How the Coronavirus Lockdown Is Changing the VPN Landscape
The coronavirus crisis has wrought many changes, not the least of which are happening in the world of business. With much of the world under shelter in place quarantines, the number of people working from home has exploded—and with it the use of enterprise virtual private networks (VPNs).
VPNs are considered the most secure method of enabling employees to connect with digital company resources when they are out of the office. VPNs allow companies to establish a secure tunnel to the corporate network, which makes company servers and assets available to employees without exposing them to the public.
VPNs, of course, have been around for a long time, but it seems that many companies are just now beginning to understand the issues involved in managing and running them. Experts believe that one lasting result of the coronavirus pandemic will be a long-term shift to increased remote working, even after the quarantines are lifted—and that will have a major impact on corporate VPNs. Here are some ways they will be affected.
Best Management Practices for VPN Split Tunneling
VPNs are built to encrypt network traffic on a device and channel it through an intermediate server or cluster of servers. Employees who connect to a corporate VPN will get access to the select assets and resources in the company’s internal network. That hasn’t changed, but what has is the volume of connections using the VPN.
One thing companies are learning is that what works for a few third-party contractors and freelancers does not very easily—or very successfully—scale up to enable everyone in the company to access company resources via the VPN. In many organizations, the increased traffic is resulting in downtimes, network lags and a deterioration of the quality of service.
Many firms already had a corporate VPN that allowed third-party contractors and freelancers to gain access to company resources. What they weren’t ready for is the deluge of traffic they are facing, as the bulk of their workforce is working from remote locations. In many cases, the VPN infrastructure does not have the capacity to serve the number of employees who now need to connect to their workplaces remotely.
There are a couple of ways around this. Companies with the in-house technical expertise and resources, or the financial means to hire talent from outside, might consider scaling their VPN infrastructure. This could include expanding their server clusters, applying network load balancing and adding data centers to serve employees in different areas.
Another approach is to engage in “split tunneling,” wherein the client’s network traffic is divided into VPN and non-VPN traffic. With split tunneling, companies are able to reduce the load on their network by only channeling the traffic that is destined for their internal network through their VPN servers. All other traffic will go through the client’s normal internet connection.
Systems Security Using the Zero-trust Model
Split tunneling indeed reduces the load on VPN servers, but if remote employees are heavy users of applications on company servers, split tunneling will not significantly improve the stability and availability of an organization’s VPN infrastructure. Instead, companies can transition some of their functionalities toward software-as-a-service (SaaS) models, enabling employees to have access to many of their work assets without the need for a VPN connection.
VPN-based systems are centered on giving access to specific network gateways. If someone is connecting through the corporate VPN, they are considered a trusted source and will be given access to company resources. SaaS models, on the other hand, are also known as “zero-trust” systems—everyone must log in and prove their identity before accessing applications.
For example, companies can use Microsoft Azure Active Directory and Office 365 for SaaS-based work document sharing and management. As many organizations already use MS Office internally, Azure and Office 365 can quickly become a replacement for on-premises document management systems. And they also provide the flexible and reliable security you would expect from a corporate-level document management system. Already, many companies are using Office 365 coupled with Microsoft Teams online SaaS tools as their main tool for messaging, voice calls and video conference/screen sharing sessions among remote employees.
This shift to SaaS is enabled by the adoption of facilitating technologies and practices such as single sign-on (SSO) to streamline authentication and access management. Multi-factor authentication (MFA) enables companies to decentralize their security frameworks while ensuring business continuity and avoiding cybersecurity risks. As they slowly transition toward the SaaS-based, zero-trust model, organizations can maintain their VPN infrastructure for resources that absolutely need to stay on the internal network. VPN dependency will gradually subside, and many employees will be able to perform their work exclusively on SaaS applications without the need for VPN connections—and thus solving the VPN logjam.
Importance of Authentication Technology for Remote Working
Organizations that opt for a full-SaaS approach (as well as scaled VPNs and hybrid SaaS systems) will find that identity management and authentication play a pivotal role in the security of their remote workforce.
As work environments transform to adapt to the pandemic era, organizations need to make sure that changes to their infrastructure do not cause security holes and deficiencies that malicious actors can exploit. The key to success will hinge on providing secure, reliable and seamless authentication to employees.
The right authentication technology will include a few key factors. The first is flexibility, which is crucial as authentication needs to be able to accommodate businesses that today combine and move between applications both on-premises and in the cloud. To do that, authentication systems need to provide a uniform interface that can integrate with directory services and LDAP and comply with security standards such as OAuth and SAML, among others.
The next crucial aspect is security as the point of authentication security protocols, of course, is to protect the organization from hackers who use their array of tools to steal authentication information. The systems need to protect employees from the basic and advanced techniques used by hackers, such as phishing attacks, keylogger malware, man-in-the-middle attacks, credential stuffing and more. One of the more effective ways of providing this protection, according to security experts, is with MFA.
The last (but certainly not the least) priority of authentication technology is usability. Not all users appreciate the added friction of MFA, so authentication technology should provide optimal security with the best user experience. A solution worth considering is a passwordless authentication mechanism that provides employees with built-in MFA capabilities. Passwordless authentication ensures that users can securely log in to various work accounts in a pleasant, fast and error-free way.
Security is always a priority, of course, but now that employees are working outside the office, it takes on an even greater role. No longer protected by the in-office security infrastructure, employees working from home need all the security help they can get, with a minimal impact on IT teams. Implementing an easy and secure system to help employees navigate the new remote working reality will not only help the organization stay secure but also provide employees with a network that is more reliable.
