I’m going to be honest, this blog started off somewhere totally different. But through research and discussions with our Chief Technology Officer, here’s where I landed: the future of VPNs.
Virtual Private Network or VPN technology isn’t anything new. Basically, it’s the technology that lets you make a secure and encrypted “tunnel” for a private network connection that’s carried over an insecure and unencrypted network (like the public internet.)
For the purpose of this article, when I say VPN, I mean a “client to network” VPN. For example, the type of VPN that relies on a piece of software on my laptop that lets me a make a secure connection to the corporate office from home or a coffee shop. This is important because public Wi-Fi is not always your friend! There are other types of VPNs (the “site-to-site” kind that are mostly the realm of IT engineers, for example) that we won’t talk about here.
So… here’s the question that we’re going to seek to answer:
Is VPN usage on the rise or is it heading out the door?
Our opinion is that most of these “client to network” cases are heading out the door. And before any VPN lovers get their pitchforks, hear us out…
The first thing to understand about traditional VPN solutions is that they’re really designed to connect one network to another, not to just allow some specific application to work. They do it securely so that they keep outsiders on the public internet from messing with your secure traffic, but they’re still usually connecting your remote computer into the corporate network in roughly the same way that plugging it in at the office would do.
That can be a huge feature of VPN solutions—the application you’re running doesn’t need to have any special support for “remote use” if the VPN just makes it look like your computer is running right on the company network. But that brings us right to the first problem with traditional VPN solutions:
They often give too much access to the company network. As an example, if an accountant in your company just needs to access QuickBooks from home, you’re a lot better off if you can give them a simple “remote desktop” connection giving them access to just QuickBooks rather than connecting their whole remote computer—which may be a personal home computer outside the control of your company’s antivirus and security policies!—to the office network. This is growing concern with the rise of things like ransomware forcing companies of all sizes to re-think how they let even trusted users connect to the network from off-site.
The second big point is that this type of client-to-network VPN software is also doing some pretty deep “network stuff” to create that type of complete network connection. Without getting too technical, what it has to do can be easily broken by things that are increasingly common these days: flaky or intentionally slowed-down hotel wifi, un-or poorly-managed internet connections that work ok for web browsing but can’t handle much else, or aggressively secured networks that only allow certain types of outbound connections.
Finally, because of the first two points, these types of traditional VPNs require a lot of maintenance and support from a qualified IT team to be useful and reliable. We provide a managed VPN solution for IT Freedom customers that really do need one, and it works great, but we know first hand about the amount of work that goes into maintaining such a thing.
Newer forms of remote access provide access to just the application (e.g., QuickBooks from our earlier discussion) and usually do this without many of the downsides above. A good example of this is something we use here at IT Freedom. Our client information portal—referred to internally as Gander—can be accessed remotely via a web browser and without any VPN software. But, it’s integrated with our security systems so that it’s always used over an encrypted connection and is strongly authenticated. This allows our employees to reach that internal and very secure service from outside of our network without establishing a full-blown VPN connection every time.
Our CTO has compiled a few suggestions of products and services that may let you extend resources to your employees outside the office without resorting to a full-blown VPN solution:
- Azure Application Proxy
- Barracuda SSL VPN & Remote Access
- Fortinet Next Generation Firewalls
- Cisco WebVPN
- Parallels Remote Application Server
- NoMachine Cloud Server
Confusingly enough, several of these suggestions contain “VPN” in their name. But that’s mostly an effort by the marketing folks to make people understand that they provide similar functions: they aren’t VPNs like we’ve been talking about here!
In summary, traditional client VPN solutions are starting to become obsolete for many companies. Back in the age when every piece of software was installed locally on your computer and exchanged data with a database server in your office, VPNs made a lot of sense. But they don’t make nearly as much sense today with ever-increasing security risks, more applications being web-browser-based, and more infrastructure moving to the cloud every year. This article isn’t intended to persuade you to immediately restructure your network if you’re currently using a client-to-network VPN and it’s working great. Rather, these are things to keep in mind as you plan out IT strategies going forward.
If this sounds like it’s a little convoluted, you’re right, but as a company focused on security we want to help you understand it. If you have questions let us know! And if you’re an established company struggling with your VPN or a new company rolling out your network for the first time and want to stay ahead of the game, give us a call!