What do you do when you have work to do and can’t make it into the church office? How do you gain access to the church files or systems you need to use so that you can do your job from home or other locations outside the church? These are very common questions posed by the staff and volunteers in churches we serve.
As staff members, we have all been there at one time or another. The kids wake up sick, the car breaks down, or that snowy, icy weather is more appropriate for sledding than driving. Or, because of other responsibilities, we need the ability to complete some of our work with flexibility, in “off hours.” Some potentially productive staff members who deal with health or mobility issues can benefit mightily from a non-traditional work arrangement that requires remote access to church systems. In these scenarios, Remote Access and a Virtual Private Network (“VPN”) are particularly helpful.
The Nitty Gritty: VPN
What is a VPN? A VPN (Virtual Private Network), extends a private network across a public network and allows its users to send and receive data as if they were connected directly to that private network. Essentially, a VPN is a secure method to access work data remotely. The scenarios above beg the question, “Will a VPN enable me to effectively work from home or other locations away from the church office?” The answer is, Yes!
A VPN is not a “be-all, end-all” solution to obtaining remote access to your data. Other useful remote access tools exist, and certain cloud products can be very useful as well (we discuss this further on in the post). The primary reason for utilizing a VPN is to add a layer of security to the process of how you access data remotely. A church implements a VPN as a mechanism to maintain privacy and increase the safety of its data and resources. The primary security goals of a VPN are confidentiality, authentication, and integrity. Exactly how the VPN accomplishes these security goals varies by the protocol and method used.
The four most commonly used VPN types are PPTP, L2TP (IPSec), SSTP, and OpenVPN. The Point-to-Point Tunneling Protocol (PPTP) VPN creates a tunnel, encapsulates the data, and then uses Point-to-Point Protocol to encrypt the data between the connections. PPTP has been in use since 1995, and although very common, it is now considered an obsolete VPN approach. Layer 2 Tunneling Protocol (L2TP) creates a tunnel between two endpoints and uses the IPSec protocol to encrypt the data within the tunnel. L2TP currently has no known vulnerabilities and is a recommended method of VPN. Secure Socket Tunneling Protocol (SSTP) is directly owned and controlled by Microsoft. The name stems from the fact that this approach routes traffic through the SSL protocol. Since SSTP is not open source, it is one of the most secure of the VPN protocols, but it only works with Windows operating systems. OpenVPN is an open-source VPN and uses a custom security protocol based on SSL and TLS protocols. While OpenVPN is perhaps not as secure as SSTP, it does work on various operating systems, e.g., Mac, Windows, etc.
Determining which VPN option is the best one for your church depends largely on your specific situation and individual needs.
Remote Access: Sometimes, It IS Good Enough
Before deciding which VPN is best for your church, it is always good to take a step back and consider if you actually need a VPN at all. The answer to that question depends upon your specific situation and needs. For example, if you are dealing with critical or sensitive data that absolutely must be kept private and safe, then a VPN is the way to go. Keeping church member data and ministry-related information secure is usually a necessity. However, there are some instances when just having a non-VPN remote access method is acceptable.
When would you use a remote-access approach and not a VPN? Maybe you are already logged into the network, but just need to reach a particular computer. There could also be specific network equipment that is “non-critical” that you need to get to when you are out of the office. You may also need to set up a meeting and share your screen with a colleague. These are a few cases in which you might be better suited to use remote access instead of a VPN. There is a wide variety of remote access tools, and they use different methods to connect. Currently, a few of the standard tools we see and use are ConnectWise Control (formerly ScreenConnect), TeamViewer, GoToMeeting, or Remote Desktop Protocol (RDP).
Remote Access and VPN are not the only ways you can access data. The Cloud is another way to access your data when you are away from your physical work location (link to another one of our articles). Cloud computing generally refers to the on-demand availability of computer system resources. In essence, it means that you are accessing data centers that provide data access to many users on the Internet. The question in the cloud-based data center scenario then becomes, “Is my data safe?” With proper configuration and access, the answer is that most likely, your data is significantly safer than the data that resides on your own hard drive. Generally, cloud servers are housed in warehouses offsite, located away from most employees, and are heavily guarded and protected by multiple layers of physical and technical security. Additionally, the data is usually encrypted and is resistant to most hacking efforts. When using any Cloud-based platform, active password management and the use of multi-factor authentication is critical.
Security Is Key
Remote access to systems and data when you cannot be at your office location is a great benefit. If the nature of your work and ministry requires that you connect securely to a network, we recommend exploring the implementation of a VPN. Throughout this security series, we have continued to raise the oft-sounded alarm that there are “bad actors” on the Internet that are continually trying to intercept data. Knowing the right way to connect to your systems and data is vital in keeping your information safe.
If you have any questions about which remote access approach is best for your church staff, Enable can help! We would love to help you think through your specific situation and all of the available options, and come up with the very best solution for your church. Reach out to us at [email protected] or fill out this form to get started!