Three questions for choosing an SSL VPN

A new study by Forrester Research lays out how to pick an SSL VPN from among the various options available from vendors.

The study, titled “How to Choose an SSL VPN in Three Easy Questions” says the key to doing things right is by asking yourself these questions:

* Is the deployment focused on applications or users?

* How do you want to deploy endpoint security?

* How many employees do you have to support?

If the network is focused on users and their ability to fully access the network, then you want to consider gateways that support both SSL and IPSec VPNs.

If it is application-focused so applications can be as widely accessed as possible, then SSL VPNs that support clientless access via Web browsers, are the way to go.

As for endpoint security, this software that checks whether remote machines are configured to meet corporate security standards, can be either part of the platform or integrated add-ons from third parties.

The embedded endpoint security is generally easier to configure and involves dealing with fewer vendors, but it also means being dependent on the SSL VPN vendor to upgrade and set the agenda for adopting new technology.

The add-on integrated option gives users greater choice, but requires more complex configuration. This means customers can pick best-of-breed technology and switch to a different vendor if they like somebody else’s technology better.

The number of employees determines how much capacity you will need. The key here is to determine how many users will need access and remember that not all of them will be using the network at once. Leave headroom for increased growth, too.

The actual study mentions specific vendors and what categories they fall into. Forrester sells it, so contact Forrester if you need to know more.