VPNs and desktop sharing slow you down and put you at risk

March 12, 2019//Ellen Neveux

Last Updated: November 19, 2020

When you think about providing remote access to your network, VPNs and desktop sharing are the two most frequently used methods. VPNs are great for allowing access to local resources, but they present challenges for access for third-party vendors. Similarly, desktop sharing tools like WebEx and GoToMyPC provide remote access for end-users, they also create challenges for remote vendor access. Desktop sharing tools lack the stringent security controls required by highly regulated industries, like healthcare, legal, retail, and finance.

Here are some ways in which VPNs and desktop sharing can hinder your business processes:

  1. VPNs are one of the most common ways hackers enter networks: The more servers, applications, and network equipment that your third-party vendors can access, the more you have at risk. But with a VPN, they can access it all. One of the easiest, most common, ways a malicious hacker enters a network is through a third-party connection—in fact, 59% of all companies have experienced third-party data breaches. Deploying a VPN for your third-party vendors is essentially an open invitation for hackers to enter your network.
  2. There’s no third-party vendor accountability: VPNs don’t offer a granular audit function, so you can’t monitor and record every movement of every person utilizing the VPN, making the VPN an ideal place for hackers to enter your network. And without access to historical information, in the event of a breach due to a third-party vendor, you can’t prove which third-party created the issue.
  3. You can’t create or enforce policies to protect your credentials: Third-party vendors can have numerous practices that you can’t control – practices that create many opportunities for malicious hackers to enter your network, such as sharing credentials with other workers or reusing weak passwords from personal accounts that are easily hacked or exploited. And the threat is very real: 62% of network intrusions involve compromised credentials.
  4. The more secure your VPN is, the less productive your workforce is: While VPNs increase security, connection speeds and application performance can decrease due to a variety of factors. It takes time for VPNs to encrypt the data—and the higher the level of encryption you use, the more time it will take. And other factors, such as server location and server bandwidth, can also reduce speed. The result can be slow application performance or even lack of application access, impacting workforce productivity and customer service quality.
  5. High support costs of VPNs increase the cost of doing business: With VPNs, there’s no centralized remote management. So, without the ability to deploy, monitor and manage all of your connections from a remote location, your support personnel will spend a lot of time supporting the VPN. In addition, third-party vendors may frequently lack the in-house technical support to help with everything from initial setup to everyday issues. You might even need additional resources at your help desks to assist users.
  6. Desktop sharing authentication is minimal: Desktop sharing tools are great for collaboration, but they allow employees to surrender control of their desktop with minimal authentication. Worse, when it comes to third-party access, these tools may force vendors to bypass their own authentication structure.
  7. Desktop sharing does not provide strict access control: Desktop sharing does not provide the necessary support to limit access to web servers, databases, and business applications. This creates network vulnerabilities that can be exploited by hackers.
  8. Desktop sharing does not require sessions to be recorded: While most desktop sharing tools allow sessions to be recorded, this is rarely enabled. To be secure, these sessions should be recorded and include a complete list of activities of each individual participant.
  9. Desktop sharing has a limited audit trail:  To ensure compliance and accountability, audits should include details of files transferred, chats, session recordings, attendees, and other contextual information.
close close