Another way to restrict access would be to provide a separate server for these "everyone and my remote user can...
look see." You then need to set up permissions, etc. for each server and maintain them as well. If your user is VPNing in, and you've set encryption and authentication as securely as you can, you've already mitigated substantial risks. Now finesse the design until you're happy it works as you want. Document it and be aware that you'll need vigilance to keep it working correctly.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.