What is the risk estimation model for SSL VPN implementation?

Risk assessment is a common way to evaluate new technologies. In our SearchSecurity.com Q&A, network security expert, Mike Chapple, explains how to determine if SSL VPN implementation is right for your organization.

Mike Chapple, University of Notre Dame

What is the SSL VPN risk estimation model, and how do I use it to estimate security risks?

Risk estimation is a cornerstone of information security. I'm not aware of any risk estimation model specific to SSL VPNs, but let's take a look at the basic model.

Fundamentally, you want to ensure that the benefit delivered by a new technology is greater than the risk it creates....

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

We can perform a risk analysis by identifying the advantages and disadvantages of a given project. For example, we might identify the following benefits of an SSL VPN:

Allows remote users to access the network
Doesn't require installation of a software client

Along with the following risks:

Exposes remote access to Internet users
Creates ability for remote users to transfer data from the corporate network to their home network

Once you've identified the potential benefits and risks, you can decide whether one justifies the other. If the benefits are worth the possible risks, go ahead and implement your program. Otherwise, you may wish to consider abandoning the project or proceeding with the use of compensating controls. Risk assessment is commonly performed by information security professionals seeking to evaluate new technologies. The process requires an investment of staff time, but it ensures that you take a methodical approach to important security questions.

I see a VPN risk assessment as a relatively small undertaking that shouldn't require a tremendous amount of time. Scalability would be an issue if we were talking about an enterprise-wide risk assessment spanning many technologies.

More information:

Get an overview of the risk management process.
Use our Network Access Control Learning Guide to learn how VPNs can help block and secure untrusted endpoints.

This was last published in October 2006

SSL VPN (Secure Sockets Layer virtual private network)

Choosing between an SSL/TLS VPN vs. IPsec VPN

IPsec vs. SSL VPN: Comparing speed, security risks and technology

The three enterprise benefits of SSL VPN products

Google forms cyber insurance pact with Allianz, Munich Re

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

Microsoft makes Productivity Score useful to tech buyers

Microsoft makes Universal Print generally available

Microsoft bolsters data security in 365

Microsoft ACS going GA with preview of Teams integration

Modernize and migrate mainframe apps to the cloud

How to create snapshots for Azure VMs and managed disks

T-Mobile targets post-pandemic workplace with remote working suite

Connectivity the ‘unsung hero’ of the future of work

Williams F1 car launch disrupted by data leak