Discussions 16.

1: VPN Selection
A) Research & Information gathering - As an IT security Manager of my organization (Sinch, a global CPaaS
player, globally spread in more than 50 countries with more than 4000 employees working in Hybrid working
culture) selection of VPN technology for the organization is based on the following criteria:

i)Organizational requirements- How many users, geographical distribution, compliance requirements

ii)Technical features- Cryptography, Network Authentication Services, Security Protocols, Speed &
performance, Scalability, Logging policies etc.

iii)Commercial & business use cases- Commercials are based on fixed fee or per user basis, implementation fee
and what will be total cost of ownership and How many uses case are supported by VPN providers- Cloud
applications, Hybrid Cloud, Support of different OSs and End points etc., Remote Access for employees, Data
Encryption, etc.

Ans1) Which VPN technologies are best for Sinch- After doing my research based on the above-mentioned
criteria, I focused on 4 VPN providers based on their strengths & offerings

i)NordLayer: NordLayer is designed for businesses seeking secure remote access with robust cloud
infrastructure with Key features-Zero Trust Network Access (ZTNA),Cloud-based Security, MFA & SSO
Integration, Network Segmentation.

ii)Perimeter81- Perimeter81 offers a comprehensive VPN solution with an emphasis on cloud security, scalable
& flexible with enhances security posture and simplified management. Key Features- Zero Trust Security, Ease
of Deployment, Integration with Major Platforms(AWS, Azure, Google Cloud), Global Gateway Access.

iii)Cisco AnyConnect: Cisco AnyConnect is a traditional enterprise-grade VPN solution with a robust set of
features- enterprise grade security with seamless integration with Cisco Ecosystem with advanced network
control to support Hybrid working mode. for secure remote access.

iv)Palo Alto Networks GlobalProtect: It is a comprehensive security solution designed to provide secure remote
access for users while protecting organizations from threats. Its key features include- advance threat
protect(ATP),Host information profile(HIF), and seamless integration with Next Gen FW of Palo Alto and
supports multiple platforms Windows, macOS, Linux, iOS, and Android.

Ans 2) Selection criteria or rationale to choose VPN technology- Sinch, as a global (CPaaS) provider operating
in over 50 countries with a hybrid working model, requires a robust and versatile VPN solution to ensure
secure and seamless connectivity for its distributed workforce. The following detailed selection criteria outline
the rationale behind choosing the appropriate VPN technology:

i)Strong Cryptography Capabilities: Given the sensitivity of communications data and the risk of interception, it
is crucial that the VPN technology employs advanced cryptographic techniques like AES-256, which is
considered the gold standard for encrypting sensitive data, and use secure protocols such as OpenVPN or
IPsec/IKEv2.

ii)Strong Encryption Protocols: Strong encryption protocols support multiple secure protocols, including
OpenVPN, IPsec/IKEv2, and WireGuard, offering flexibility to choose the most suitable protocol based on
network requirements and performance considerations.

iii)Kill Switch: The VPN must have an integrated kill switch to automatically terminate the internet connection
in case of a VPN failure, providing an additional layer of security for remote and hybrid users.

iv)Multiple Authentication Methods: The VPN should support MFA, including tokens and biometrics, and
integrate with SSO providers such as Azure AD or Okta, enabling streamlined and secure user authentication
processes.
v)Seamless Integration with Cloud Applications and Existing Firewall Infrastructure: Sinch’s operational
environment relies heavily on cloud applications and existing network security infrastructure. Seamless
integration with these systems ensures that the VPN should offer native integrations with popular cloud
platforms like AWS, Azure, and Google Cloud, as well as compatibility with existing firewalls and security
appliances, such as those from Cisco or Palo Alto Networks, to maintain a unified security posture.

vi)Scalability: VPN must be able to scale efficiently to support a growing number of users and devices. The VPN
solution should be capable of supporting thousands of concurrent connections, providing high availability and
load balancing features to maintain optimal performance and user experience.

vii)Compliance: As a global entity, Sinch must adhere to various regulatory standards, such as GDPR in Europe
and other data protection laws. The VPN must provide features that facilitate compliance, such as granular
access control, detailed logging of user activities, and the ability to generate compliance reports.

Ans3) Specific business or use cases

i)Secure Remote Access for Hybrid Workforces: Enabling secure access to corporate resources for employees
working from remote locations, including home, client sites, or while traveling.

ii)Data Privacy and Compliance-Ensuring that all data transmitted over the network is encrypted and compliant
with regulations such as GDPR.

iii)Secure Access to Cloud and SaaS Applications: Providing secure and seamless access to cloud services and
SaaS applications such as Microsoft 365, AWS, and Salesforce for distributed teams.

iv) Multi-factor Authentication (MFA) and Single Sign-On (SSO) Integration- Enhancing security by integrating
VPN solutions with MFA and SSO to provide an additional layer of authentication.

v)Secure Mobile and BYOD Access: - Supporting secure access for mobile devices and BYOD (Bring Your Own
Device) policies, which are common in hybrid working models.

vi)Scalability: VPN solution can scale dynamically to accommodate a fluctuating number of users and provide
reliable performance.

vii)Integration with Existing Security and Network Infrastructure: - Seamlessl integration of the VPN solution
with existing firewalls, identity management systems, and security tools to create a secured environment.

Ans4) Key criteria and explanation for grading or scoring criteria

Key Criteria and Rationale

Explanation for
Weight Grading
Criteria Description grading/scorin
age Criteria
g
This is the most
critical factor for
evaluating VPN
solution. Higher
Strength of
scores for using
encryption,
AES-256: 5, AES- AES-256
Security & security
30% 128: 3, No AES: encryption,
Encryption protocols, and
1 multiple secure
features like Kill
protocols
Switch
(OpenVPN,
IKEv2), and
security features
like Kill Switch.
 Support for Higher scores for
multi-factor offering both
authentication MFA and SSO
Authentic MFA + SSO: 5,
(MFA), single integration,
ation 15% Only MFA: 3, No
sign-on (SSO), ensuring robust
Methods MFA/SSO: 1
and robust authentication
authentication and access
mechanisms. control.
Higher scores for
seamless
Ability to integration with
integrate widely used
Seamless
Integratio seamlessly with security
Integration: 5,
n with existing infrastructure
15% Limited
Existing firewalls, identity (e.g., Palo Alto,
Integration: 3,
Systems management Cisco, Azure AD),
None: 1
systems, and enabling unified
cloud services. management
and consistent
security policies.
Higher scores for
solutions that
Capacity to support
support a thousands of
growing number concurrent
High Scalability:
of users and connections,
Scalability 15% 5, Moderate: 3,
devices, with provide high
Low: 1
features like load availability, and
balancing and offer easy
high availability. scalability for
growing
organizations.
Higher scores for
VPNs that
provide
Support for
compliance
compliance with
Complianc Full Compliance: certifications,
regulations like
e& 10% 5, Partial: 3, clear data
GDPR, HIPAA,
Privacy None: 1 logging policies,
and clear data
and features to
privacy policies.
facilitate
compliance
reporting.
Higher scores for
minimal impact
on network
Impact on speed, low
network latency
Performan Low Latency: 5,
performance, connections, and
ce & 10% Moderate: 3,
speed, and stable
Reliability High Latency: 1
connection performance,
reliability. ensuring a
smooth user
experience even
under high load.
Ease of Ease of Higher scores for
Easy: 5,
Deployme deploying the solutions with
5% Moderate: 3,
nt & VPN solution, intuitive
Complex: 1
Managem user interfaces,
 centralized
management
consoles, and
management
straightforward
capabilities, and
ent deployment
overall user
processes,
experience.
reducing
administrative
overhead.
Higher scores for
solutions that
Overall value for offer robust
money, features and
Cost- considering High Value: 5, high security at
Effectiven licensing, 5% Moderate: 3, a reasonable
ess deployment, and Low: 1 cost, balancing
maintenance cost with
costs. functionality and
enterprise
needs.

B)VPN technology chosen to deploy for Sinch(my organization)?

Ans) Based on the analysis and specific needs of Sinch as a global CPaaS provider, Cisco AnyConnect was
chosen due to its robust security, scalability, and compatibility with Sinch’s existing Cisco infrastructure, making
it the best fit for the organization’s requirements.

C) Best platform and why it was chosen?

Ans) Cisco AnyConnect is considered one of the leading VPN solutions in the marketplace. It is best fit for
Sinch’s technical & commercial requirements and the key reasons why Cisco AnyConnect was chosen for Sinch:

i)Comprehensive Security Features: It provides enterprise-grade security, including strong encryption,

advanced malware protection, and endpoint visibility, which are crucial for protecting Sinch’s global
operations.

ii)Scalability and Performance: It supports a large number of concurrent users and offers reliable performance,
essential for accommodating Sinch’s 4,000 employees spread across more than 50 countries.

iii)Integration with Existing Infrastructure: It seamlessly integrates with Cisco’s existing network and security
infrastructure, enabling centralized management, monitoring, and enforcement of security policies.

iv)Support for Hybrid Work Environment: It is well-suited for hybrid and remote work setups, providing secure
access to corporate resources for employees working from various locations.

v)Compliance and Data Privacy: It supports compliance with global data privacy regulations such as GDPR,
ensuring that Sinch can protect sensitive data and meet its regulatory obligations.

vi)Advanced Access Controls and Visibility: It offers granular access control and detailed visibility into user
activity, which is critical for a distributed workforce accessing sensitive communication data.