I am a bit unclear as to what additional protection a VPN provides for a remote worker over just a secure connection. Assuming all provisioning and SIP connections are configured to use secure connections to exchange authentication credentials, what additional protection does a VPN add?
As a follow up, assuming an endpoint is using a VPN, what additional security risks might remain?
The whole remote endpoint provisioning/authentication process remains a bit confusing to me. Just trying to more fully understand how it all works and where the risks exist.