The shift to remote work is making it ever more urgent for the businesses to make their back-office applications accessible via the Internet. Many of those applications were with a completely different security model in mind and don’t have adequate protections in place. And even those that do, require significant investment in continuous maintenance of their security. Answering these challenges can be a heavy extra load to carry for smaller businesses.
One of the quickest and most economical solutions is to add an extra protection layer in the form of IP address-based access restriction so that threat actors couldn’t even discover the application or probe it for vulnerabilities. However, in modern environments with dynamic IP addresses and users moving between networks multiple times a day this quickly becomes unmanageable.
Enter zenVPN. With zenVPN the employees can connect to backend systems via a single dedicated IP address that can be easily white-listed once and for all. Meanwhile they can travel, change networks and devices but as long as they can authenticate with zenVPN and as long as they are authorized by the organization, they’ll retain access to the back-office applications. The authorization is managed via a convenient web interface separate from IP whitelists in lower-level systems configurations which can remain static.
Contrast this with the traditional approach of keeping all the applications inside a secure perimeter and allowing remote users in via a VPN. In the latter case a breach of a user's device leaves the entire network vulnerable as an attacker would be free to roam inside the perimeter unchecked. When using IP whitelisting (+zenVPN) only specific traffic to specific applications is allowed inside the secure perimeter so an end-user device breach doesn’t open any additional attack opportunities.
Security and cost comparison
Let's compare costs, security and convenience of the above-mentioned approaches. The first one is keeping the applications accessible only on corporate network and allowing remote employees in via VPN. We'll call this "Secure perimeter". The second one (referred to as "Plain zero-trust" below) is exposing individual application(s) via the public network while authenticating every request. Finally, the same approach but with additional IP-based access restriction employing zenVPN will be referred to as "Zero-trust + IP restriction".
Hover over individual items items on the graph to see a more detailed explanation.
As the visualization above demonstrates, using IP-address-based access restriction together with zenVPN can be an effective solution to providing remote employees access to back-end application that provides reasonably tight security while easily fitting into small business budget restrictions.
Case studies
Glamour Apartments
Real estate agency
- Staff: 6
- Applications: 4
- Cost: zenVPN Team Plan + Dedicated VPN Server
Iframely
Internet tech provider
- Staff: 7 + freelancers
- Applications: 2
- Cost: zenVPN Business Plan + Dedicated VPN Server + Failover server
Deploy IP-based access control for your applications with zenVPN
Setting this scheme up is easy as a breathe with zenVPN. And for the more technical parts of the process our customer support team will be there for you.
1. Sign up for a zenVPN account
Create an account and pick a subscription plan.
2. Invite your team members
Create a team in your zenVPN account and invite your colleagues by email addresses.
3. Allocate a dedicated server
Pick a datacenter and spin your dedicated VPN server. We'll have it ready in under 5 minutes.
4. Implement IP-based whitelisting in your systems
Restrict access to your applications to the IP address you've gotten in the previous step. We offer plugins for many popular platforms to make this easier yet.