As the speed of individual broadband connections has increased exponentially and the related costs of those connections have dropped, many organisations are looking to move away from a comprehensive private networking strategy to a system relying significantly more on the connectivity of the public internet and the use of internet VPNs.
Whether this is about cost, less onerous restrictions on home-working or the occasionally challenging performance of enterprise networking solutions, there is a rising trend of organisations running smaller sites over internet VPNs and relying on commercially available public internet connections to keep their business or organisation up and running. For many years, the orthodoxy was clear – if you were running a large organisation across a number of sites, you needed a private network that connected all your users and linked them to the wider network.
Whether you were a private sector business or a public sector organisation, comprehensive use of private networks came with so many benefits that above a certain scale there was no alternative solution.
Explosion of flexible working
This orthodoxy was fundamentally altered by a number of factors, most prominently the rise of the homeworker – and the revolution in the speed and reliability of commercially available internet connections. Recent decades have seen a fundamental shift in the way in which we work.
With the increased reliability and speed of home networks, many organisations have seen (and actively encouraged) an explosion in flexible working. More and more, employees are logging in at home, at their local café, on trains and in airports. As a result, the jump from running a large VPN for homeworkers and expanding it to include small satellite offices – or even major offices – is not as significant as it once was.
Rightly, many organisations have undergone fundamental shifts in their networking strategy, leaning more and more on the power of the public Internet and less on a traditional private network solution.
What’s the worry?
The prosaic reality is, however, that there is always a trade off in these situations; and often the orthodoxy exists for a reason. No one can deny that the expansion of VPNs has enabled modern businesses to become more flexible and agile in the way that they operate – and that there are significant savings to be made; but the use of private networks come with key benefits that many organisations may not be factoring into their strategic networking planning. The most important can be simply expressed: the more separate connections your organisation has to the internet, the more expensive and complex it is to maintain a functional level of network security.
A large private network linked to the internet through a centralised internet gateway has a single attack surface which faces external aggressors. Run centrally, this connection can be constantly monitored and equipped with the latest technology to protect it, your organisation’s data and its users. Conversely, the more a network is exposed to the public internet, the more attack surface is visible to external attackers. Every connection to an internet VPN makes your network perimeter harder to monitor, harder to defend and much more subject to the human error of your organisation’s employees.
Every network relies on the good security behaviour of its users to an extent, no matter how carefully managed – but by running entire sites or business units over VPNs you are dramatically increasing the need for a co-ordinated and standardised security approach across the whole organisation.
Exponential growth of risk management
Managing this risk becomes exponentially more difficult with every different install on different computers across the network; every potential attack point requires constant updating of security software – and where legacy systems are in place this logistical challenge can quickly slip outside the capacity of a small-to-medium sized business. Keeping track of an organically grown mass of different connections, different equipment and different security measures could rapidly wipe out the financial and organisational benefits of switching over from an almost entirely private network in the first place.
Running your business locations across the public internet also gives you much less control over network performance and bandwidth, being exposed to and reducing your ability to react to changing network conditions. internet services – particularly consumer services – can vary significantly in their performance depending on the time of day and day of the week and may even be affected by sports, political or other events which result in heavy internet usage. Potential attacks from outside sources and any internal issues that could require careful oversight of network allocations may also be harder to control.
Domestic internet connections will not have fault resolution service levels that a business would typically require and an outage at a key location for your organisation won’t be fixed by a consumer ISP any faster than a non-key location, no matter how high a priority it is for your business – an issue you won’t face if you have a business grade supplier with a service level agreement and key performance indicators.
When might it work?
However, I’m not suggesting that internet VPN’s don’t have their uses; there are situations – such as remote satellite working sites with small numbers of employees and no pressing need for high bandwidth or performance – where a private network connection would not be required. For small sites, the cost-efficiencies, agility and flexibility provided by running everything across an internet VPN make it the obvious choice.
Any strategic decision about networking needs to take into account scale, accessibility, cost and a realistic assessment about how long a site will need to be operationally active. Another key criterion is the level of resilience and performance required at the site; a high performance site delivering business critical applications which requires constant access to data centres would normally have a resilient network connection, whereas a non-critical site that doesn’t need a massive amount of bandwidth is obviously much more content to run over an internet VPN.
Of all of these, we have found that the most impactful factor is how remote a site is; internet connectivity is often priced location independently, meaning that internet VPNs can be established with a predictable and relatively low cost regardless of the location of the site. This applies particularly to International connections, where the cost difference between local in-country internet services and international private data connectivity can be staggering.
If you do it, do it right
The reality is we will never achieve the platonic ideal of a lightning fast, perfectly reliable and totally secure network at bargain prices. The central issue is to ensure that you are having a frank and comprehensive discussion with the right people about all of the factors at play in the process.
You need to make sure you’re aware of the risks, performance, security and user requirements to ensure that the alternatives are considered and you can make the right choice for a given site and indeed for all your network connections. If a network is designed effectively, installed correctly and run professionally, risks can be kept to a minimum and sites can be protected no matter how they’re connected.
Every decision we make when we build networks is about a balance between the criteria presented; and it is always best to make sure you’re taking advice from the experts before stepping into the unknown.
Falk Bleyl, chief technology officer, Updata
- Check out our list for the best endpoint protection software
