Fundamentally, you want to ensure that the benefit delivered by a new technology is greater than the risk it creates....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
We can perform a risk analysis by identifying the advantages and disadvantages of a given project. For example, we might identify the following benefits of an SSL VPN:
- Allows remote users to access the network
- Doesn't require installation of a software client
Along with the following risks:
- Exposes remote access to Internet users
- Creates ability for remote users to transfer data from the corporate network to their home network
Once you've identified the potential benefits and risks, you can decide whether one justifies the other. If the benefits are worth the possible risks, go ahead and implement your program. Otherwise, you may wish to consider abandoning the project or proceeding with the use of compensating controls. Risk assessment is commonly performed by information security professionals seeking to evaluate new technologies. The process requires an investment of staff time, but it ensures that you take a methodical approach to important security questions.
I see a VPN risk assessment as a relatively small undertaking that shouldn't require a tremendous amount of time. Scalability would be an issue if we were talking about an enterprise-wide risk assessment spanning many technologies.
Dig Deeper on SSL and TLS VPN Security
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.