Demand for mobile and remote access to small- and midsized business networks has increased dramatically. Even the most basic VPN technologies are so accessible and affordable that there is no good reason for failing to utilize them. That said, the real question for SMBs is which type of VPN to implement: Standard IPSec or SSL?

SSL is best

SMBs that have limited budgets and/or those that do not share highly sensitive data may opt for a standard VPN because of cost; this technology is virtually free. In fact, most operating systems have built-in VPN protocols, but you typically get what you pay for here. Such protocols often rely on little more than usernames and passwords, they usually lack robust authentication and encryption components, and they can easily become open doorways into corporate networks.

Furthermore, standard VPNs require the deployment of software and clients – an administrative headache at best.
SSL VPNs use the same encryption protocols as many e-commerce sites and Web-enabled applications. They are therefore more compatible with the networks through which your remote users connect. Further, SSL is simple to install and leverages firewall ports already opened to secure Internet traffic, enabling users to connect to a network securely via a standard Web browser, without the need to install special software on the client (for example desktops or laptops).

SSL VPNs will support security policies that regulate access depending on the user, device or location. SSL can also deny access if a less-than-secure situation is detected, such as a user logging on via an unsecured wireless LAN at a local coffee shop. In a word, while SSL may cost more up front than standard VPN solutions, it pays for itself in reduced management costs and improved network security.

SSL encryption for data protection

Because most VPNs operate over the Internet, SMBs must deal with the challenge of keeping the transactions and data confidential and protected. This is where SSL encryption comes in – encryption scrambles the data and keeps it unreadable by unauthorized users. Each SSL certificate consists of a public and private key – the public key encrypts information and the private key decrypts it. When a Web browser points to a secured domain, an SSL handshake either authenticates the server and the client or blocks unauthorized users.