Q

What is the risk estimation model for SSL VPN implementation?

Risk assessment is a common way to evaluate new technologies. In our SearchSecurity.com Q&A, network security expert, Mike Chapple, explains how to determine if SSL VPN implementation is right for your organization.

What is the SSL VPN risk estimation model, and how do I use it to estimate security risks?
Risk estimation is a cornerstone of information security. I'm not aware of any risk estimation model specific to SSL VPNs, but let's take a look at the basic model.

Fundamentally, you want to ensure that the benefit delivered by a new technology is greater than the risk it creates. We can perform a risk analysis by identifying the advantages and disadvantages of a given project. For example, we might identify the following benefits of an SSL VPN:

  • Allows remote users to access the network
  • Doesn't require installation of a software client

Along with the following risks:

  • Exposes remote access to Internet users
  • Creates ability for remote users to transfer data from the corporate network to their home network

Once you've identified the potential benefits and risks, you can decide whether one justifies the other. If the benefits are worth the possible risks, go ahead and implement your program. Otherwise, you may wish to consider abandoning the project or proceeding with the use of compensating controls. Risk assessment is commonly performed by information security professionals seeking to evaluate new technologies. The process requires an investment of staff time, but it ensures that you take a methodical approach to important security questions.

I see a VPN risk assessment as a relatively small undertaking that shouldn't require a tremendous amount of time. Scalability would be an issue if we were talking about an enterprise-wide risk assessment spanning many technologies.

More information:

  • Get an overview of the risk management process.
  • Use our Network Access Control Learning Guide to learn how VPNs can help block and secure untrusted endpoints.
  • This was first published in October 2006

    Dig deeper on SSL and TLS VPN Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close