VIRTUAL PRIVATE NETWORK (VPN) MANAGEMENT is a critical component in your organization’s computer security. VPNs extend the internal network beyond the perimeter secured by firewalls and other security technologies. Proper management of a VPN requires an understanding not only of VPN technologies, but also of the business requirements driving VPN implementation.

Using the wrong type of VPN—or a VPN that does not meet your organization’s requirements—can create security problems where none previously existed. Before selecting a VPN product or technology for your organization, create a detailed requirements document. This should factor in the security requirements for the VPN and business requirements. Although security is important, keep in mind that security exists to support your organization’s goals, not the other way around.

As soon as you have a set of prioritized requirements, start looking for a solution that meets as many of these requirements as possible. You may not be able to find a single product that meets all requirements. When that occurs, choose the solution that best fits the highest priority requirements. In some cases, using multiple solutions to meet all of the requirements may be the right solution.

Research is crucial to selecting the appropriate VPN. Do not rely solely on websites, technical magazine reviews, or an attractive sales pitch. Depending on your requirements, you may want to explore robust public domain solutions rather than an off-the-shelf commercial product.

Keep in mind that VPNs are a security technology, but they may also degrade your security perimeter. Putting a VPN in place is just the beginning of the project; you’ll need to address a number of additional factors for a successful VPN deployment.