The benefits to reading this guide
This guide is ideal for those looking closely at their VPN set up and wondering if it is suitable solution for enabling long-term remote working. We take a look at some of the main problems with this old-fashioned technology and how cloud computing can help create the secure and productive remote access your company will need to thrive in a post-pandemic world.
What is a VPN?
A VPN (or Virtual Private Network) allows you to make a connection to another network over the Internet. Businesses use VPNs to provide secure access to network resources when employees are working remotely.
The Surge in VPN use
VPNs have always been a popular way for businesses to provide secure remote access to their network files and on-premise applications. Traditionally VPN access was reserved for regular remote workers such a sales people and contractors. Typically, companies with such a remote working policy would only be supporting 10-20% of remote workers at any given time, with resources being sufficient to handle that scenario. However, with the Covid-19 crisis forcing organisations throughout Britain to embrace home working, ready or not, the use of VPNs has skyrocketed. It has been seen as a relatively quick and low-touch solution to enabling more productive remote working company-wide. However, as previously mentioned, traditional business VPNs were designed for edge cases and it has quickly become apparent that they may not be fit-for-purpose for future, large scale work from home practices.
The Productivity Sapper
One of the biggest problems organisations are experiencing with home workers flocking on to business VPNs is the strain it is putting on the network. Many VPNs have proven to be ill-equipped for handling this massive spike in simultaneous usage and also latency requirements of collaboration tools, such as Microsoft Teams, that have been hastily enabled to fill the interpersonal void. It is, more often than not, a case of VPN concentrators and gateways at the edge of corporate networks buckling under the strain. In addition, many VPNs route a user’s entire traffic, including personal Internet traffic, further exacerbating network overload. As a result, many remote workers have been experiencing slow response times and even VPN crashes, inevitably leading to a significant dip in productivity that could massively upset their company’s bottom line.
And so it is that VPN has become a bottleneck and limiting jitter and latency has hence become a great headache for IT administrators. It’s not so much that the traffic is crazy by Internet standards, but it is by the limited connectivity and bandwidth of some corporate architectures. VPNs are just not built to optimise apps or support different devices and as such the employee experience can fall short.
Problems at Home
The network quality at remote worker locations can have a serious impact on the productivity of a distributed workforce. Most remote workers will be connecting to VPNs via the public Internet which doesn’t support QoS (Quality of Service). This means traffic such as video and voice will not be prioritised leading to packet loss and/or high latency. This tends to be the number one culprit for garbled speech and pixelated video. On top of this, home Wi-Fi routers are not likely to be up to corporate standards, often with poor speeds and older connectivity methods.
Poor wireless coverage and interference within the home can also play a part. Microwaves, baby monitors, walls etc. can all diminish the signal quality, exacerbating problems for those who already have poor average connection speeds. Additionally, other family members can cause issues by competing for what little bandwidth there is. This is especially true for lockdown Britain where most families are all at home, some binge watching Netflix series’ and others playing video games online.
The Security Hole
Routing Personal Traffic
We’ve already mentioned that most VPNs route the entirety of your remote workers traffic, including personal Internet traffic. From a security perspective this increases the risk of introducing malware or ransomware to the corporate network. The risk is even higher due to the enforced move to remote working where IT may have not had time or resources to provide all employees with company-owned devices. If remote workers are using personal devices to access work applications and files through VPNs then the likelihood of a security breach is increased, because they could potentially get into the entire network regardless of the state of their device security. For instance, a member of their family could have been on the device and accidentally introduced malware while playing online games or surfing an infected website. Another problem with backhauling all traffic through your data centre, while not a security issue, is that it becomes a bit of a potential invasion of employee privacy.
Keeping up with Patching
Even if all your users are enrolled on your network and using company-owned devices, your underlying VPN infrastructure could be susceptible. For example, Microsoft recently sent what it called "a first-of-its-kind targeted notification" to healthcare organisations to warn them about a ransomware group called REvil who are scanning the Internet to find flaws in vulnerable gateway and VPN software. This activity has increased since the onset of the Covid-19 pandemic because the hackers know that IT teams are more stretched than ever. Keeping up with patching of VPN and gateway vulnerabilities is a time consuming endeavour. If attackers are successful in exploiting these vulnerabilities, they can then steal credentials and elevate their privileges, moving freely through the network often completely undetected. Their ultimate aim will be to install ransomware or malware to disrupt systems and extort money.
Poor Breach Detection
Once a rogue player gets into the network, they tend to be able to move around completely unhindered. This is because VPNs are not designed to detect and take corrective action against breaches. With limited resources and poor insights from their corporate VPNs, many IT teams will struggle to monitor suspicious activity allowing for easier malicious extraction of data. They will particularly struggle with knowing the health of personal devices which could be compromised through tactics such as key loggers and screenshot malware. Once credentials are compromised it could be game over.
Overload? What overload?
Cloud computing is quickly and easily scalable and not as susceptible to the bottlenecking experienced with VPNs. If you need more resources they can be deployed within virtual machines with minimal effort and bandwidth is rarely a problem. For example, if you’re using a solution such as a hosted desktop, you’ll see negligible difference between having all employees working out of the office and having all employees working from home. In such a solution, work takes place in the data centre regardless of where you’re accessing the service from. With a receiver application simply acting as a window into the server, traffic from personal activity on the device itself is not backhauled to the data centre and so does not impact on the response times of the service (as long as you have sufficient bandwidth to make the connection). Additionally, employee privacy is not compromised.
Unified communication tools such as Microsoft Teams can be optimised to negate any quality of service issues due to greater use of video and call facilities. For example, Citrix have worked in collaboration with Microsoft to create a solution that optimises Teams for virtual environments. Indeed, Citrix solutions in general are excellent for application optimisation and the delivery of a consistent user experience regardless of device used.
Made for Remote Working Scenarios
As the cloud can offer a consistent experience regardless of device and location, connecting via public Internet is rarely an issue. Unless they have a connection that’s dropping in and out, distributed workforces will not be impacted by working remotely. Hosted desktops, for example, require extremely little bandwidth from your home internet in order to make the connection through the receiver app. You could hotspot the Internet from your phones 4G and still not notice a difference for the majority of your activity (although activity with higher resolutions and higher frame rates, for example, will require more bandwidth for the best experience). This is particularly handy if you have poor wireless signal or family members draining bandwidth through their own activities.
Secure by Design
As previously mentioned, cloud solutions such as hosted desktops don’t require the routing of personal device traffic through the datacentre. With the device just being used as a portal to your cloud desktop it becomes near impossible for a device, regardless of health, to infect the virtual infrastructure. This allows for a truly BYOD (Bring Your Own Device) approach to IT without the security worries that this would normally entail.
With cloud computing, not only should a VPN no longer be necessary, but patching of remaining devices can be massively simplified. For example, it allows for easier visibility and control of virtualised workspaces and personal devices (through cloud enrolment). This allows for the centralised control of patching for virtual and physical devices as well as the applications that run on them. Not only that but – in the case of hosted desktops – you can apply patches and updates to all users at the same time, in a far more expedited way than ever before. And of course, if you opt to have a Managed Service Provider handle this for you, you won’t even have to lift a finger.
The same can apply to the patching of network devices, not only can it become far quicker and easier, but the need for so many edge devices can be diminished thanks to cloud computing. The less devices that you need to worry about patching, the smaller your attack surface and the lower your exposure. For example, Citrix SD-WAN can not only massively improve your network bandwidth and application performance, but SD-WAN devices can also help consolidate devices such as routers and firewalls.
Unlike with a VPN, cloud services can much more easily be monitored to help prevent data breach. For example, Citrix Analytics can help monitor network activity, leveraging machine learning to understand end user activity across networks, data stores, apps, devices and desktops. If the behaviour of a user is deemed to be risky then it can take pro-active action such as shutting down access. What’s more, if you’re using services such as Citrix Workspace, you can prevent credentials from being stolen in the first place thanks to anti-keylogging capabilities.
Cloud services, such as hosted desktops, also tend to come with Multi-Factor Authentication (MFA) as standard, requiring further credentials such a biometrics or a token from an authenticator app in order for access to be obtained. Many corporate VPNs only have basic authentication procedures that are more easily breached.
More and more companies are turning to cloud computing to ensure secure remote access. VPN, while seen as a short-term fix, is not likely to last as a long-term strategy for maintaining network infrastructure to support remote work. As always, the best solutions are those that are almost invisible to the end user, and VPN is certainly not an example of that. With remote working looking set to be here to stay, even after lockdown restrictions are lifted, we need to find a way for our distributed workforces to remain productive. This will mean solutions that provide as frictionless an experience as possible, such as hosted desktops, rising in popularity. There may be solutions that are quicker to implement, but they tend not to replicate the in-office experience or be as secure, considerations that are absolutely essential both in this transitional period and beyond.
With attack services widening by the day (think increase in personal device usage, SaaS application adoption), advanced remote working solutions will be needed to combat the significant threat posed. VPNs are simply not up to this task. However, cloud solutions from providers such as Citrix are ideally placed to help companies achieve security and compliance in this increasingly complex IT landscape.
If you would like advice on navigating the post-pandemic world and embracing the ‘new normal’ then contact Atlas Cloud today for free advice on both public and private cloud solutions that will set your distributed workforce for success well beyond Covid-19.