IT teams should look for services with automated alerts about user behavior, logging, scalability, and centralized management.
As remote working has just become the norm, IT teams have to take a second look at solutions that worked in March 2020 but may not be the right choice right now. In addition to implementing multi-factor authentication and evaluating a zero-trust approach, IT leaders must determine how a virtual private network (VPN) fits into its overall security plan.
A VPN provides two basic services: encrypting data between two points and hiding a user’s IP address, as David Gewirtz explains in ZDNet.
SEE: VPN: 5 reasons professionals should always use a VPN (TechRepublic)
Sebastian Stranieri, CEO of VU Security, said that for a company with a corporate network, all users working remotely should use a VPN. He said VPNs provide three main benefits:
- Ensures some level of security of information
- Prevents third parties from blocking communication
- Protects the user’s identity
Stranieri said people should also use VPNs for personal online activities and avoid free services.
Juta Gurinaviciute, chief technology officer for NordVPN Teams, said that the needs of a company and the technical specifications of the service are the two main pillars of choosing a VPN.
“Some are trying to protect corporate network environments, remote workers focus on end-user’s resilience, and others need cloud protection first,” he said.
Gurinaviciute said IT leaders should also consider secondary technical parameters such as connectivity, speed, devices supported and number of connections allowed.
According to Gurinaviciute, IT teams should consider how VPN can affect latency, as sending encrypted traffic can slow overall flow.
“But that’s a pretty low price that businesses have to pay for durability and data protection – especially with today’s increasing bandwidth, optical networks, and 5G connections, ”he said.
Gurinaviciute said VPNs are an element of an overall cybersecurity strategy because this technology cannot protect employers and staff from social engineering attacks or malware that is already around the network.
“VPNs work best simultaneously with anti-malware programs and the development of cybersecurity education within a company,” he said. “To reduce risks, organizations can go beyond VPN and implement zero-secure network access solutions, limiting employees’ connection to sensitive corporate information.”
Rob Smith, a senior research director at Gartner, acknowledged that many companies should consider moving to a zero-trust solution for managing access and security rather than choosing a VPN. However, he said VPNs are still important for some industries that have made significant investments in data center operations that have not recently moved to the cloud, such as city governments and financial firms.
“For many financial companies, they expect to be 80% in the cloud within the next five years,” he said.
Another factor to consider is the connectivity level of a remote employee. Some employees working from home have fast connections to support the desktop solution as a service for security and access. There won’t be individuals with slower connections.
Considering the most important VPN features
Maxime Trottier, vice president of sales and marketing at Devolutions, said IT teams should look for the following features in a corporate VPN:
- Centralized Management: Choose a VPN that gives you the necessary control you need over centralized functions such as key management.
- Logging: Choose a VPN that meets your company’s compliance and auditing obligations.
- Scalability: Choose a VPN that will adapt to your organization and seamlessly support future growth as you recruit new staff.
Trottier suggested considering a service with a stop switch.
“In the unlikely event that your VPN connection drops, you run the risk of using a regularly unprotected connection managed by your ISP, and you may not even know if this is happening,” he said. “A shutdown switch prevents this by closing applications and preventing access to websites as soon as the connection is lost.”
Configuring, managing, and optimizing enterprise-class VPNs are much more complicated than personal VPNs, Trottier said. He recommends checking the levels of support a provider offers as part of the selection process.
IT teams must also calculate how many connections a VPN can simultaneously support to avoid reaching a user limit that prevents additional employees from logging in, Trottier said.
It also recommends finding a VPN that provides real-time push notifications so employees who are breaking rules (even by accident) can be detected and stopped.
Trottier recommends that user experience is also taken into account when choosing a VPN.
“Choose a VPN that doesn’t significantly reduce the user experience, otherwise some employees will try and get through it,” he said.
Finally, it’s important to find out if a VPN vendor will resell your data.
“If it is and it’s a problem (and probably is), find another vendor who confirms that it will delete all registration data,” he said.