What to Consider When Choosing a Corporate VPN for Remote Workers
While remote work has proven to be a boon for many employees’ work-life balance, working from home is causing headaches among those responsible for securing corporate IT infrastructure.
Businesses may have hundreds (if not thousands) of end-user devices accessing company data from remote locations, which presents a host of security vulnerabilities. As such, businesses often deploy VPNs to add a layer of security among remote workers accessing company data.
Here’s what to consider if you’re rolling out a VPN across your corporate IT infrastructure.
Businesses With Remote Workers Are Vulnerable
Security vulnerabilities arise when employees use unsecured Wi-Fi networks, such as public Wi-Fi in a coffee shop or library, when accessing their corporate accounts. Any data sent or received while connected to a public network can easily be intercepted (and therefore stolen) by cyber criminals.
But it’s not just public Wi-Fi networks that pose a risk. Home Wi-Fi networks are also vulnerable. Employees living with roommates or working while staying in a short-term accommodation such as an Airbnb are at risk of having their data intercepted by anyone else connected to the same Wi-Fi.
VPNs and Data Security for Businesses
A VPN creates a secure tunnel between a device and a network, encrypting all data being sent and received. For businesses, this creates a secure connection between their intranet and platforms such as Gmail, Salesforce and Slack, with their employees’ devices.
There are two main types of remote VPN technology: IPsec and SSL/TLS. Both encrypt network data. However, it’s important to understand the advantages and disadvantages of each option.
Which VPN Is Best for My Business?
This type of VPN works at the network layer of the OSI model, which enables employees to access everything within a corporate network (including printers and shared drives).
While it provides an extremely wide access range, setup and implementation comes with a high resource overhead. A physical piece of hardware usually needs to be installed within the enterprise network, and all employees who need remote access must download and install an application onto their devices. Given usual user permissions within businesses, IT support personnel will need to install the software onto each of these devices. And of course, updates will need to be periodically downloaded and installed.
The wide-ranging access provided by IPsec can be a vulnerability, as a compromised or stolen device could give hackers full access to a business’s network.
SSL VPNs are the other option. These don’t require a software installation at the device level. Instead, they run via a web browser, such as Chrome, Firefox or Safari. What’s more, updates are applied directly to the server, avoiding the need to install updates at the device level.
Because it operates through a web browser, connection to the corporate network is restricted to SSL-enabled web applications, so there may be other applications that an employee won’t be able to access remotely like they could when they were in the office. Obviously, this can impact productivity. But now that lots of software providers have moved to the cloud and provide web-based access, this has become much less of an issue.
The more restricted access provided by SSL VPNs can be a benefit in terms of security, as it enables much tighter control over privileges and what each user can access. This also limits what a hacker could access, should a compromised device fall into the wrong hands.
What Options Do Businesses Have Beyond VPNs?
It’s also worth mentioning that there are other options available to businesses to secure remote workers besides VPNs that are gaining popularity. Two of the most popular options are SDP and zero-trust networks.
Software-Defined Perimeter (SDP)
Sometimes referred to as the “black cloud,” SDPs require no hardware to get started. SDPs are cloud-based, removing the need for desktop software or browser access. Users access an SDP via a multiple-factor authentication (MFA) process and only have access to certain pre-authorized services or hosts within the perimeter.
As with all security solutions, there are always vulnerabilities. In the case of SDPs, the perimeter based security system has holes. The more points of access there are, the more vulnerable a network becomes.
While VPNs allow for remote access to an internal network — and those “inside” are then trusted — a zero-trust network uses repeated verification processes to access network services. These identity-based policies result in reliable security that travels with the workload within an enterprise’s network.
Beefier security is the major advantage of the zero-trust model, thanks to its segmented data and verification processes. However, downsides include its complex set up process that requires constant upkeep, as well as the inconvenience placed onto users who have to continually verify themselves once inside the network. Additionally, zero-trust networks don’t function with some legacy applications and operating systems, which often necessitates an expensive upgrade.
Allowing remote workers to access corporate networks poses a security risk to all businesses. VPNs and the options mentioned above provide a solution to risks that come with using unsecured Wi-Fi networks.
However, software solutions alone won’t secure your network from threats, training and awareness raising among employees is just as important. Be sure to roll out suitable training alongside any VPN policies that you implement in your business.