Introduction To gain access to enterprise resources, the traditional solution architecture is use VPN. For today’s cloud services, there is also zero trust architecture. If you have on-premises resources, using a traditional VPN-based remote access architecture is one way of balancing remote usability with the risk of compromise. If you have few or no on-premises services, the VPN may not required, the zero trust architecture can be very effective. If you are designing a new network, consider following the zero trust network approach instead.
There are 12 principles for securing devices from The EUD Security Framework 1, published in 2013, all of which must be considered when deploying a particular solution. These principles provide the basis for guidance for securing devices. Data-in-transit protection Data should be protected as it transits from the end user device to any services the end user device uses. IPsec VPNs provide the most standards-compliant way of doing this, but TLS VPNs or per-app TLS connections can also be used.