The Grant McGregor team talks you through a quick Q&A to help you understand why it might time to review VPN provision, the factors at play and whether they relate to your organisation.

The short answer as to whether you should be reviewing your corporate VPN is: Yes.

The changes in working practice that have happened over the last twelve months mean that many aspects of IT provision need to be reviewed.

Now it looks as though – for many of us – the shift in working practices is likely to last beyond the pandemic. According to Gartner(1), 74% of companies plan to permanently shift to more remote work and 20% of companies have deferred on-prem technology spend.

So what does this mean for the way you are using your VPN?

This quick Q&A will talk you through the whys and wherefores of reviewing your corporate VPN strategy.

What is a VPN?

A virtual private network (VPN) works by creating a private network from a public Internet connection. Typically, organisations use VPN services to establish secure and encrypted connections for remote workers, mobile users, branch offices and trusted third parties to the corporate network and its applications.

Why is it now a good time to review VPN provision?

COVID-19 has affected the demands placed on corporate VPNs for many organisations.

This time last year, most of us had to switch from normal operations to remote working practically overnight. Remote workers who needed secure access to the corporate network created a surge in traffic volumes over their organisation’s VPN connection. As a result, many VPNs were overwhelmed.

The simple fact is that VPNs were not designed to meet the needs of a full-time remote workforce.

What are the problems that relying on VPN connections create?

VPN is old technology. It is costly and resource intensive. With the sudden increased need, most organisations found themselves dealing with bandwidth issues. Access to essential applications slowed; systems ran slower.

This is a major problem, because poorly operating systems don’t just affect productivity, they affect morale as well.

How did organisations try to fix the problem?

There are, typically, two answers to this problem:

• Upgrade your corporate network to allow for the increase in traffic

• Allow a lot of your traffic to bypass the corporate VPN.

Let’s look at each of these two options in turn.

What are the drawbacks to simply upgrading network connections?

The major drawback to upgrading your network to accommodate the higher traffic volumes is cost. Furthermore, equipment, such as firewalls, will often also need to be upgraded at the same time to prevent them becoming bottlenecks, further adding to the expense.

What’s more, this does nothing to answer the security issues that arise from workers logging in from home, especially if they are using their own devices to do so. A VPN connection gives users access to the corporate network as if they were in the office, creating an open connection between two locations. If a user connects via their home PC, any malware on that PC can infect servers and other devices on the corporate network.

What are the drawbacks to allowing Internet traffic to bypass the VPN?

The other obvious solution to bandwidth constraints which many organisations adopted was to direct only the traffic that needed to access specific systems and applications on the corporate network via the VPN.

Internet traffic – to software-as-a-service applications, web-browsing, etc. – was sent directly to the Internet, bypassing the VPN. For most organisations, this could reduce demand on the VPN by as much as 70 percent – solving bandwidth issues.

As a result, access to essential business applications was protected for those users who needed it, without overburdening the infrastructure. And IT teams could continue to monitor and manage access to on-premises applications and safeguard their data.

However, this approach also has serious security problems. Traditional hub-and-spoke architectures that rely on secure VPN connections into central resources also typically require security to be delivered centrally.

The traffic that is now freely moving around the Internet sits outside the traditional security perimeter. Organisations that took this approach will have greatly widened their attack surface – and left much of it unprotected.

Devices could be infected. Users might use the same device later to log in via the VPN – then the corporate network is at greater risk.

How do you secure devices and traffic that sit outside the traditional VPN?

The only way to secure traffic that bypasses the VPN is to implement some system of cloud-based security services. This way, organisations can route Internet traffic through a ubiquitous security layer in the cloud.

Our recommendations are:

• Make use of the great tools that exist: Microsoft Azure, Intune, SharePoint, WatchGuard.

• Don't use a VPN at all, use Azure cloud services, or an RDS server, or SharePoint for file hosting.

• Use Microsoft InTune to prevent access to business data on home devices.

• Or use Watchguard cloud wireless for automatic secure tunnels from home to the office.

• Adopt the “zero trust” model of IT security, which we wrote about recently on our blog.

Zero trust solves other problems too. For one, it requires further checks to be put in place to limit movement within and across the corporate network so that, if a malicious actor does gain access, the damage they can do is severely limited. Furthermore, it helps to meet the requirements of the Internet of Things (IoT) and the proliferation of potentially less-secure devices which need access to the corporate network. Plus, of course, it aids the secure transition to cloud-based activities and servers.

Is it now the right time to review your corporate VPN?

If you do have on-premises applications and systems that employees are accessing via a VPN connection and have experienced any of the issues we’ve talked about in this blog – bandwidth and performance issues, security concerns, split tunnelling, the expense of increasing resources – then now is a great time to review your VPN.

Moving to a system of secure cloud-based solutions and cloud-based security isn’t only answering the immediate need to secure the activity of remote workers, it is also creating the right conditions for your future digitalisation initiatives.

We’re on hand if you would like the support of our team to help you review your current VPN, security and network access solutions.

Get in touch below to see how we can help you:

Sources:

1. https://www.brighttalk.com/webcast/2037/401738/rethink-your-vpn-strategy-as-more-employees-work-from-home