Virtual private networks (VPN): What businesses need to know

A virtual private network (VPN) brings additional security to anyone using a public network, such as the Internet. Using a variety of security methods, such as encryption, the VPN is able to safeguard any data transmitted across the network, which may be at risk if it simply used the underlying public network infrastructure. VPNs are often employed when it would not be practical to use a physical private network, usually due to financial reasons. As businesses embrace mobile working and face increasing pressure to protect sensitive information, many are employing virtual private networks to improve their network security.

Remote access or site-to-site

There are two main types of VPNs currently being used by organsiations: remote access and site-to-site. A remote access VPN uses the underlying public network to give users access to an organisation’s private network. In practice this would likely involve the user being greeted by a VPN gateway on their mobile or desktop device, which would then authenticate his or her identity. If validated successfully, the user then gains access to resources stored on the virtual network, which could include business applications and documents. Ultimately, this should enable employees to access their work network, including any local intranets, wherever they are.

Site-to-site VPNs may use some of the same software and equipment as a remote access VPN, but is usually employed for a slightly different purpose. Site-to-site virtual private networks generally connect entire networks based in one location to another network located somewhere else. This can prove extremely useful for businesses with multiple branches based in disparate locations, or organisations that wish to share resources securely with a partner or client business. Companies that employ a site-to-site VPN can benefit from enhanced collaboration without worrying about the security of their data.

VPN benefits

  • Security – The main reason why businesses choose to adopt virtual private networks. Having encrypted data, particularly if it is of a sensitive nature, is vitally important. Data breaches not only lead to compensation and regulatory fines, but can leave lasting reputational damage.
  • Mobility – VPNs give businesses the security to share their resources with employees and partners that are not based in the office at all times. This can provide a huge boost to productivity by ensuring that staff are not tethered to traditional office working times and locations. Organisations have also begun using VPNs to outsource their work, enabling them to lower internal staff costs.
  • Cost – Virtual private networks can prove much more affordable than a physical private network. Rather than having to lease long distance network connections to achieve a secure transfer of data, businesses use the existing public network to facilitate their VPN.

VPN disadvantages

Although VPNs are used by many businesses and individuals, there are some potential drawbacks that you should be aware of.

  • Complexity – Virtual private networks can be complicated to set up and configure. Businesses must ensure that the team in charge of setting up the VPN has a detailed knowledge of network security issues in order to ensure that the protection from the public network is suitably robust.
  • Control – The performance of a VPN hosted over the Internet is not entirely under the control of the business. They will need to rely on their Internet service provider in order to meet the agreed standards of performance.

Things to look for in an effective VPN

If businesses are looking to set up an effective virtual private network, there are a few aspects that they should keep in mind at all times. Firstly, businesses will need to decide which security protocol to go with. SSL/TLS, IPSec, PPTP, and L2TP are some of the most common VPN protocols, with SSL and IPSec proving most popular with corporate users. Although the protocol will not affect the end-user in any way, it will affect how secure your VPN is. Certain protocols are more complex to set-up, while others are straightforward, but not all VPNs provide data integrity. It is up to IT leaders to determine which security protocol is best suited for their organisation.

Scalability is another major factor to consider when setting up your VPN. Businesses need to factor in any potential growth that may occur in the foreseeable future. Their virtual private network should be able to handle not only the current levels of traffic, but any increases that may occur do to larger employee numbers or busy periods. Organisations will not want to replace their VPN technology altogether, so need to factor in scalability from the start.

Reliability is also vital, particularly across multiple devices. Mobile working is increasingly important in the workplace, so employees should receive a consistent experience from the VPN whether accessing it via a desktop PC, smartphone or tablet. It is also important to note that employees will soon grow frustrated, and therefore unproductive, if the virtual private network is slow, difficult to connect to, or unreliable.

If businesses decide to go with an external VPN service provider, it is important to consider where their servers are located. A third party vendor will be subject to their own national data governance laws, which may impact on the data that you send back and forth across the network. Although unlikely to be a major concern, businesses should consider where their VPN supplier is based before choosing a service.

To VPN or not to VPN?

Virtual private networks do not offer failsafe security, but in the light of recent high-profile breaches, many businesses will feel that any additional step that can be taken to secure their data is likely to be worthwhile. Although VPN configuration is not always easy, if it does help to prevent future data loss it will surely prove a valuable investment.

Image Credit: Shutterstock/Ollyy