As admins - do you encourage users to use a VPN when logging into Netsuite in a coffee shop or hotel? Or is that overkill?

it is not a overkill - best practice

The purpose of a VPN is for encryption between your computer and NetSuite. NetSuite is already run with HTTPS which does this.

@Sam-I-Am my IT dept requires it for anyone traveling. not netsuite specifically but VPN for all web access.

Most of security concerned organization follows this process

Not trying to argue. I just like this topic and researched it myself recently. Many companies like Google, Cloudflare, Netflix and Facebook have moved away from VPN in favor of a Zero Trust Architecture. Most were dependent on VPN but are now moving to ZTA with tools like MFA and proper permissions

I agree with you on Zero Trust along with MFA but not all companies have the capability or expertise on that. Eventually it will be a norm.

I hope I didn't come across argumentative. Good discussion! Always like to see your thoughts in the community

Note that the security personnel in some of these companies are of old school and wanna hold on to archaic systems and processes, don't want to adopt with the new and advanced trend.

not from an employee perspective but just as a regular normal person who uses technologies - i'm seeing more and more services i use require MFA, usually text message

I love my MS auth app. Makes life easy

Text messages are not 100% secure Linus did a video on that, how unsecure it is. Best to use RSA based authenticator apps/keys or even things like FIDO2 based YubiKey

i have MS auth app for some things but not every service i use require/support it. most are email or txt message. maybe in the future everyone will use an auth app