How the growth of VPN usage is likely to affect network security

Date: 08 August 2017 Author: David Webb

Public concerns about security are leading to an explosion in Virtual Private Network (VPN) usage which allows individuals and organisations to change their online geolocation and browse the web through a secure connection. With as many as one in four people using VPNs (with this number set to climb), clearly VPNs are here to stay, but there are some potential pitfalls you should be aware of.

VPN usage at a glance

  • VPNs are most often used by corporates to secure sensitive data. But they are increasingly being used to add security and privacy to private and public networks, like WiFi hotspots and the internet, and to allow users to browse the internet anonymously and access entertainment content like Netflix.
  • VPN Unlimited reports a 32 percent spike in downloads from the U.S. since the presidential election in November. The encrypted communication application, Signal, experienced a 400 percent growth after Trump’s election.
  • Types of VPN include: Remote Access VPN, Site–to–Site VPN, Internet Protocol Security or IPSec, Layer 2 Tunneling Protocol (L2TP), Point–to–Point Tunneling Protocol (PPTP), Secure Sockets Layer (SSL) and Transport Layer Security (TLS, OpenVPN, and Secure Shell (SSH).

How businesses are affected by the growing popularity of VPN 

VPN’s popularity is not only growing amongst private users. Businesses are using the technology more often following the climb in data security breaches. Cyber crime affected around 2.9 million British companies in 2016 and carried a hefty price tag of £29.1bn in that same year.

The attraction of a Business VPN Service is that it enables encrypted traffic to websites with SSL encryption. This offers additional security for small- to medium-sized enterprise (SMEs) that may not be able to afford the sort of security measures used by large corporates. VPNs are far more affordable than a private physical network so SMEs can use an existing public network to facilitate their VPN.

VPN also has security benefits for organisations sharing their resources with employees connecting from remote locations.

Directing all your traffic through an encrypted and secure private network makes it more difficult for a third party to monitor your browsing than if your data were exposed on a public network. It’s not, however, a silver bullet for the growing list of privacy and network security issues out there today. In fact, there are many reasons why VPN often fails.

VPN security concerns

The most obvious gap in VPN security is that the company offering a VPN service has access to your data and may be willing to provide law enforcement with your browsing history. Recently the U.S. House of Representatives passed regulations allowing internet service providers to pass on or sell your web-browsing data without your consent. It is also a concern that malware can mask itself as a VPN and do extensive damage to your network.

Another concern is the complexity of setting up and configuring VPNs for businesses. It’s important that teams overseeing this function have an in-depth knowledge of network security to ensure that protection from the public network is robust enough.

It should be kept in mind that a business will never have complete control over the performance of a VPN hosted over the internet, and will need to rely on the ISP to meet agreed standards of performance.

Getting the most out of a VPN

Before deciding to make use of a VPN, there are several factors that must be taken into consideration.

Since VPNs vary in levels of security and complexity, choose which security protocol will best suit the network security needs of your business: SSL and IPSec are used most often by corporates, then there’s the popular SSL/TLS, IPSec, PPTP and L2TP.

Take into account the businesses’ growth trajectory, so your VPN can handle increases in traffic over time and does not need to be replaced in its entirety.

Think beyond the desktop and make sure there is fast and reliable access to the VPN for multiple devices like smartphones and tablets.

If using an external VPN service provider, the location of their servers may affect the sending and receiving of data depending on the national data governance laws they may be subject to.

If the complexity of network security is more than your business can handle right now, you can outsource this function to professionals who can design and implement network security solutions that achieve a balance between being network secure and allowing you to do business effectively.

Understand more about protecing your employees even when they are on/off VPN by downloading Cisco's Umbrella Datasheet...

Guide to cyber security