1. Protect Against Credential Theft
According to the Verizon 2018 Data Breach Investigations Report, 81 percent of hacking-related incidents leverage stolen or weak passwords. And a VPN is not immune. With stolen credentials, an attacker can access the corporate network over the VPN and from there, can try to gain higher privileges and move to other systems, applications and servers. An attacker could also potentially install malware on internal systems to gain persistent backdoor access to the network.
Layering strong MFA on top of a VPN defends against credential theft. MFA verifies the identity of all users with a second factor before granting access to corporate applications. This protects against phishing or other access threats.
2. Achieve Regulatory Compliance Securing
VPN access is also a data regulatory compliance requirement, and MFA helps achieve compliance. For example, PCI DSS 3.2 requires organizations with cardholder data environments (CDE) to secure all remote access —even through a VPN—with MFA. Other compliance requirements, such as HIPAA and NIST 800-171, also have similar MFA requirements.
Adding MFA with your VPN deployment instantly reduces the risk of a data breach while helping you easily meet compliance requirements.
3. Enable Consistent Access Security for On-Premises and Cloud Apps
While VPNs deliver remote access to on-premises applications, many organizations are moving workloads to the cloud. That can often introduce inconsistency into how users access applications—creating different processes for on-premises and for cloud.
MFA ensures consistent access security across on-premises and cloud apps, meaning the process for logging into the VPN is the same as the process to log into email, file sharing, collaboration or any other applications that have moved to the cloud.
4. Gain Visibility Into All Devices
Some MFA solutions open up a world of rich device telemetry to give you insights into the devices accessing all applications – on-premises and in the cloud, including your VPN deployment.
You can see the security posture of all user devices, such as laptops, desktops and mobile devices, including all personal devices—aka bring your own devices (BYOD)—that access cloud applications.
5. Enforce Granular Access Security Policies
There are certain MFA solutions that offer the ability to enforce security policies based on user and device risk. For example, you can enforce a security policy for VPNs to allow access only from specific locations, such as the U.S., and from devices that have up-to-date software. This gives you a higher level of assurance before you grant a user or their device access to applications.
For many businesses, MFA is the first step along the path to a zero-trust security model – also called the “software-defined perimeter” – in which you base application access on user identity and the trustworthiness of devices.