Hey everyone! I'm dealing with a tricky situation here and I'm sure many of you have faced something similar. We have a locally hosted ERP system (I'll bet some of you can guess which one!). The vendor provides mobile apps for both iOS and Android, but the challenge is how to securely expose our ERP for access through these apps, considering they're running on personal employee devices. Unfortunately, options like VPNs or connecting to the enterprise WLAN aren't feasible for us. My first thought was to use DNAT policy in our firewall to expose the app server, but that raises concerns about security and vulnerabilities. I've also considered solutions like ZTNA or an Entra proxy, but I'm uncertain if they can effectively bridge the gap between the mobile app and our app server without issues since it's not a custom-developed system. I would appreciate any advice or insights you can share. Thanks in advance!
3 Answers
The simplest way might be to have your employees install a VPN on their devices for access. That keeps your ERP protected and puts a barrier around your network.
Honestly, letting personal devices connect to your ERP is a risky move. That's definitely a point to reconsider. I'd advise getting a policy in place about device usage first. It's super important for maintaining security!
True! Personal devices can definitely introduce risks. It’s safer to ensure everyone is using secure devices.
Totally get that! Unfortunately, we're tight on budget and work phones aren't an option. I'm hoping there's a safe way to expose the server while still allowing access for employees who want to use their own devices.
What you're looking for could fall under a Secure Access Service Edge strategy. I'd recommend skipping the app and just using the web client instead. A cloud reverse proxy can provide the security you need without all the extra hassle. If the app is a non-negotiable, it might be worth looking into services like Forticlient ZTNA or Cloudflare Warp—they're more budget-friendly. Just a heads up, though: if your endpoints aren't managed, you could be risking compliance and audit certifications.
The real issue is that using a VPN on personal devices can open up security holes in the enterprise network. It's a tricky balance!