How can an organization provide remote users with more secure access to enterprise applications and intranet portals?
Providing employees with the ability to connect to enterprise applications when on the go was the challenge Midwest Wireless faced at the end of 2003 as it sought to centralize administration and management of its corporate security policies.
Midwest Wireless, founded in 1990, has 420,000 customers for voice, data, broadband, Internet, and voice-over IP (VoIP) services. The company covers rural areas of Minnesota, Iowa, and Wisconsin, according to Jeff Evenson, the company’s Manager of Enterprise Information Security.
Giving mobile users access to enterprise applications and internal portals via a Secure Socket Layer (SSL) Virtual Private Network (VPN) can be tricky, Midwest found. Furthermore, it wanted to centrally manage and maintain all security policies, including remote access.
“There are three critical steps to developing an effective remote security plan,” according to John Stehman, Principal Analyst for the Robert Frances Group. “IT executives should first define their requirements, then investigate potential solutions, then test all implemented security measures at least semi-annually.” He adds that a turnkey security solution is not easily achievable, due to the growth in teleworking and the greater demands for remote access.
From the Beginning, “Whale” of an Outsourcing Relationship
Midwest Wireless began investigating outsourcing its SSL VPNs, ultimately choosing the Application Intelligent Gateway suite from Whale Communications.
“One of our systems administrators first brought Whale to our attention,” says Evenson. “Right from the start I was impressed. I didn’t feel like we were being oversold. They took the time to understand what we were doing. That gives you a good idea what kind of service you can expect later.” Another reason for selecting the Whale SSL VPN, he says, was because of its ability to work with many of the software applications Midwest Wireless uses in house.
Ease of implementation of the suite to Midwest’s overall upgrade program was the first of several very pleasant surprises for the carrier.
Implementation proceeded smoothly due to the provider’s onsite programmer. Evenson says the network’s been online with no events since. He also notes that the only real implementation challenge “involved getting the word out to our employees that if you bring up a browser at home or while traveling, you can access what information you need inside the network.”
At first many of Midwest’s 600 users, even the savvy ones, hesitated to use the new functionality. “Now, though, I’ll hear from some of our frequent travelers how comfortable they are that they leave their computer at home and just rely on the business center at a hotel or use a kiosk,” says Evenson. A related benefit is lower customer risk of laptop loss or theft when it stays at home. He also notes the time his IT staff spends on administering its SSL VPN is now minimal, allowing it to focus on other issues for this growing firm.
ActiveX Drives the Secure Access Solution
Within six months, Midwest Wireless’ new remote access service was up and running. Whale’s solution harnesses Web-based ActiveX controls. One benefit of using ActiveX is that the browser manages the installation process, eliminating the need for Midwest to distribute program CDs or create scripts to push the software when users log on.
It also secures the browser for remote access, protecting the company’s confidential information, then “cleans up its tracks when you close your browser by deleting the cookies and temporary files associated with that session. You’re not leaving anything behind,” notes Evenson.
For user authentication, Midwest’s outsourced SSL VPN integrates with Whale’s Proprietary Active Directory Security Protocols to authenticate users and provide employees the proper access to the network. Once confirmed by the system, employees can access any applications like Midwest’s proprietary sales extranet, a Microsoft SharePoint portal, Outlook Web Access, and Windows file shares.
Previously, the company didn’t have such flexibility, relying on a Cisco VPN and a firewall. “This really fell short of what we needed,” according to Evenson, who also noted that Midwest “couldn’t spend money hand-over-fist for multiple internal upgrades.”
Developing a Remote-Access Strategy that Works
“Without a security plan that addresses the total environment, companies soon discover that security complexity and risk factors increase exponentially over time,” according to analyst Stehman. “Once the security plan is defined, business application requirements and the specific environments should determine the appropriate security.”
Midwest Wireless continues to give employees access to new types of applications and portals via the SSL VPN. “We’ve added more things as we’ve learned what we can push across the network,” observes Evenson.
One example finds his programming group, free from ongoing maintenance, developing an application for the company’s external sales agents who need access to marketing or promotions materials, product technical specs, and the latest news surrounding Midwest’s overall business. And like all other internal initiatives used first by the firm, once the bugs are eliminated, it offers the product or service to its customer networks.
And Whale, like all good partners, continues to assist Midwest in crafting the products that are (and will be) supported on its SSL VPN. The end result is usually co-developed customized scripts, saving substantial time for Midwest Wireless’s software developers.
Midwest is about to expand this network even further due to its ongoing relationship with Whale. Evenson says he anticipates again saving significant development time on these future projects.
Lessons from the Outsourcing Journal:
- By leveraging outsourced expertise, owners of networks that allow remote access save significant capital because they no longer must constantly invest in network or security upgrades that can quickly become obsolete.
- Outsourced development and management of secure remote network protocol access frees up internal IT resources. Small-to-medium (SMB) businesses are looking for a way to offer remote access to their employees and customers.
- When searching for the right provider, look for those whose SSL-VPN protocols are compatible with existing software. This produces a smoother transition and better speed to implementation.