A Virtual Private Network, or VPN, creates a private network within a public network, creating an end-to-end encrypted tunnel between a server and a device. It is a way of protecting the data you send and receive via the internet from snooping and infiltration.
A business (enterprise) VPN allows employees to access a company’s servers – enabling them to read emails, access data or records, and run software licensed to your organization. A VPN allows this to happen remotely, whilst ensuring the connection is secure.
Without a VPN, if an employee logs into a work account whilst using a public Wi-Fi connection, your network security could be compromised. One of the main types of attack that a VPN helps to prevent is a man-in-the-middle attack. This is where a third party sits between your device and the server to intercept any communication. They can read any sensitive information and plant dangerous malware within your data. This malware could lock you out of your system (ransomware) or harvest data from your device (spyware). A VPN prevents this from happening. A VPN can protect your accounts by sending all traffic through an encrypted tunnel – this makes it impossible to see for anyone but the user who initiated the connection.
In this article we’ll consider why your business might benefit from using a VPN. But first, you need to know what types of VPN are best suited to enterprise use.
Types Of Enterprise VPN
There are two types of enterprise VPN: remote access VPN and site-to-site VPN. While both have the same end result – allowing users to access remote servers – they work in distinctly different ways.
Remote Access VPN
A remote access VPN allows users to connect their device with a specific server via a secure VPN tunnel. When connected to the work sever, they can access work materials, accounts, and data from their own device as though they were logging in via a desktop in the office. As this connection is directly between the server and the device, the user can be anywhere in the world, and still access their data securely.
In practice, the user’s device needs to have Client VPN software downloaded, and the main work server must have a Network Access Server (NAS) installed. A secure VPN tunnel can be made between the Client VPN and the NAS – it is through this encrypted tunnel that data can be transferred without the risk of interception. An NAS can be a dedicated server, or an application running on a shared server.
Remote servers are useful to organizations where users may be in a variety of locations when needing to access sensitive information and systems – this extends from remote or hybrid working, to international travel.
A site-to-site VPN creates a secure connection between networks. Rather than connecting to a specific device, a site-to-site VPN will connect a HQ server, to a secondary office or branch. While a user is in the office or branch, they can log-in to company accounts as if the servers were physically on site. Once a user leaves the building, the connection will drop, and they will not have access to work accounts.
This type of VPN requires more infrastructure to facilitate the VPN connection and is therefore more likely to be set up in an office environment than a remote work environment. The initial set up cost, continued maintenance, and troubleshooting should be factored in to using this type of VPN.
You can read more about how to choose a VPN app here.
Why Does Your Business Need A VPN?
VPNs allow users to access a secure server from a range of locations. In a business context, this is useful as it can facilitate home, hybrid, or multi-location working. Despite not being in the same physical location as their main server, users can connect to their accounts and access sensitive data, without opening any security vulnerabilities to the organization.
This allows employees to continue working whilst away from the head office, thereby increasing productivity and flexibility. It is still easy for admins to manage which users have access to the secure data, as users can access important data that is stored in the cloud, rather than needing to store it locally, via a VPN. This means that you can enforce login policies to ensure that compromised devices do not have access to sensitive data. Before a user can access company data, the device they are using will have to be authorized, or they will have to login to the network.
Data And Device Security
By creating an end-to-end encrypted tunnel between device and server, any content accessed through a VPN is private and virtually impossible to access by anyone without the correct decryption key. The highest level of encryption offered by enterprise VPNs is AES –256-bit (Advanced Encryption Standard). It would take a computer thousands of years to break this encryption as hackers would have to successfully work out a number 78 digits long to decrypt your information.
Not only does this secure tunnel protect your data from being accessed, but it also prevents a malicious actor hiding malware within your data and planting it on your devices. Users can be added or removed by admin accounts, thereby controlling who has access to your network, almost like controlling access to a physical building.
Admin can receive instant notifications regarding anomalies – if an account’s bandwidth consumption increases, it might suggest an account has been jeopardized. If a “bot” has been installed on a computer, its usage will outstrip a user’s expectations. Remediation action can be taken swiftly to ensure your accounts are safe.
Without a site-to-site VPN, organizations would have to create an expensive, physical network connection between their headquarters and other offices. Not only would there be an initial infrastructure cost, but an IT team would need to manage the hardware, troubleshoot, and continually upgrade the system to ensure that it is up to date and secure from cyberattacks.
By using a site-to-site VPN, some of these costs can be avoided. A site-to-site VPN will be managed by a provider, thereby reducing your workload, and keeping costs down through not requiring a dedicated IT team with VPN expertise.
If you use a remote access VPN, there will be the contract cost of using a client VPN and NAS, however the flexibility offered by a VPN will allow employees to work productively from other locations, thereby potentially cutting transport costs or office overheads.
The alternative would be to not use a VPN, thereby leaving your sensitive files unprotected while in transit. This could result in very serious penalties for your organization if sensitive data was lost, or your intellectual property undermined.
Features To Look For In A VPN Solution
It is virtually impossible to access the information being sent from device to server when using a VPN. This means it is a very secure method of communication. The problem, however, arises if a device becomes compromised, and there aren’t robust enough protocols to prevent a bad actor from logging in to the VPN. If a bad actor gains access to the VPN via a compromised device, the VPN can be used as a direct line to other devices within the network. For this reason, it is important to compliment a VPN with additional security measures like multi-factor authentication (MFA) to ensure one compromised device does not jeopardize anyone else.
As VPNs reroute your connection through multiple additional servers, the time taken for a request to be sent, and a response received, is longer than not using a VPN. Usually, you might not be aware of a VPN slowing your connection down. However, when you factor in the time for encryption and decryption, the latency can begin to build. NordVPN write that “slight drops of around 10-20% in speed are absolutely normal when using a VPN”. While this figure is still small, over the course of a day, it can significantly reduce your productivity. Not only does it give you less time to work, but end-users might find the delay frustrating.
Cloud –Based Deployment
As many organizations use the cloud to store their important documents, having a VPN connect remote workers to a physical office might not be beneficial. If your head office uses the cloud, then the remote worker needs to connect to the cloud, rather than the office.
Many cloud providers, such as Google Cloud and AWS, have a VPN set up as part of the package. This is variously called a “cloud VPN”, “hosted VPN” or “VPNaaS” (VPN-as-a-service). This type of VPN requires very little infrastructure from the end-user.
While using a VPN might be less costly than the penalties or disruption to business if your data was hacked, a VPN is not without cost. Setting up a NAS and continually updating it to ensure it can withstand cyberattacks is a cost factor that should be considered.
As an organization grows, the VPN will need to scale too. This will involve upgrading the NAS to cope with more users, and therefore more traffic. Each user will have to have the Client VPN installed on their devices – there is an economic and a time cost to this.
An enterprise VPN is an essential tool for an organization handling sensitive or important data from multiple locations. The type of VPN (remote access or site-to-site) depends on the way your organization works. VPN plans can be very adaptable and are designed to scale as your business grows.
When looking for a VPN, consider the level of encryption provided – is it AES 256-bit? How versatile is it? How many users or devices can use the VPN? Are users able to access it through their cell phone and tablet, or only through a desktop? What is the no-logs policy of the VPN provider?
To help you answer some of these questions and find the best VPN for your business, you can read our guide to the Top 10 Business VPNs here.