your potential vendors, we have compiled a list to help you cut through the marketing speak and find the solution that works with, not against, your goals. Additionally, this list can help you avoid potentially expensive shelfware.
Price is often as important a consideration as functionality. In many platform and point solutions alike, small and midsize businesses are paying the same as, or in some cases more than, a much larger enterprise. Sticker shock, especially after you’ve been able to trial a point software, can be frustrating to say the least.
As you are evaluating point solutions, it’s important to consider:
Simplified deployment sounds like an oxymoron – if you’ve been in corporate IT for any amount of time you know that deployment is rarely simple. However, lengthy deployment processes can cost more than just time and money; they can erode trust between decision makers and their teams.
A few considerations for your point VPN solution should include:
"The idea is that someone with minimal experience can learn how to set up and deploy the solution without needing hours of training and set up time, and the user can get up and running without the frustration of downtime."
— Rohit Kalbag, VP of Product Marketing, OpenVPN
“The idea is that someone with minimal experience can learn how to set up and deploy the solution without needing hours of training and set up time, and the user can get up and running without the frustration of downtime,” says Kalbag. “For example, although Access Server runs on Linux, it’s so easy that a Microsoft Admin or someone with other operating system experience could set it up.”
Earlier, we asked you to think about your environment relative to the assets you are trying to protect, the apps your team needs to access, and your workspace setup.
“Depending on the type of business and the number of years you have been in business, you could have a myriad of application types in your IT environment. These could range from legacy mainframe applications to the latest Web3 applications — and everything in between,” says Kalbag. “Ask whether the solution you’re considering can handle all the application types, including those you eventually plan to transition to the Zero Trust framework.”
"Ask whether the solution you’re considering can handle all the application types [in your IT environment], including those you eventually plan to transition to the Zero Trust framework."
— Rohit Kalbag, VP of Product Marketing, OpenVPN
Depending on your specific needs and current environment in these areas, you may also need to consider the following:
“What you will need is going to be different for every business – each environment is unique,” says Kalbag. “That's why a point solution can be so powerful – you can cater it to your needs, instead of forcing your needs to adjust to some overly complicated package.”
We talk a lot about security compliance for your secure remote access tools – be they point or platform – because it can make or break a successful cyber attack. Increasingly, for small businesses, the reality is, it is not a matter of if you and your SaaS vendors are attacked — it’s a matter of when. In fact, according to Enterprise Strategy Group, “three-quarters of organizations report experiencing an attempted ransomware attack within the past 12 months, with 27% indicating that attacks happened on a weekly basis or even more frequently.”
As OpenVPN CEO and co-founder Francis Dinha mentioned in an article for Forbes: “In my line of work, I've had the privilege of supporting countless small businesses over the years. While the people running these businesses are some of the hardest working in the world, there's one blind spot that almost all of them seem to have: Smaller businesses often don't realize just how vulnerable they are to cybercrime. It's true that these businesses don't have the same resources as larger corporations, but there's still plenty they can do to protect themselves. No matter their size, small businesses still need to protect sensitive information and keep their operations running smoothly.”
"Smaller businesses often don't realize just how vulnerable they are to cybercrime... No matter their size, small businesses still need to protect sensitive information and keep their operations running smoothly."
— Francis Dinha, CEO and co-founder, OpenVPN
However, that doesn’t necessarily mean that SMBs are not taking necessary steps to protect themselves. A survey from ESG found that 70% of SMBs in 2023 had plans to invest in better cybersecurity initiatives overall (compared to 60% of enterprises surveyed), with 44% of SMBs also investing in better ransomware protection initiatives and 48% investing in multi-factor authentication. The missing factor is recognizing which of your SaaS vendors may pose an additional risk and understanding how those vendors mitigate risks on your behalf.
When considering any point solution, look for:
As a general rule, software that has an open source foundation is often safer and more frequently tested and validated than privately developed software. This is crucial, because open source is used across many private products. For example, OpenVPN’s VPN protocols are not only tried and tested but are a foundational piece of many VPN providers’ products and services.
When you opt to use point solutions, it’s essential to make sure they integrate not only with your current strategy but also with your current tech stack and user authentication tools.
For example, you should look for:
We’ve said it before, and we will say it again: Zero Trust is not one singular tool or solution. This is critical to know if you fall into the 10% of SMBs surveyed by ESG that had plans to increase investments in implementing Zero Trust in 2023.
If your team has current plans to integrate Zero Trust in your strategy — or is looking into the possibility — there are multiple ways to achieve your goals.
“If we deconstruct the main functionality of ZTNA solutions into two main components, they would be: 1) applying the zero-trust security principles to ensure that there is no lateral movement and that permissions to applications are based on identity and context and 2) providing a means to get network access to those applications,” says Kalbag. “The ZTNA solutions in the market differ based on the technologies they use to accomplish the Zero Trust and network access functionality. The choice of technologies can give some products an edge over others or suit a particular market need better.”
"The ZTNA solutions in the market differ based on the technologies they use to accomplish the Zero Trust and network access functionality. The choice of technologies can give some products an edge over others or suit a particular market need better."
— Rohit Kalbag, VP of Product Marketing, OpenVPN
A few examples of ZTNA capabilities to consider include:
And if you’re a small to mid-sized business and not sure if you should be considering ZTNA principles – you should. As we mentioned earlier, 10% of SMBs in 2023 planned to increase their investment in ZTNA, with 41% of businesses of all sizes reporting an increase in ZTNA investments in 2024. That’s because ZTNA enforces the idea to “never trust, always verify” – effectively reducing your attack surface, reducing the number of DoS and network attacks, and restricting access to applications on the network, to name a few.
Let’s face it – there is nothing quite as valuable in helping you find the right tool as talking to a company’s existing customers. They will not hold back. As you peruse your shortlist of vendors’ websites, try to locate:
Additionally, look for reviews that name the specifics of what you currently use and for what you currently require support. For example:
“OpenVPN is a multi-platform solution (compatible with most popular systems and mobile devices), valued by users around the world, VPN server, which allows you to set up a connection between the host and a local computer encrypted with the use of OpenSSL library, supporting authentication with keys, as well as certificates, username and password, and, in a version for Windows, additional cards. Additional advantages of the application are support for NAT machines, dynamic IP addresses, high scalability, and load balancing mechanism.” - Kristian T. (G2)
One final tip before making a final purchasing decision is to try before you buy. With OpenVPN, you can get started for free without a limit on product capabilities. Sign up for CloudConnexa or Access Server to try for free today.