The Future of Corporate VPN

Raz Rafaeli | March 31, 2020

As countries engage in and extend lockdowns and quarantines due to the coronavirus pandemic, companies, organizations, and government agencies are learning to cope with the new work-from-home culture.

One of the most important challenges that every organization faces is providing its employees with secure and stable access to their corporate applications and resources. In this regard, several trends can be observed, chief among them the increase in usage of enterprise virtual private networks (VPN). VPNs allow companies to establish a secure tunnel to the corporate network, which makes company servers and assets available to employees without exposing them to the public.

In theory, it’s easy to think of corporate VPNs as setting up a server and providing employees with credentials and access information. But in reality, remote work and VPN pose several security and availability challenges that many organizations are just beginning to deal with.

Here’s what to expect of the future of corporate VPNs as remote working gradually shifts toward becoming a staple of professional work, if not the norm.

Split tunneling and the VPN load-management quandary

Basically, what a VPN does is encrypt the network traffic of a device and channel it through an intermediate server or cluster of servers. Employees who connect to a corporate VPN will get access to the select assets and resources in the company’s internal network.

Many companies already have a corporate VPN that allows third-party contractors and freelancers to gain access to these resources. What they aren’t ready for is the deluge of traffic they will be facing as the bulk of their workforce will be working from remote locations. In many cases, the VPN infrastructure does not have the capacity to serve the number of employees that now need to connect to their workplaces remotely.

The increased traffic results in downtimes, network lags, and a deterioration of the quality of service.

There are a couple of ways that companies can deal with this. For those who have the in-house technical expertise and resources or have the financial means to hire talent from outside, they can consider scaling their VPN infrastructure. This will include expanding their server clusters, applying network load balancing, and adding data centers to serve employees in different areas.

A different approach would be to engage in “split tunneling,” where the client’s network traffic would be divided into VPN and non-VPN traffic. With split tunneling, companies will be able to reduce the load on their network by only channeling the traffic that is destined for their internal network through their VPN servers. All other traffic will go through the client’s normal internet connection.

Zero-trust Security

While split tunneling will reduce the load on VPN servers, it comes with a caveat. If remote employees rely too much on internal applications to perform their work, split tunneling will have a small impact on improving the stability and availability of organizations’ VPN infrastructure.

By slowly transitioning some of their functionalities toward software-as-a-service models, companies will be able to make sure employees have access to many of their work assets without the need for a VPN connection.

SaaS models are also known as “zero-trust” systems. The VPN-based system is centered on giving access to specific network gateways. If someone is connecting through the corporate VPN, they are considered a trusted source and will be given access to company resources. In contrast, the zero-trust model is based on trusting no one and verifying everyone for every single application.

For instance, companies can consider using Microsoft Azure Active Directory and Office 365 for work document sharing and management. As many organizations already use MS Office internally, Azure and Office 365 can quickly become a replacement for on-premise document management systems. And they also provide the flexible and reliable security you would expect from a corporate-level document management system.

Already, many companies are using online SaaS tools as the main tool for messaging, voice calls, and video conference/screen sharing sessions among remote employees.

This shift to SaaS for a growing number of business needs is enabled by the adoption of facilitating technologies and practices such as Single Sign-On (SSO) to streamline authentication and access management, Multi-Factor Authentication (MFA) and the deployment of Endpoint Protection tools. Together, these tools allow companies to decentralize their security frameworks while ensuring business continuity and avoiding cybersecurity risks.

As they slowly transition toward the SaaS-based, zero-trust model, organizations can maintain their VPN infrastructure for resources that absolutely need to stay on the internal network. VPN dependency will gradually subside, and many employees will be able to perform their work exclusively on SaaS applications without the need for VPN connections.

Authentication technology will have a pivotal role

Whether your organization opts for a scaled VPN, hybrid or full-SaaS approach, identity management and authentication will have a pivotal role in the security of your remote workforce.

As your work environment transforms to adapt to the pandemic era, you’ll need to make sure that changes to your infrastructure do not cause security holes and deficiencies that malicious actors can exploit. In this regard, the key to success will hinge on providing secure, reliable, and seamless authentication to your employees.

The right authentication technology should be:

  • Flexible: It should be able to adapt to your business as you move from on-premise to the cloud and back, and provide a uniform authentication interface across on-premise and cloud applications. Your authentication technology should be able to integrate with different LDAP and directory services, combine with federated authentication services, and comply with different standards such as SAML and OAuth.
  • Secure: Your authentication technology should protect your employees and your organization against all types of attacks, including phishing, man-in-the-middle attacks, credential stuffing, keylogger malware, and more. Most security experts recommend protecting all work accounts with multi-factor authentication (MFA). The problem is, not all users appreciate the added friction of MFA, which brings us to the next point.
  • Easy to use: Your authentication technology should be able to provide optimal security with the best user experience. An ideal solution is a passwordless authentication mechanism with built-in MFA capabilities. Passwordless will make sure your users can securely log in to various work accounts in a pleasant, fast and error-free way.

Take note that working in their home offices, your employees are no longer in the protected confines of your corporate network. So they’ll need all the protection they can get, with minimal impact on your IT teams. Adopting a Passwordless authentication mechanism provides the highest level of remote access security, while freeing organizations from the hassle of managing complex password-related policies and allowing employees to stay on track wherever they are.