Why VPNs are so important to hybrid businesses

By David Ballard, director at Performance Networks

A basic search online will tell you that in the UK there are slightly more than 4,400,000 registered businesses in the UK. A large proportion of that figure relies on WiFi, on being able to conduct business online, whether that be as simple as managing their finances and orders or the majority of its operation being driven by technology. Many companies across the nation have adopted a hybrid approach to work. Some have even pivoted to being fully remote.

However, within that lies a threat.

In 2022, data tells us that a staggering 81% of those companies were subject to at least one cyber attack – up 10% from the previous annual findings. That’s over 3,500,000 businesses. And yet despite so many businesses switching to remote work, similar insights also indicate that only 32% of UK businesses have a VPN for remote staff.

At a time when it is of critical – sound the alarm – importance to ensure we’re protected online, many companies do not have a firm understanding of why a VPN is required or how to best set them up.

In this article, we will break down those barriers and outline what a VPN is, what its benefits are, and why they should be considered, but also look at an alternative that is becoming increasingly popular within the cybersecurity market.

First of all, what is a VPN?

SME Publications/ SME XPO 2024

As a business owner or decision maker trying to navigate the continually evolving cybersecurity landscape, it’s important to be aware of all available tools that can protect your organisation. One such technology is a virtual private network (VPN), which provides an added layer of security when accessing the internet from anywhere in the world.

In today’s digital age, remote work has become increasingly popular. ONS data found that just over a quarter of UK workers were hybrid, splitting their working week between the office and home, while a survey showed that these employees work, on average, two days from home.

However, with the convenience of remote work, there are also potential security risks that need to be mitigated.

This is where a virtual private network (VPN) comes in. VPN is a technology that creates a secure and encrypted connection over the internet, allowing remote users to securely access their company’s network and data from anywhere in the world.

With encryption, VPNs ensure that sensitive information remains confidential and protected from cyber attackers. VPN is, therefore, an essential tool for remote users who need a secure connection to access company resources from outside the office, including from the home, airports, cafes, and co-working spaces – places that are notorious for hackers to target.

VPNs come in all shapes and sizes to cater to different set-ups

There isn’t a one-size-fits-all solution to VPNs. Nor are VPN solutions categorised by the size of an organisation. In this instance, we have to consider the set-up of a company and, importantly, what it is trying to protect. There are various types of VPNs available, including:

Remote access – allows employees to connect to a company’s network from outside the office

  • Site-to-site – connects an entire network together
  • Client-to-site – allow individual devices to connect to a company network securely

By understanding the different types of VPNs, you can choose the one that best fits your needs and enjoy a safer and more private Internet experience. With the big transition we’ve seen to remote working, there has also been a big shift toward client-to-site solutions.

Two common options for securing remote connections are SSL (Secure Sockets Layer) and IPsec (Internet Protocol Security). SSL – the HTTPS sites you visit daily use SSL/TLS – uses encryption to protect data being transmitted between devices. IPsec, on the other hand, creates a secure tunnel between devices, ensuring that all data passing through is encrypted.

Depending on the needs of the company and its employees, either of these options may provide the necessary security for remote connections. It’s important to consider factors such as ease of use, compatibility with devices, and the level of security required when choosing a client VPN solution.

SSL or IPsec? Which one is right for your business?

Let’s start with SSL. One of its greatest advantages is the fact that they do not require any additional software on the computer. This means that users can seamlessly connect to the VPN without having to worry about downloading and installing client software.

With an SSL VPN, corporations and individuals can securely access their data and applications over a public network. All they need is a web browser and an internet connection to connect and be safe.

But while it may offer secure access to a network, it is important to acknowledge its limitations. One of the primary concerns is that SSL VPN uses web browsers to establish connections, meaning that it may have issues with older browsers or those that are not configured properly.

Additionally, SSL VPN may have bandwidth limitations that can affect the speed and quality of the connection. Another potential limitation is related to the support of legacy applications, which may not work correctly with SSL VPNs.

Moreover, SSL VPN may not provide the same level of security as other types of VPNs, such as IPsec. Therefore, it is important to carefully evaluate the limitations of SSL VPN and their potential impact on network connectivity and security before implementing it.

PROS: Easier to set up and a cost-effective solution. They can usually be used anywhere in the world.

CONS: Issues with browser compatibility and legacy applications.

On the flip side, an IPsec VPN provides a secure channel for transmitting and receiving data packets over a public network such as the Internet.

Through the use of IPsec, data is protected from interception and unauthorised access, ensuring that the communication remains private and secure. This technology is widely used by businesses and organisations to connect remote offices and employees, allowing them to share resources and access sensitive information securely.

They are highly reliable and offer robust protection against cyber threats such as hacking and data breaches, making them an essential tool in today’s landscape.

But just like SSL, IPsec does come with its own limitations. One such is the complexity of the setup process, which can make it challenging for non-technical users to configure and operate.

Additionally, IPsec VPN requires dedicated hardware, making it a costly option for small businesses or individuals. Another factor to consider is the impact on network performance as the encryption and decryption of data can slow down connection speeds.

While these limitations may not discourage most businesses from using IPsec VPN, it’s important to be mindful of these factors before implementing them as a solution.

PROS: IPsec is generally regarded as being more secure* and works with pretty much all applications.

*When using the latest algorithms & recommend encryption key lengths

CONS: It can be more expensive and harder to set up. It also requires an app on the client’s device and could be blocked in some countries.

The more security layers a business can have, the better

If you don’t have a VPN, there has got to be a clear structure in place for how certain parts of the business – particularly sensitive information locations – are accessed and what layers of security are in place to protect them.

That’s a big question that needs answering. VPNs encrypt traffic and stop a bad actor potentially eavesdropping on them in areas you do not want them to.

The big issue with the shift to remote working is that it has enabled these bad actors – even those you’d consider being amateur – to position themselves outside of a target’s house, like an MD or COO for example, and tunnel their way into the system through their remote access. The switch to remote working – for all of its positives – has presented a whole new set of ways for bad actors to skin a cat.

In short, the more security layers a business can have, the better.

There needs to be a mixture of endpoint protection, VPN, and various authentications to give you the best chance of protecting yourself against this rising threat. Only by having that will you mitigate 99% of attacks if your business does become a target of bad actors.

So, whether your data is sat behind an office, within a private data centre or even a Cloud data centre, we would always recommend using a VPN for access and making sure you use MFA (Multifactor Authentication) when using it. This should cut out access if your device is compromised by a bad actor.

Another reason to use VPNs would be when accessing multiple systems or organisations. Setting up VPNs for each would prove impractical and potentially impossible. Most VPN clients don’t work well with others.

So, with that, you could set up all your remote workers to VPN to your Cloud Firewall/VPN Endpoint. Then all IP traffic appears to come from this firewall’s IP Address(IP). You can then use this IP in MFA.

If traffic does not come from this IP then they don’t have access. If they do, then authentication starts. Then also use 2FA at this point to authenticate users. This massively improves security and isn’t hard or expensive to set up.

Doing this in the Cloud gives you generally more flexibility. There are also no IP issues if you move or upgrade your office internet connection, easier to upgrade bandwidth or resources in the Cloud also at the drop of a hat as most will choose a virtual machine (VM) as their endpoint.

Another option organisations can deploy is SASE (Secure Access Service Edge)

The world of enterprise security is constantly evolving, and one technology that is becoming increasingly popular is SASE. SASE is a cloud-based security framework that combines a range of services including VPN, firewall, and zero-trust network access into a single package. The benefits of SASE for enterprises are vast and varied, from enhanced security and user experience to simplified management and reduced costs.

By consolidating security services into a single platform, SASE streamlines enterprise security operations, giving IT teams greater visibility and control over their networks. Moreover, with cloud-based infrastructure, SASE enables businesses to scale their security needs more easily and cost-effectively.

As businesses increasingly rely on the cloud and remote work, SASE is emerging as a crucial tool for modern enterprise security. To implement an effective SASE solution, you’ll need to consider factors such as your organisation’s specific security needs, network architecture, and budget.

Fortunately, working with a knowledgeable SASE provider can help simplify the implementation process, minimise risks, and ensure that your organisation is well-protected against evolving cyber threats.

No one’s security is invulnerable. But don’t be the easy house on the street to rob.

SME Publications/ SME XPO 2024