Enterprise VPNs: Everything You Need To Know (FAQs)
What Is A VPN?
A VPN (Virtual Private Network) creates a protected, secure network within a public network. This is achieved through masking users’ IP addresses (the unique number that identifies the device that they’re using).
When using a VPN server, data is sent through an encrypted tunnel, making it impossible for hackers, governments, or anyone else, to access that data. This means all sensitive company information is kept private.
How Does An Enterprise VPN Work?
An enterprise VPN is like a tunnel that takes information from your company’s network to the user’s device. External parties can’t read what data is passing through the tunnel, meaning that the user’s online activity—and your company’s data—is kept private.
When using a VPN, the user’s IP address is re-routed through multiple different VPN servers. This means that nobody—not even the internet service provider—can see what the user is doing but the user themselves and the site to which they’re connected.
As well as making it harder for users’ data to be identified, VPNs use high-level encryption to ensure that even if the data is accessed, it will be unintelligible to anyone without the means to decrypt it. The highest standard of encryption currently used by providers is AES 256-bit encryption.
What Are The Benefits Of Using An Enterprise VPN?
There are multiple business benefits to using a VPN:
- Secure remote connections: Enterprise VPNs allow users to access a secure server from a range of locations. This means they can facilitate home, hybrid, or multi-location working, allowing users to connect to their accounts and access sensitive data without opening any security vulnerabilities to your organization.
- Improve data and device security: By creating an end-to-end encrypted tunnel between a device and server, any content accessed through a business VPN is private and virtually impossible to access by anyone without the correct decryption key. Not only does this secure tunnel protect your company’s data from unauthorized access, but it also prevents a malicious actor from hiding malware within your data and planting it on users’ devices.
- Reduce costs: Without a site-to-site VPN, your organization would have to create an expensive, physical network connection between your headquarters and other offices. Not only would there be an initial infrastructure cost, but your IT team would need to manage the hardware, troubleshoot, and continually upgrade the system to ensure that it is up-to-date and secure from cyberattacks.
- Give users anonymity: VPNs allow users to access content without being identified, which is particularly useful for secure sectors or journalists who may be at risk if their identity—or sources—were revealed.
What Should You Be Aware Of When Using A VPN?
While there are numerous benefits to using a VPN, there are also some drawbacks to look out for:
- The user’s connection might be slightly slower than if they weren’t using a VPN
- You should check that your VPN has a no-logs policy, otherwise it could catalogue your users’ “anonymous” activities
- Some countries have banned VPNs
- Free VPNs can be insecure, or overwhelm your users with adverts; make sure you choose a VPN from a trusted provider, that’s specifically made for enterprise use cases
Remote Access Vs. Site-To-Site VPNs: What’s The Difference?
A remote access VPN enables a user to connect to a private network remotely. To achieve this, it creates an encrypted connection directly between the user’s device and the data center they’re accessing.
- The connection is only active when the user establishes it via a VPN client installed on their device
- The user can access all the resources on that network whenever they need to, without having to travel to the network location to connect to it
- Popular businesses that want to enable remote or hybrid employees to connect to the corporate network securely, from anywhere, or employees that are travelling and need to be able to access sites that are restricted in their destination country
- Best used for accessing data that is stored on company premises
- Can cause users to experience high levels of latency when connecting to SaaS or cloud applications
A site-to-site or router-to-router VPN creates a connection between two physical sites. The connection is established between routers; one router acts as the VPN client, and the other acts as the VPN server. When the connection between the two routers is authenticated, a permanent, secure VPN tunnel is established, creating one unified network between the separate locations.
- Commonly used among large enterprises to connect the networks of two or more separate office locations
- Effectively creates a single intranet across multiple sites so that all company devices can connect to the same network as though they were there locally
- Enables users across multiple offices to access shared resources
- Can’t be used to enable users to connect to the corporate network from home, as admins cannot inherently trust the security of their users’ home networks
What Are The Most Common VPN Protocols?
A VPN protocol determines how data travels through an established connection. Different protocols offer different features designed to meet specific use cases: some prioritize speed; others, security. Some VPN services offer a single protocol, while others offer organizations the option to choose which protocol they would like to use based on their business needs. It’s also possible to use two protocols at once; one to transfer data, and one to secure it.
- Internet Protocol Security (IPSec): IPSec secures data across an internet protocol (IP) network by enforcing session authentication and data encryption. The protocol runs in two modes: transport mode and tunnelling mode. The transport mode encrypts the data message itself, then the tunnelling mode encrypts the whole data packet. IPSec is a popular choice for site-to-site VPN setups, and can be used in conjunction with other VPN protocols for enhanced security.
- Layer2 Tunnelling Protocol (L2TP): L2TP creates a secure tunnel between two connection points. It offers high speed connections but doesn’t offer any encryption out-of-the-box, so it’s often used alongside other protocols, such as IPSec, to establish a more secure connection. Like IPSec, L2TP is a popular for site-to-site setups and, once combined with another protocol for security, it offers a fast, highly secure connection.
- Point-To-Point Tunnelling Protocol (PPTP): PPTP creates a tunnel with a PPTP cipher, encrypting data that travels within that tunnel. While PPTP is one of the oldest and most widely used VPN protocols, it wouldn’t take long to crack a PPTP cipher using brute force. This makes PPTP one of the least secure VPN protocols. However, what it lacks in security, PPTP makes up for in speed, making it popular amongst users that need quick access without strong encryption.
- TLS And SSL: TLS and SSL are the same standard that encrypt HTTPS web pages. They create a VPN connection where the web browser acts as the client, and user access is restricted to certain applications—rather than a whole network. Because most web browsers come with TLS and SSL integrated already, establishing TLS of SSL connections requires very little action from the end user, and doesn’t require any additional software to be installed. TLS and SSL are often used within remote access VPN setups.
- OpenVPN: OpenVPN is an open-source protocol based on TLS and SSL, but with added encryption layers. It comes in two versions: User Datagram Protocol (UDP), which carries out fewer data checks, so is faster; and Transmission Control Protocol (TCP), which carries out more checks to protect the integrity of the data being sent, so is slower. Because it’s an open-source technology, developers can access the underlying code of the OpenVPN protocol. This means it’s regularly checked for vulnerabilities. On top of that, OpenVPN uses AES 256-bit encryption with 2048-bit RSA authentication and a 160-bit SHA-1 hash algorithm. OpenVPN is highly secure and generally quite efficient, making it a popular protocol for both remote access and site-to-site setups.
- Secure Shell (SSH): SSH creates an encrypted tunnel through which data can be transferred from a local port onto a remote server. Because the data itself isn’t encrypted, SSH isn’t the most secure VPN protocol, but it does offer very fast connections. SSH is most often used within remote access setups, enabling users to access their workplace desktops via mobile devices off-site.
- Internet Key Exchange v2 (IKEv2): IKEv2 sets up a security association (SA) to negotiate the exchange of security keys used by the VPN client and server. Once it authenticates the SA, IKEv2 establishes a private tunnel for data transfer. IKEv2 is one of the quickest VPN protocols and is particularly strong at re-establishing a connection after a temporary outage and switching connections across different network types (e.g., from cellular to Wi-Fi). However, it doesn’t offer out-of-the-box encryption, so is often used in conjunction with IPSec for added security. Because of its support for mobile connections and a wide range of operating systems—including Windows, MacOS, Linux, Android, iOS, and routers—IKEv2 is commonly used within remote access VPN setups.
The Best Enterprise VPNs: Shortlist FAQs
Why should you trust this Shortlist?
This article was written by the Deputy Head of Content at Expert Insights, who has been covering cybersecurity, including privileged access management, for over 5 years. This article has been technically reviewed by our technical researcher, Laura Iannini, who has experience with a variety of cybersecurity platforms and conducts thorough product tests to ensure that Expert Insights’ reviews are definitive and insightful.
Research for this guide included:
- Conducting first-hand technical reviews and testing several dozen leading enterprise VPN and network access providers
- Interviewing executives in the VPN and ZTNA spaces, as well as the wider network access industry, for first-hand insight into the challenges and strengths of different solutions
- Researching and demoing enterprise VPN and ZTNA solutions in several categories over several years
- Speaking to several organizations of all sizes about their remote access challenges and the features that are most useful to them
- Reading third-party and customer reviews from multiple outlets, including paid industry reports
This guide is updated at least every 3 months to review the vendors included and ensure that the features listed are up to date.
Who is this Shortlist for?
Because of their ability to improve data, user, and device security, we recommend that all organizations with any number of remote or hybrid users implement an enterprise VPN. This list has therefore been written with a broad audience in mind.
How was the Shortlist picked?
When considering enterprise VPN solutions, we evaluated providers based on the following criterion:
Features: Based on conversations with vendors, end customers, and our own testing, we selected the following key features :
- Up-to-date mobile app: There are two parts to this: firstly, the VPN service needs to offer mobile support, not just client software for PCs, so that it can protect an entire device fleet. Secondly, the provider must regularly update their app so that users can be sure it’ll perform efficiently and effectively, regardless of when they installed it.
- Integrated kill switch: If a VPN service is overloaded, this can cause an IP leak, which causes the VPN connection to fail and exposes the user’s true IP address when they’re online. A VPN kill switch cuts off a device’s network access if this happens, stopping the transfer of any unencrypted data and preventing the user’s IP address from being leaked.
- Clear data logging policy: All VPNs log some user data in order to limit the number of devices connecting to the server and provide customer support. Users don’t need to know whether the VPN provider is logging end users’ data, but what data they’re logging. Usually, this just includes IP addresses and session times. However, some (usually free) VPN services also log the software the user uses, the websites they visit, and even the files they download.
- Multiple server locations: The VPN should offer multiple server locations.
- Support for multiple protocols: Most VPN apps give users a selection of protocols to choose from. The most common protocols are OpenVPN, PPTP, IPSec, SSTP, SSL, and SSH.
- Centralized management: Enterprise VPNs should offer a centralized management console from which admins can manage user accounts and control access permissions, set up and remove accounts, and see which devices employees are using to access the VPN.
Market perception: We reviewed each vendor included on the Shortlist to ensure they are reliable, trusted providers in the market. We reviewed their documentation, third-party analyst reports, and—where possible—we have interviewed executives directly.
Customer usage: We use market share as a metric when comparing vendors and aim to represent both high market share vendors and challenger brands with innovative capabilities. We have spoken to end customers and reviewed customer case studies, testimonials, and end user reviews.
Product heritage: Finally, we have looked at where a product has come from in the market, including when companies were founded, their leadership team, their mission statements, and their successes. We have also considered product updates and how regularly new features are added. We have ensured all vendors are credible leaders with a solution we would be happy to use ourselves.
Based on our experience in the remote access and broader cybersecurity market, we have also considered several other factors, such as the benefit of consolidating multiple features into a single platform, the quality of the admin interface, the customer support on offer, and other use cases.
This list is designed to be a selection of the best enterprise VPN providers. Many leading solutions have not been included in this list, with no criticism intended.