VPN for Companies – “Bring Your Own Device” Made Easy

print
We pushed hard to extend our Private Spaces and make them a great choice for companies to connect roaming users (and their own devices, while providing a high-level of security for BYOD policies).

An example of a Private Space Portal
An example of a Private Space Portal

I have written about our Private Spaces earlier. A Private Space is essentially your own cloud server. It hosts a private network (VPN), and features an internal portal to connect its users and available services.

When you enter your Private Space and type “http://private.space” into your web browser, you can see connected users, their data usage (useful for checking your mobile phone data allowance), and services available within the Private Space, or provided by the Private Space itself.

We have now been using a Private Space at Enigma Bridge for more than a month now.  As we have several office servers, I found access to our DevOps (software development) services the most useful feature.

We don’t trust most of web-based DevOps systems (like Jenkins) enough to expose them to the internet and they are only accessible from our office network. While that makes me feel comfortable with respect to security, it makes it sometimes impossible to use them when working remotely. One has to open a remote desktop or create a secure tunnel (typically with ssh).

Protect your sensitive data inside your office network.

I find it absolutely marvelous to just tap on an email link, open our Jenkins website, and check test results. No proxy setup for my web browser, no remote desktop to a Win machine that needs to be running. Just click and get there. As VPN clients are available for all platforms, we can access these local services from our laptops, iOS, Androids, etc.

We also have some data on a couple of Windows machines available through shared folders. As these machines are connected to our Private Space 24×7, we can easily access these files as well.

The design of Private Spaces if well suited to support secure use of own devices (BYOD). Users don’t need to remember any new passwords and connections can be setup with a few taps or mouse clicks. The security of connections is based on public key certificates issued by a certification authority (PKI) supporting its own Private Space. Signing keys themselves are inside the secure hardware.

Managing devices – adding new ones, removing retired, lost or stolen ones  is a matter of seconds as well, as shown in a short video.

While we don’t enforce use of the VPN on mobile devices at all times, OpenVPN is a good option for secure access to your internal wiki, email server, or other shared resources when needed.

There is one thing though, which I didn’t expect. Very quickly, I got used to a little “VPN” sign next to the carrier name on my iPhone and I felt uneasy when I couldn’t immediately find it. I didn’t set the “seamless mode” so the client reconnects each time I wake up my iPhone and this takes a few seconds.

 

It’s easy enough to request your own Private Space and give it a try at https://enigmabridge.com/spaces.

Published by

Dan Cvrcek

Founder and CEO of Enigma Bridge, engineer, entrepreneur, cryptography SME, security architect, and professor.