There can be a variety of uses for an organization to use or authorize the use of VPN services; it depends greatly on what the nature of their business is. If a business does decide to use VPN connections it must also develop an Acceptable Use Policy (AUP) to enforce the standards, policies, guidelines, and the security of the organizations network. The types of users or groups that are more likely to use these types of services are; Employees working from home, Server administrators, Branch office workers, and off-site contractors. The employee working from home would probably need a secure connection to the company’s intranet. The Server administrator will need a secure remote connection to the server, and the off-site contractor more than likely will need access to specific project files on the company’s network. A Branch worker at a bank for example would definitely need a secure remote connection in order to access a main branch office for any reason.
By developing an AUP for the VPN service and having all users agree to them, this holds them responsible for anybody using their login or computer. The Administrator would be able to see which account was used during any violations or breaches, in return holding the user responsible. The VPN AUP will include permissible and impermissible user and group behaviors which they will have to agree to in order to be allowed to utilize the VPN service. Not only does the user or group need to agree to the VPN AUP but also they must also have a need or purpose for accessing the company network via a VPN connection in the first place. VPN usage can also be restricted by dates and times of the day to make sure nobody is accessing the system when they don’t need to be. Violations that have been identified will be handled on a case-by-case basis but on the other hand if the individual is a repeat offender then their access will be suspended or totally revoked.