With so many tools at our disposal to make remote and mobile work possible, its no real surprise the trend is continuing to grow, and expected to continue growing even in 2017. But when remote workers are accessing your company’s network from their own, it can be impossible to ensure the same security standards set in place carry over to every single remote connection. And as we know, security should be of the highest concern for any company, not just the high level Enterprise.
The important, and sometimes business critical, information we share and collaborate on in our daily tasks – from emails to phone calls to even team messaging and collaboration apps – can easily slip through the cracks if workers use any unsecured remote connection they can find. However, Virtual Private Networks, or VPN, offer the perfect solution for any business that relies on remote workers, yet also places a high priority on system security.
A 2020 report of top rated VPNs by watchdog group Privacy Australia found that VPN usage could reduce risk of hacking and malware by over 23%. VPNs function not only to encrypt outgoing data but also protect your computer from inbound attack vectors. A follow up report by Info Security found a large reduction in malware attack surface on both mobile and desktop devices.
So What is a VPN?
In essence, a VPN is simply a security measure, like a Session Border Controller, and is just an extra layer of privacy to your company can add to shield online activity. This means a VPN could protect data transferred in emails, team collaboration platforms, team messaging apps or even your business VoIP calls.
The simplest way to describe a VPN is as a private network of computers, that remains secure and private, even when users connect through their unsecured home networks. Hence the name itself, a Virtual Private Network. VPNs allow us to use just about any network connection at our disposal to link into the same network you would be connected to if you were in the office.
In fact, VPN technology was originally developed for the specific use of allowing remote workers to securely access their in office network. While consumer solutions do exist, we are mostly curious at understanding how a VPN can help product your business communications.
In bottom line, plain English: a VPN allows a computer located outside of your office’s network to connect directly to that network just as if they were in office and plugged in to a router, with a safe and secure, encrypted connection.
Therefore, VPNs allow us to share files, applications, services, printers, fax machines – whatever you need – both quickly, while ensuring a secured connection.
But Why Would You Need a VPN?
Well, as we continue to adopt more and more cloud based solutions, the idea of security should be growing in our minds as well to compensate. Since information is being transmitted through networks, and not every single provider is capable of security like that included in Cisco Spark, a VPN is an easy way to keep things locked down. There are numerous benefits to employing a VPN in your network, and the need for one is fairly straight forward.
The decision to add a VPN will come down to a number of factors:
- Your business relies on mobile workers with occasional remote work days.
- Workers frequently attend business trips that still require access to your office network.
- Your business is globally dispersed, and utilizes dedicated remote work sites that need to connect to one central location.
- A concern for security and data protection.
- The need for a stable network connection to transfer data or allow remote work in general.
Overall, a VPN should help to boost the productivity of your remote workers, just like our list of Slack integrations, while ensuring an extra layer of security and privacy for any information that will be transferred through an otherwise public, unsecured network. However, depending on your specific use case you might end up employing a different type of VPN.
Different VPN Types
No matter what form of VPN your business chooses to employ, the end result will always be the same. VPNs create “tunnels” through unsecured public networks to establish secure connections with a private network. Utilizing standard, yet robust, security tools such as data encryption and end-point authentication, VPNs are able to prevent unauthorized access to these tunnels, and ultimately your company’s network on the other end.
Currently, there are two popular types of VPNs that differ in levels of security, and connection methods for users. While some VPNs will require users to download a client on their machine, others will simply require users to log in and possibly install a once-time download web browser plugin.
Originally designed to specifically offer “point-to-point” and “always-on” connections, IPSec VPNs offer remote access to the network through a standard Client, or application. These VPNs were mostly developed for permanent remote sites to access one central network.
The VPN client application is what allows access to the network, and creates the tunnel we previously mentioned. The application client will be installed on the remote workers device, meanwhile back on the business end, something called a VPN terminator will live inside your company’s network. Generally a VPN terminator can usually be a hardware, or even software, firewall used to protect your network.
The VPN terminator, or firewall, should be provisioned to specifically allow your remote worker’s connections – to do this the Terminator will need to be configured to accept a specific security criteria. This criteria will generally be a group name, or a shared password. These however are not individual user accounts, but rather a shared secret among the group.
Of course, if the client installed on your remote worker’s computer is not configured with the proper security criteria, they will not be allowed access.
IPsec VPNs offer this “always-on” connection because users can always just boot up their client, and as long as their security criteria matches (and was not changed on the other end) a successful connection can always be made. This just requires users to install the client on their device before their first attempt to connect to the network.
Benefits of an ISPsec VPN Include:
- A permanent connection between locations.
- As IPSec works in the “protocol layer” of the internet, any IP-based protocol can be sent through. This means you can use IPSec for both data applications that utilize TCP and UDP protocols.
The downsides to an IPsec VPN include:
- Once a tunnel is created, remote users can access almost any corporate resource on the network, it can be difficult or impossible to restrict specific access.
- IPsec VPNs require slightly more maintenance, with an additional VPN Terminator as well as security configuration.
- A business will also need to ensure their Network Address Translation (NAT) configuration will work with and allow their IPsec setup.
Best For: An IPsec VPN connection will be best used for globally dispersed teams, with remote offices that need to connect to one major, central office network. The always-on nature of IPsec, as well as protocol freedom from interacting with the IP layer, also expand the use-case of the VPN to include extra capabilities such as back-up lines or data transfer.
But on the other end of the spectrum, we have the SSL VPN. Developed to truly benefit the mobile worker, SSL VPNs sought to do away with the Client approach. Since the Ipsec client approach would require users to download, install and configure a client on their machine to ensure a proper connection SSL aims to remove that initial boundary as this alone could present complications in software compatibility, or installation and implementation issues requiring technical support.
Since the SSL VPN was designed primarily for remote workers, with remote workers in mind, they of course do not require any specific client applications to be installed on the remote worker’s computer, or tablet or phone for that matter. Instead of a client, users will gain remote access through their web browser.
Generally, users will navigate their web browser to an appropriate web, or IP, address and will then be prompted to log in with their credentials. Often, users might have to download a web-browser plugin, but this will generally be a one-time, quick and easy installation never to be touched again. This might also remove the need to leave your web browser open to keep the connection live.
Users do not need to have a client previously installed before their first login attempt like IPsec requires. However, this does lack some of the two-sided authentication that occurs in a IPsec connection, with a client talking to a VPN terminator on the other end.
Benefits of an SSL VPN Include:
- They do not require any specific client applications to be installed on remote workers machines, but mostly just an internet connection.
- A business can provide granular access to only specific resources on the network through SSL VPN account setup and provisioning.
- Logging and auditing capabilities are generally built into an SSL VPN to keep a closer eye on remote worker activity.
The downsides to an SSL VPN include:
- An SSL VPN does not function in the application layer, and therefore cannot accept as many protocols as an IPsec connection.
- Security might not be as tight and closed as the authentication in an IPsec VPN.
Best For: As SSL VPNs were developed for remote or mobile workers, the best case for implementing SSL is for teams that often, but not continuously, allow remote or mobile work. Businesses that do a lot of traveling will also benefit from the sign-on nature of an SSL VPN, allowing quick yet secure access from almost any machine without downloading a client.
The Bottom Line on VPNs
Adding a VPN to your company’s network is a great way to ensure security, privacy and robust connections for the ever growing mobile workforce. Whether or not your business requires a VPN will come down to our previously listed factors, however if remote and mobile workers are common within your company then adding in a VPN should almost be a necessity. The costs and implementation process, which differs based on the type of VPN and provider, should be low enough themselves to justify the addition to your network.
And while an IPsec and SSL VPN achieve mostly the same goal, both will be utilized best in different use cases. However, that does not mean one should be employed over the other necessarily – sometimes both systems will compliment each other for their own specific use scenarios. But at the end of the day, if mobile and remote work is common for your business then a VPN is one of the easiest decisions you can make to secure your network.