Most often, vendors are proposing security solution in a basket of features. They claim for security suite with unified console and dashboard. It is necessary to assess and identify the baseline security in business requirements what are the necessary protection. Otherwise, it will cost more, and more to manage in terms of support, maintenance, skillset, user experience.
Some guiding questions are to facilitate the decision. The answers are situation and organization specific. Taking remote access as an illustration here. Who are the users accessing the infrastructure or system:- From own organization?
- From business partners (vendor or contractor)?
- General public?
- Resilence arrangement
- Maintenance window
- Business continuity
- Disaster recovery
- Recovey Time Objective
- Service level pledge
- Infrastructure (e.g. storage, email, intranet)?
- Business applications?
- Within organization network (due to network segmentation)
- From business partners network
- Internet
- Organization device or any device?
- This is the business justification, for example
- Speedy vendor support without traveling to site
- Enhancing productivity especially in COVID-19 to keep physical distance
- Password only
- Domain trusted
- 2-factor (different means to choose)
- RDP, thin client, thick client?
- In case access credential is lost, how is the identity re-established