Currently our CM1 install is only available within our own network and the only way of accessing CM1 outside the network is to VPN into the network. VPN is not always reliable and always slow. So we are thinking of making this accessible outside the network in our DMZ, so it can be accessible from anywhere without the need of VPN or onsite. In terms of security would the login layer CM1 provides be sufficient?
The security provided by the CM1 login layer is sufficient for ensuring users within your network cannot perform unauthorized actions within CM1. It is not intended to secure CM1 running outside of a corporate LAN, where it may be subject to all manner of sophisticated security attacks. We do not recommend placing CM1 outside your network in the DMZ, and recommend that you continue to access CM1 remotely via a secure VPN connection.