Enterprise VPNs: Everything You Need To Know (FAQs)
What Is A VPN?
A VPN (Virtual Private Network) is a cybersecurity tool used to create a protected, secure network, within a public network. This is achieved through masking your IP address (the unique number that identifies the device that you are using). VPNs are of value to a business that needs to handle sensitive data and manage staff access from multiple locations.
Your devices are most vulnerable to attack when you log-in to an unsecured public Wi-Fi network. Hackers can position themselves between your device, and the ISP (Internet Service Provider), which allows them to see all the information you are requesting, and the sites you are visiting. Not only can hackers see what you are doing, they can plant malicious software onto your system to monitor your activity, and even steal data. This is known as a man-in-the-middle attack.
Although these threats are serious, they are relatively easy to combat. By using a VPN server, your data is sent through an encrypted tunnel, making it impossible for hackers, governments, or anyone else, to access that data. This means you can ensure all sensitive company information is kept private.
How Does A VPN Work?
A VPN is much like a tunnel that takes information to your device without being identified. This secure tunnel prevents external parties from reading what data is passing through the tunnel, meaning that your activity is kept private.
When you use a VPN, your ISP will be unable to identify who is accessing the data, as your IP address has been re-routed through multiple different VPN servers. This is significant because it means that the ISP (companies like AT&T and Comcast) is unable to view your activity. VPNs can mitigate the risk of man-in-the-middle attacks by preventing anyone accessing your data as it passes from the ISP to your device. Not only does this keep your data safe, but it also prevents hackers from disguising harmful software and planting malware onto your device.
As well as making it harder for your data to be identified, VPNs use high level encryption to ensure that even if the data is accessed, it will be unintelligible to anyone without the means to decrypt it. The highest standard of encryption currently used by providers is AES 256-bit encryption (Advanced Encryption Standard). This level of encryption is the gold standard as there are 2^256 possible combinations. Hackers would have to successfully work out a number 78 digits long, to hack into your server. It is simply not feasible for a computer to go through all these combinations as it would take billions of years to find the right sequence. On top of this, AES 256-bit encryption uses 14 rounds of encryption, making it the most secure type of AES encryption.
What Are The Benefits Of Using A VPN?
- Allows you to access content without being identified. This is particularly useful for secure sectors, or journalists who may be at risk if their identity, or sources, were revealed.
- Disguises your location. As VPNs mask where your real location is, you can gain access to content that is geographically restricted.
- Prevents malicious actors from imbedding malware into your internet traffic – this is particularly useful if you need to log into public Wi-Fi networks
What Should You Be Aware Of When Using A VPN?
- Your connection might be slightly slower than if you weren’t using a VPN
- You should check that your VPN has a no-logs policy, otherwise it could catalogue your “anonymous” activities
- Some countries have banned VPNs
- Free VPNs can be insecure, or overwhelm you with adverts
Why Does Your Business Need A VPN?
Remote Working
VPNs allow users to access a secure server from a range of locations. In a business context, this is useful as it can facilitate home, hybrid, or multi-location working. Despite not being in the same physical location as their main server, users can connect to their accounts and access sensitive data, without opening any security vulnerabilities to the organization.
This allows employees to continue working whilst away from the head office, thereby increasing productivity and flexibility. It is still easy for admins to manage which users have access to the secure data, as users can access important data that is stored in the cloud, rather than needing to store it locally, via a VPN. This means that you can enforce login policies to ensure that compromised devices do not have access to sensitive data. Before a user can access company data, the device they are using will have to be authorized, or they will have to login to the network.
Data And Device Security
By creating an end-to-end encrypted tunnel between device and server, any content accessed through a VPN is private and virtually impossible to access by anyone without the correct decryption key. The highest level of encryption offered by enterprise VPNs is AES –256-bit (Advanced Encryption Standard). It would take a computer thousands of years to break this encryption as hackers would have to successfully work out a number 78 digits long to decrypt your information.
Not only does this secure tunnel protect your data from being accessed, but it also prevents a malicious actor hiding malware within your data and planting it on your devices. Users can be added or removed by admin accounts, thereby controlling who has access to your network, almost like controlling access to a physical building.
Admin can receive instant notifications regarding anomalies – if an account’s bandwidth consumption increases, it might suggest an account has been jeopardized. If a “bot” has been installed on a computer, its usage will outstrip a user’s expectations. Remediation action can be taken swiftly to ensure your accounts are safe.
Costs
Without a site-to-site VPN, organizations would have to create an expensive, physical network connection between their headquarters and other offices. Not only would there be an initial infrastructure cost, but an IT team would need to manage the hardware, troubleshoot, and continually upgrade the system to ensure that it is up to date and secure from cyberattacks.
By using a site-to-site VPN, some of these costs can be avoided. A site-to-site VPN will be managed by a provider, thereby reducing your workload, and keeping costs down through not requiring a dedicated IT team with VPN expertise.
If you use a remote access VPN, there will be the contract cost of using a client VPN and NAS, however the flexibility offered by a VPN will allow employees to work productively from other locations, thereby potentially cutting transport costs or office overheads.
The alternative would be to not use a VPN, thereby leaving your sensitive files unprotected while in transit. This could result in very serious penalties for your organization if sensitive data was lost, or your intellectual property undermined.
What Key Features Should You Look For In A VPN App?
1. Up-To-Date Mobile App
There are two parts to this: firstly, the VPN service needs to offer mobile support, not just client software for PCs, so that it can protect your entire device fleet. Secondly, it’s important that the provider keeps their app up-to-date with any operating system updates, so that you can be sure it’ll perform efficiently and effectively regardless of when you installed it.
If a VPN provider doesn’t openly advertise on their website how often they update their app, you can easily check on the app store when it was last updated.
2. Integrated Kill Switch
No cybersecurity solution is 100% secure, which is why we always recommend that you use implement multiple layers of protection across your systems. Even the best VPN apps are no exception to this – if a VPN service is overloaded, this can cause an IP leak, which causes the VPN connection to fail and exposes the user’s true IP address when they’re online.
A VPN kill switch cuts off a device’s network access if this happens, stopping the transfer of any unencrypted data and preventing the user’s IP address from being leaked.
3. Clear Data Logging Policy
Let’s get one thing straight: all VPNs log some user data in order to be able to limit the number of devices connecting to the server and provide customer support. So the important thing here is not whether the VPN provider is logging your data, but what data they’re logging. Usually, this just includes IP addresses and session times. However, some (usually free) VPN services also log the software the user uses, the websites they visit, and even the files they download.
When you’re trying to find the best VPN app for your business, make sure that you read their data logging policy to find out exactly what information it’ll store, and to ensure that they’re being transparent about it—you don’t really want to invest in a solution that’s knowingly trying to deceive you.
4. Multiple Server Locations
When a VPN connects a user’s device to the VPN server, the user’s device adopts the IP address of that web server, which can make it seem as though the user is in a different geographic location to where they actually are. It’s important that your VPN app has servers in all of the locations where your organization stores data that employees need to access, and where your employees will be accessing data from. This will help to keep the connection at an efficient speed. On top of that, the more servers the VPN service has, the less likely they are to become overloaded and slow down the connection.
5. Support For Multiple Protocols
A VPN protocol is a set of rules that establish the connection between the VPN client (the software installed on the user’s device) and the VPN server. There are a lot of different VPN protocols out there, but the most common among them are OpenVPN, PPTP, IPSec, SSTP, SSL and SSH. Each of these has its own pros and cons, usually in terms of their level of security and the speed with which they can connect a user to the internet.
Most VPN apps give you a selection of protocols to choose from, and it’s important that you find the one that best meets your organization’s needs. OpenVPN, for example, runs on open source software and is one of the most secure protocols currently in use; since it isn’t owned by any one company, programming experts all around the world can freely test, improve and verify it.
6. Centralized Management
When it comes to rolling out a VPN app across your organization, it’s really important that the solution you choose features a centralized management console from which you can manage user accounts and control access permissions. The best VPN apps even include role-based access or “gateway” management, which means that users can only access the parts of the network that they need to be able to do their job.
From the console, IT admins should be able to set up and remove accounts, as well as see which devices employees are using to access the VPN.
Finally, some VPN apps include IP whitelisting capabilities, which allow admins to whitelist their organization’s IP addresses exclusively to make sure that only users with verified IPs can access corporate resources. This means that the organization has more granular control over who can access the network, and from which devices.
What Are The Two Types Of VPN?
There are two main types of VPN setup: remote access VPNs, and site-to-site VPNs.
Remote Access VPN
A remote access VPN enables a user to connect to a private network remotely. This is achieved by creating an encrypted connection directly between the user’s device and the data center they’re accessing. Remote access VPNs don’t create a permanent connection—the connection is only active when the user establishes it via a VPN client installed on their device. This means the user can access all the resources on that network whenever they need to, without having to travel to the network location to connect to it.
Because of this, remote access VPNs are popular amongst home users, but also businesses that want to enable remote or hybrid employees to connect to the corporate network securely, from anywhere. They can also be used to bypass geographical restrictions on internet access, making them useful for employees that are travelling and need to be able to access sites that might be restricted in their destination country.
However, remote access VPNs can cause users to experience high levels of latency in their connection, particularly when their company is storing data in Software-as-a-Service (SaaS) or cloud applications. Data in these apps is usually stored off-site, which means that the connection must be routed from the user’s device to the central VPN hub, then to the data center, and back. So, a remote access VPN is best used for accessing data that is stored on company premises.
Site-To-Site / Router-To-Router VPN
A site-to-site VPN, also known as a router-to-router VPN, creates a connection between two physical sites. The connection is established between routers; one router acts as the VPN client, and the other acts as the VPN server. When the connection between the two routers is authenticated, a permanent, secure VPN tunnel is established, creating one unified network between the separate locations.
Site-to-site VPNs are commonly used among large enterprises to connect the networks of two or more separate office locations. If a business is connecting several of its own offices via a site-to-site VPN, they use an intranet-based VPN. If a business is using a site-to-site VPN to connect to the office of another business—such as one of their suppliers—they use an extranet-based VPN.
A site-to-site VPN is an excellent way of creating a single intranet across multiple sites so that all company devices can connect to the same network as though they were there locally. This enables users across multiple offices to access shared resources. However, this type of VPN can’t be used to enable users to connect to the corporate network from home, as admins cannot inherently trust the security of their users’ home networks.
The Most Common VPN Protocols
Once you’ve decided what type of VPN setup you need—remote access or site-to-site—you need to choose what tunnelling protocol your VPN should use.
A VPN protocol determines how data travels through an established connection. Different protocols offer different features designed to meet specific use cases: some prioritize speed; others, security. Some VPN services offer a single protocol, while others offer organizations the option to choose which protocol they would like to use, based on their business needs. It’s also possible to use two protocols at once; one to transfer data, and one to secure it.
When choosing a protocol (or protocols), you need to consider how much traffic you’re expecting to route through the VPN, what data you want to make available via the VPN, and to which users. You also need to think about your risk profile, i.e., how likely it is that an unauthorized party will try to access your company’s data, and how important it is that the VPN secure your users’ connections via encryption and other methods. Having this information to hand will make it much easier to choose the right protocol for your business.
– Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec) is a VPN protocol used to secure data across an internet protocol (IP) network. To do this, IPSec enforces session authentication and data encryption. The protocol runs in two modes: transport mode and tunnelling mode. The transport mode encrypts the data message itself, then the tunnelling mode encrypts the whole data packet.
IPSec is a popular choice for site-to-site VPN setups, and can be used in conjunction with other VPN protocols for enhanced security.
– Layer2 Tunnelling Protocol (L2TP)
Layer 2 Tunnelling Protocol (L2TP) is an VPN protocol that creates a secure tunnel between two connection points. L2TP offers high speed connections, but doesn’t offer any encryption out-of-the-box, so it’s often used alongside other protocols, such as IPSec, to establish a more secure connection.
Like IPSec, L2TP is a popular for site-to-site setups and, once combined with another protocol for security, it offers a fast, highly secure connection.
– Point-To-Point Tunnelling Protocol (PPTP)
Point-to-point tunnelling protocol (PPTP) is a VPN protocol that creates a tunnel with a PPTP cipher, encrypting data that travels within that tunnel.
PPTP is one of the oldest VPN protocols, and one of the most widely used. It was developed by Microsoft in the 90s and integrated into Windows 95 and was designed specifically for creating and securing dial-up connections. It has since expanded to be compatible with MacOS and Linux devices. However, since PPTP’s creation, technology has become more advanced—with the right computer, it wouldn’t take long to crack a PPTP cipher using brute force. This makes PPTP one of the least secure VPN protocols.
However, what it lacks in security, PPTP makes up for in speed, making it popular amongst users that need quick access without strong encryption.
– TLS And SSL
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are the same standard that encrypt HTTPS web pages—secure sites that have “https” at the start of the URL. They create a VPN connection where the web browser acts as the client, and user access is restricted to certain applications—rather than a whole network. Because most web browsers come with TLS and SSL integrated already, establishing TLS of SSL connections requires very little action from the end user, and doesn’t require any additional software to be installed.
TLS and SSL are often used within remote access VPN setups.
– OpenVPN
OpenVPN is an open-source VPN protocol based on TLS and SSL, but with added encryption layers for heightened security. It comes in two versions: User Datagram Protocol (UDP), which carries out fewer data checks, so is faster; and Transmission Control Protocol (TCP), which carries out more checks to protect the integrity of the data being sent, so is slower.
Because it’s an open-source technology, developers can access the underlying code of the OpenVPN protocol. This means it’s regularly checked for vulnerabilities. On top of that, OpenVPN uses AES 256-bit encryption—one of the most secure encryption methods—with 2048-bit RSA authentication and a 160-bit SHA-1 hash algorithm. This makes it one of the most secure VPN protocols, though these high levels of security can sometimes cause latency in the connection.
OpenVPN is highly secure and generally quite efficient, making it a popular type of VPN protocol for both remote access and site-to-site setups.
– Secure Shell (SSH)
Secure Shell (SSH) is a VPN protocol that creates an encrypted tunnel through which data can be transferred from a local port onto a remote server. Because the data itself isn’t encrypted, SSH isn’t the most secure VPN protocol, but it does offer very fast connections.
SSH is most often used within remote access setups, enabling users to access their workplace desktops via mobile devices off-site.
– Internet Key Exchange v2 (IKEv2)
Developed by Microsoft and Cisco, Internet Key Exchange version 2 (IKEv2) is a VPN protocol that sets up a security association (SA) to negotiate the exchange of security keys used by the VPN client and server. Once it authenticates the SA, IKEv2 establishes a private tunnel for data transfer.
IKEv2 is one of the quickest VPN protocols and is particularly strong at re-establishing a connection after a temporary outage, and switching connections across different network types (e.g., from cellular to Wi-Fi). However, like L2TP, it doesn’t offer out-of-the-box encryption, so is often used in conjunction with IPSec for added security.
Because of its support for mobile connections and a wide range of operating systems—including Windows, MacOS, Linux, Android, iOS, and routers—IKEv2 is commonly used within remote access VPN setups.