September 25, 2020//Tony Howlett
When researching remote access solutions, there are a lot of options to choose from. From the big generic access platforms such as VPNs and desktop sharing tools, down to the niche, like privileged access management (PAM) and vendor privileged access management (VPAM) players who perform extra functions for specific use cases. Either way, it’s not a simple or easy decision to make and it has huge implications, especially since most of the workforce has transitioned to working from home. However, if you ask certain questions about your possible vendors for your solution, you can narrow it down to a list of choices that is manageable.
These queries will help you make a final solid decision:
In this article, I will review each key question and the answers to look for, depending on what kind of remote access needs you have. Each organization is different and the great thing is there are solutions for every size and application. So let’s take a look at these core questions to ask.
You are going to use this platform to let people outside your firewall onto your corporate network, possibly accessing your most sensitive assets and information. It had better be secure. Particularly if they are using privileged credentials, the most valuable kind to hackers. Or if they are accessing protected information like PII or PHI, like vendors and third parties who are outsiders to your corporate vetting processes. Many enterprises use VPNs for all corporate access, and while that can be secure enough for internal office workers, most VPN products do not offer enough controls to keep contractors from roaming around your network once connected. Make sure your choice of platform offers enough security for the application, whether it be employees with standard user access or vendors with superuser credentials.
Remote access for hundreds of local users is very different from supporting a world-wide remote workforce of thousands. Also, rapidly growing companies should take into account that a solution that fits their size now may not in a few years, and retrofitting or replacing remote access platforms is difficult and expensive.
Will your choice support your growth in 3 or 5 years? Do they have a track record of supporting companies with thousands of users? Do they have High Availability (HA) and Disaster Recovery (DR) options to make sure your remote workforce stays online? This is especially important now with so much of our workforce being remote. Pick a solution that can grow with you.
If you are in a regulated sector or deal with information covered by privacy laws (which is most companies these days), compliance features are important when it comes to remote access. More and more compliance frameworks and legislation are referencing remote access management, especially when it comes to third parties.
The regulators and auditors may want you to show more granular audit and monitoring over this kind of access. Does the solution have specific features that map to the regulations that you are subject to? Can the company also show that they are compliant with any regulations that cover them? Can they show proof of this compliance in the form of a third-party audit like a SOC 2 report or other documentation? Trust but verify when it comes to vendor compliance!
There are a lot of pricing models out there such as perpetual license, subscription, and Software as a Service (SaaS), and the units they base their pricing tiers on vary as well. The perpetual license may seem attractive since you supposedly pay once for the software and you are done. However, there is often a recurring support charge which may equal or exceed the initial fee over a few years. Also beware of installation, setup, or professional service fees which can also add up. And perpetual licenses usually require you to pay for upgrades so consider those if you think you’ll be wanting future features and security updates.
Subscriptions and SaaS are nice as you just pay for what you need now and it can scale into future years, just make sure that your budget assumes this. Also, you will want to look at how they size your pricing tier. Some companies charge by users or concurrent connections, others by the number of servers being accessed or the number of vendors. Understand how your usage and user base will expand and pick the model that best fits your financial requirements. The best way to do this is to use a Total Cost of Ownership (TCO) analysis for the software platform. Take the contract term and add up all costs (initial licensing, professional service fees, support fees, best estimates on growth price escalators, and needs for upgrades). That will give you a solid cost per user/server/vendor or whatever your relevant unit of use is so you can compare apples to apples.
Picking a new remote access platform is a big deal. The number of options and technologies can make it overwhelming. But getting answers on some key questions can help you see the forest for the trees and select the perfect provider for your remote access solution. To learn more about the different remote access platforms and what might be right for you, check out our helpful brochure to get more information on PAM, VPAM, vendor-supplied tools, and VPNs.