Wednesday, 7 February 2024

Are VPNs causing your staff headaches?

Many organisations rely on virtual private networks to connect to their business data. But do they still have a place in today’s world? Or is there a better solution?

Many organisations rely on virtual private networks to connect to their business data. But do they still have a place in today’s world? Or is there a better solution?

 

Corporate IT networks have undergone significant changes in recent years. The pandemic accelerated the shifts in work patterns and the fast development of technology and digitalisation, making the traditional methods of protecting organisational networks outdated and ineffective. 

In this article we look at VPNs and their downsides, and what Grant McGregor can do to make your remote access simple and secure.

 

What is a VPN?

Businesses and organisations of all sizes use VPNs to connect to their data or applications, this may be a server on premise or in Azure. A VPN opens an unrestricted tunnel between your home network and your business network.

 

Why are organisations moving away from VPNs?

The pandemic advanced the ongoing social trend towards remote and hybrid working and the technological trends towards cloud-based systems. In this new world, staff expect to be able to work from anywhere and get the same experience as if they were in the office.

While VPNs can facilitate access to your data from remote locations, they can often become an annoyance to the end user. Some examples of VPN issues that affect user’s experience are:

  • Having to dial the VPN every time you log on.
  • VPN not working from some internet connections.
  • Forgetting your VPN password.
  • Needing to remember IP addresses or server names to connect to.
  • VPNs can be slow and drop connection.

 

From a security perspective, VPNs create the following issues:

  • VPNs create an unrestricted connection between a home network and a business network.
  • If the home network becomes compromised or infected with malware, this can travel along the VPN to the business network.
  • There is no control of which data and applications can be accessed over the VPN, everything is available.
  • Most VPNs do not support Multi Factor Authentication (MFA).

 

What do we recommend as a replacement for VPNs?

There are a few potential solutions to replace VPNs in an organisation, the 2 Grant McGregor would recommend are:

-    Enclave Zero Trust Gateway
-    Microsoft Azure Virtual Desktop

These solutions offer more secure and more user friendly remote access. Each of them are appropriate for different scenarios.

 

Enclave Zero Trust Gateway

Enclave is a modern alternative to VPNs. It creates connections between business laptops and business data. But unlike a VPN, it does this automatically and only for the specific application or data the user has been granted access to. This reduces the security risk of exposing the whole business network, and reduces the user frustration of having to remember passwords or connect the VPN.

Enclave is a centrally managed application, allowing flexibility of adding/removing devices and changing remote settings for all staff at the same time, without having to re-deploy or re-configure a VPN each time something in your IT infrastructure changes.

 

Microsoft Azure Virtual Desktop

Azure Virtual Desktop (AVD) is a way for customers to use their business applications in Microsoft Azure.

AVD connects you to a server in Azure and lets you run your applications within the Azure environment. This keeps your data inside Azure and avoids data moving between networks. This is great for both data security and for the end user experience.

 

What next?

Do you think it is time to retire your VPN? The Grant McGregor team can help you assess whether you are ready.

If you’d like help or advice, please reach out to our team.

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us

Further reading

You can find more information about network connectivity, zero trust and other cyber security topics on the Grant McGregor blog:

•    What is Zero Trust and should I be implementing it?

•    Tips for successfully implementing a zero-trust approach to cyber security

•    Do your backups include this important information?

•    What can we learn from the NCSC’s sixth Active Cyber Defence report?

•    You should be getting more from your IT partner