Enterprise VPNs: Everything You Need To Know (FAQs)
What Is A VPN?
A VPN (Virtual Private Network) creates a protected, secure network within a public network. This is achieved through masking users’ IP addresses (the unique number that identifies the device that they’re using).
When using a VPN server, data is sent through an encrypted tunnel, making it impossible for hackers, governments, or anyone else, to access that data. This means all sensitive company information is kept private.
How Does A VPN Work?
A VPN is like a tunnel that takes information to the user’s device without being identified. This secure tunnel prevents external parties from reading what data is passing through the tunnel, meaning that the user’s online activity is kept private.
When using a VPN, the user’s IP address is re-routed through multiple different VPN servers. This means that nobody—not even the internet service provider—can see what the user is doing but the user themselves and the site to which they’re connected.
As well as making it harder for users’ data to be identified, VPNs use high level encryption to ensure that even if the data is accessed, it will be unintelligible to anyone without the means to decrypt it. The highest standard of encryption currently used by providers is AES 256-bit encryption.
What Are The Benefits Of Using A VPN?
There are multiple business benefits to using a VPN:
- Secure remote connections: VPNs allow users to access a secure server from a range of locations. This means they can facilitate home, hybrid, or multi-location working, allowing users to connect to their accounts and access sensitive data without opening any security vulnerabilities to the organization.
- Improve data and device security: By creating an end-to-end encrypted tunnel between device and server, any content accessed through a VPN is private and virtually impossible to access by anyone without the correct decryption key. Not only does this secure tunnel protect your company’s data from unauthorized access, but it also prevents a malicious actor hiding malware within your data and planting it on users’ devices.
- Reduce costs: Without a site-to-site VPN, organizations would have to create an expensive, physical network connection between their headquarters and other offices. Not only would there be an initial infrastructure cost, but an IT team would need to manage the hardware, troubleshoot, and continually upgrade the system to ensure that it is up to date and secure from cyberattacks.
- Give users anonymity: VPNs allow users to access content without being identified, which is particularly useful for secure sectors or journalists who may be at risk if their identity—or sources—were revealed.
What Should You Be Aware Of When Using A VPN?
While there are numerous benefits to using a VPN, there are also some drawbacks to look out for:
- The user’s connection might be slightly slower than if they weren’t using a VPN
- You should check that your VPN has a no-logs policy, otherwise it could catalogue your users’ “anonymous” activities
- Some countries have banned VPNs
- Free VPNs can be insecure, or overwhelm your users with adverts; make sure you choose a VPN from a trusted provider, that’s specifically made for enterprise use cases
What Key Features Should You Look For In A VPN App?
Here are the most important features you should look for when choosing an enterprise VPN:
- Up-to-date mobile app: There are two parts to this: firstly, the VPN service needs to offer mobile support, not just client software for PCs, so that it can protect your entire device fleet. Secondly, the provider must regularly update their app so that you can be sure it’ll perform efficiently and effectively, regardless of when you installed it.
- Integrated kill switch: If a VPN service is overloaded, this can cause an IP leak, which causes the VPN connection to fail and exposes the user’s true IP address when they’re online. A VPN kill switch cuts off a device’s network access if this happens, stopping the transfer of any unencrypted data and preventing the user’s IP address from being leaked.
- Clear data logging policy: All VPNs log some user data in order to limit the number of devices connecting to the server and provide customer support. You don’t need to know whether the VPN provider is logging your data, but what data they’re logging. Usually, this just includes IP addresses and session times. However, some (usually free) VPN services also log the software the user uses, the websites they visit, and even the files they download.
- Multiple server locations: Make sure your VPN has servers in all of the locations where your organization stores data that employees need to access, and where your employees will be accessing data from.
- Support for multiple protocols: Most VPN apps give you a selection of protocols to choose from, and it’s important that you find the one that best meets your organization’s needs. The most common protocols are OpenVPN, PPTP, IPSec, SSTP, SSL and SSH. Each of these has its own pros and cons in terms of their level of security and the speed with which they can connect a user to the internet.
- Centralized management: Look for a centralized management console from which you can manage user accounts and control access permissions, set up and remove accounts, and see which devices employees are using to access the VPN.
Remote Access Vs. Site-To-Site VPNs: What’s The Difference?
A remote access VPN enables a user to connect to a private network remotely. To achieve this, it creates an encrypted connection directly between the user’s device and the data center they’re accessing.
- The connection is only active when the user establishes it via a VPN client installed on their device
- The user can access all the resources on that network whenever they need to, without having to travel to the network location to connect to it
- Popular businesses that want to enable remote or hybrid employees to connect to the corporate network securely, from anywhere, or employees that are travelling and need to be able to access sites that are restricted in their destination country
- Best used for accessing data that is stored on company premises
- Can cause users to experience high levels of latency when connecting to SaaS or cloud applications
A site-to-site or router-to-router VPN creates a connection between two physical sites. The connection is established between routers; one router acts as the VPN client, and the other acts as the VPN server. When the connection between the two routers is authenticated, a permanent, secure VPN tunnel is established, creating one unified network between the separate locations.
- Commonly used among large enterprises to connect the networks of two or more separate office locations
- Effectively creates a single intranet across multiple sites so that all company devices can connect to the same network as though they were there locally
- Enables users across multiple offices to access shared resources
- Can’t be used to enable users to connect to the corporate network from home, as admins cannot inherently trust the security of their users’ home networks
What Are The Most Common VPN Protocols?
A VPN protocol determines how data travels through an established connection. Different protocols offer different features designed to meet specific use cases: some prioritize speed; others, security. Some VPN services offer a single protocol, while others offer organizations the option to choose which protocol they would like to use based on their business needs. It’s also possible to use two protocols at once; one to transfer data, and one to secure it.
- Internet Protocol Security (IPSec): IPSec secures data across an internet protocol (IP) network by enforcing session authentication and data encryption. The protocol runs in two modes: transport mode and tunnelling mode. The transport mode encrypts the data message itself, then the tunnelling mode encrypts the whole data packet. IPSec is a popular choice for site-to-site VPN setups, and can be used in conjunction with other VPN protocols for enhanced security.
- Layer2 Tunnelling Protocol (L2TP): L2TP creates a secure tunnel between two connection points. It offers high speed connections but doesn’t offer any encryption out-of-the-box, so it’s often used alongside other protocols, such as IPSec, to establish a more secure connection. Like IPSec, L2TP is a popular for site-to-site setups and, once combined with another protocol for security, it offers a fast, highly secure connection.
- Point-To-Point Tunnelling Protocol (PPTP): PPTP creates a tunnel with a PPTP cipher, encrypting data that travels within that tunnel. While PPTP is one of the oldest and most widely used VPN protocols, it wouldn’t take long to crack a PPTP cipher using brute force. This makes PPTP one of the least secure VPN protocols. However, what it lacks in security, PPTP makes up for in speed, making it popular amongst users that need quick access without strong encryption.
- TLS And SSL: TLS and SSL are the same standard that encrypt HTTPS web pages. They create a VPN connection where the web browser acts as the client, and user access is restricted to certain applications—rather than a whole network. Because most web browsers come with TLS and SSL integrated already, establishing TLS of SSL connections requires very little action from the end user, and doesn’t require any additional software to be installed. TLS and SSL are often used within remote access VPN setups.
- OpenVPN: OpenVPN is an open-source protocol based on TLS and SSL, but with added encryption layers. It comes in two versions: User Datagram Protocol (UDP), which carries out fewer data checks, so is faster; and Transmission Control Protocol (TCP), which carries out more checks to protect the integrity of the data being sent, so is slower. Because it’s an open-source technology, developers can access the underlying code of the OpenVPN protocol. This means it’s regularly checked for vulnerabilities. On top of that, OpenVPN uses AES 256-bit encryption with 2048-bit RSA authentication and a 160-bit SHA-1 hash algorithm. OpenVPN is highly secure and generally quite efficient, making it a popular protocol for both remote access and site-to-site setups.
- Secure Shell (SSH): SSH creates an encrypted tunnel through which data can be transferred from a local port onto a remote server. Because the data itself isn’t encrypted, SSH isn’t the most secure VPN protocol, but it does offer very fast connections. SSH is most often used within remote access setups, enabling users to access their workplace desktops via mobile devices off-site.
- Internet Key Exchange v2 (IKEv2): IKEv2 sets up a security association (SA) to negotiate the exchange of security keys used by the VPN client and server. Once it authenticates the SA, IKEv2 establishes a private tunnel for data transfer. IKEv2 is one of the quickest VPN protocols and is particularly strong at re-establishing a connection after a temporary outage and switching connections across different network types (e.g., from cellular to Wi-Fi). However, it doesn’t offer out-of-the-box encryption, so is often used in conjunction with IPSec for added security. Because of its support for mobile connections and a wide range of operating systems—including Windows, MacOS, Linux, Android, iOS, and routers—IKEv2 is commonly used within remote access VPN setups.