We are conducting our lives and our businesses in an increasingly mobile world.  We need access to our critical business information from multiple locations and using multiple devices.

These needs often clash with the requirement to keep our data secure.  Exchange Servers are kept behind corporate firewalls which restrict who can access them and how they can connect to their mailboxes.

Secure mobile access to mailboxes on Exchange Servers is typically achieved through one or more of these methods:

• Virtual Private Network (VPN)
• Outlook Anywhere
• Outlook Web App (OWA)
• ActiveSync

Virtual Private Networks

A VPN is a secure communications tunnel established between two endpoints.  These endpoints can be two devices such as routers or firewalls, or can be between a client device such as a laptop and a firewall.

Mobile workers use VPNs to establish LAN-like network access to their corporate network.  This usually means that once connected to the VPN they have access to the same network resources they would be able to access when connected to the LAN from within the business premises.  In more security conscious environments this access is sometimes limited to just the few resources they need, but in a practical sense operates just as if they were on the LAN.

Using VPNs for access to Exchange Server makes sense when there are other needs for VPN access as well, such as access to application servers, file servers, or intranet sites.  Rather than each resource having its own independent access method, the VPN provides an “all in one” access solution.

However sometimes VPNs are not practical.  It is not uncommon for a mobile worker to find they are unable to establish a VPN tunnel because of restrictions on the foreign network they are currently working on.  This is mostly the case for IPSEC and PPTP VPN tunnels.  SSL VPN tunnels usually have no such problems because the SSL/HTTPS port is usually permitted out through firewalls.

Outlook Anywhere

Outlook Anywhere was formerly known as RPC-over-HTTPS, which accurately describes how it works.

The Outlook connection to a mailbox server over RPC is tunnelled through an SSL/HTTPS connection so that it can traverse firewalls, as well as to secure the communications over untrusted networks. Continue reading 4 Ways to Access Exchange Server Mailboxes through Firewalls

Virtual Desktop Interfaces like GoToMyPC can be more secure than VPNs for remote workers.

As workers become increasingly mobile, they’re demanding access to their computers–both at home and in the office–from whereever they can connect to the Internet. Cube rats want to access their home computers. Road warriors need to connect to their office desktops to maintain their productivity while traveling. Linking to headquarters is essential for telecommuters.

Over the last decade or so, the vehicle for establishing secure connections outside a company’s firewalls has been the Virtual Private Network, or VPN. It allows a remote computer to tap into a corporate network by creating a secure tunnel to it through the Internet. This method, though, can have security risks. That’s opened a market for alternatives to the hoary VPN.

Because VPNs originate with a company’s IT department, their operation is unquestioned by their users. After all, the reason users are told they need to use the VPN is so they can connect to headquarters securely. That creates a false sense of safety among users so they’re likely to transfer sensitive data through the VPN without using additional encryption and deploy protocols that transmit authentication credentials without any protection at all.

Continue reading More secure alternative to VPN