Blogs Home
Thursday, September 12, 2019 10:45 AM

How to Make Sense of the VPN Mess

Written by Guy McAllister, Director, Privacy & Security - iatricSystems

SecureRamp VPN Privacy Blog Header Sept 2019

Let me begin by saying, I live on the Atlantic coast, just north of Jacksonville, FL. Because it’s hurricane season in this area, I always keep a keen eye on hurricane updates. Recently, I tracked and monitored Hurricane Dorian and the impact it might have on my family.

Through this process I have learned that spaghetti models are almost useless and can create a false sense of security because it's impossible to make sense of the real dangers.

Hurricane spaghetti image

I know this is a humorous picture (and not a real prediction), but it is meant to depict how difficult it can be to keep track of too many possibilities. It becomes quite a mess.

This is also the problem with manually trying to maintain hundreds of VPN tunnels your organization relies on every day. Some types of VPN connections could include:

  • Vendor VPNs for their remote users
  • Workforce VPNs for remote staff
  • VPNs for Physicians and their offices
  • A multitude of other legitimate reasons for a VPN tunnel

So how can you possibly manage so many VPNs? I know of healthcare organizations trying to manage 500 plus VPNs every day. Keeping them up, interacting with remote users on their issues, closing old unnecessary VPNs and building new ones, and occasionally running audit reports on who accessed individual applications, are just a few of the operational tasks required to manage VPNs.

There is a great deal of traffic to manage and even with graphic tools to assist, it begins to look like a spaghetti model mess! Given that in most healthcare organizations, the VPN director of traffic is typically a highly skilled and valuable network resource, with other responsibilities, managing the spaghetti mess becomes a problem.

In healthcare, VPNs have become a way of life for connectivity, and during my 20 years in healthcare IT, I’ve heard many times about the potential of something new coming to replace and simplify remote connectivity. Yet, here we are in 2019 and still find ourselves managing hundreds of VPNs that are critical to daily operations.

VPNs are a part of daily business for all of us. And they tend to accomplish the goal of providing remote access, and for the most part, are reliable. That’s the good news and bad news, because with every organization I talk with, VPNs have grown in number, and that causes some critical challenges. Some challenges include:

  • As VPNs grow, the complexity of securely managing them grows, too. As a result of this complexity, unused VPNs stay active far too long risking exposure to sensitive patient data.
  • End users aren’t well managed, providing access where it shouldn’t be provided.
  • Audit reports are more reactive than proactive, if they happen at all.

Wouldn’t it be nice if there was a better way to manage VPNs? And better yet if you could off-load all the VPN management to someone else?

You don’t have to manually mange hundreds of VPNs anymore. There are ways to automate this process. This entails having all of your vendors access your network through one VPN. And the benefits of this will positively impact your IT team, your staff, your clinicians, and your patients.

If all of this is familiar to your organization, and you want to stop the spaghetti mess of VPN access to your network, check out this short video to see how to better manage this process. I would be happy to talk to you about your specific challenges too!

And, if you happen to be in a hurricane zone, please be safe.