In-depth

The secrets of VPNs for business

Secure access to your network isn’t something to be taken lightly

It's okay if you're not certain if you need a virtual private network (VPN), or how you'd go about setting one up. Those three little letters represent a minefield around compatibility, terminology, even legality: ask the younger generation what VPNs are for and they'll think of untraceable, anonymous access to the shadier corners of the internet. Or, they might picture ransom-demanding pirates and hackers taking control of their victims' machines.

Advertisement - Article continues below

Those bad actors and cyber criminals are using a VPN, since technically the term can mean any encrypted, encapsulated link from one internet address to another. That says nothing about what it's used for, what it can or can't do, who owns it or whether it's even working. What attracts the bad guys to such technology is the fact that no one can peer into the data that moves inside those encrypted packets although the destination and source addresses aren't encrypted, so it's always going to be apparent that a link is active. This is why business VPN solutions generally offer extensive security features: the value of the proposition lies in its impenetrability.

Unfortunately, as a result, the marketing spiel can lean towards impressive-sounding gobbledegook, intended to bamboozle senior management types simply looking for "the most secure VPN we can buy."

Advertisement
Advertisement - Article continues below

To make the right choice, you need to start by understanding what's possible and what's not possible. Then you can choose a way to do it and stay on top of the accompanying security obligations.

The benefits of a VPN

The most important benefit of a VPN is that it cuts your internal security problems down to size. Recently, embarrassingly so, there was a time when a Windows network could be constructed over global, public IP addresses, and many early design documents and even practical implementations made use of this configuration. It quickly became clear how inadvisable this was: even now, the interval between opening up an unsecured machine to the internet and its being compromised is typically measured in minutes.

Advertisement - Article continues below

A VPN can help here in two ways. First, you can shut off malicious connections entirely if you make a blanket rule only to accept VPN traffic. Second, you can close off the most prevalent exploits by using a border device that doesn't run Windows. Adopting these two simple measures is much less onerous than keeping on top of patches and threats to your entire Windows ecosystem.

This isn't to say that Windows makes a bad entry point for a VPN, or even a bad firewall. But it tends to be used best as part of a multi-device design, with routers, firewalls and SSL concentrators all playing their part in directing, filtering and brokering the traffic before it gets to the server. And there's certainly no need to use it for regular VPN duties: one thing that's moved forward in this field over the last half-decade is the burgeoning variety of ways you can land a VPN. Let's not get bogged down in the technology, and look at this from a business perspective.

Small businesses

The most common way to deploy a VPN in a small business is via a slightly smart router, with some small-scale features to support roaming Windows and Apple software clients. This kind of system will do the basic job, but it's likely to be using L2TP/IPsec for encryption and tunnelling, which often has a painful effect on internet performance as the router struggles to do all the required processing.

Advertisement - Article continues below

It's also not guaranteed to keep up with changes in the environment. Many organisations relying on setups like this have hit unexpected problems recently, thanks to changes in the VPN client in Windows 10. On paper, these promise better security and more versatility, but old routers have been left out, and the recommended solution has often been simply to go out and buy a new one. To be fair, it's difficult to blame manufacturers alone, because communication on Microsoft's part has been woeful, too. If you can't make your VPN work on Windows 10, not only are you unlikely to get a clear explanation as to why, you'll also look in vain for reassurance that whatever solution you come up with won't be borked in an update.

Even if your router-based VPN is nominally working, many businesses experience intermittent service (causing high levels of user irritation) because the kit has to work hard and doesn't cope well with issues. It's difficult to run tests on a router that can't reliably tell you when you need a hard reboot especially when your whole organisation is relying on it for connectivity.

Advertisement - Article continues below

One solution is to move your VPN services into the cloud, rather than keeping them inside a box with some LEDs on it. However, if you're only dealing with a dozen clients, this may be overkill. Businesses tend to assume it's the necessary next step when their low-cost router starts to struggle, when in fact stepping up to a slightly more capable local appliance could solve their problems more cost-effectively.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020