VPN is more important than ever before in the age of remote work
Pandemic coronavirus has created previous work from home culture which in turn has significantly increased dependency on VPN gateways.
Indeed, they have become an important business life path without which employees will not be able to access key business applications that allow them to do their work. But the high demand for users placed on VPNs makes them vulnerable to performance and security problems.
- See a list of our best Android VPN apps
- We have made a list of the best secure VPN providers out there
- This is our choice of the best Windows 10 VPN on the market
So how can businesses improve VPN performance and security?
Previously, building a VPN support strategy to solve performance and access problems might only involve adding VPN capacity and internet link bandwidth. However, in the current climate where VPN is no longer an add-on but very important, this approach is inadequate.
The IT team now needs increased access to enable rapid resolution of problems so that internet access is reliable and safe, and is proven to be the case. Therefore, a VPN support strategy needs to enable IT teams to prioritize important services, analyze resource consumption quickly, and quickly solve performance problems.
Here are some tips for increasing VPN performance issues:
Apply realistic bandwidth quota
Remote access needs to be managed to ensure that the session does not use bandwidth and excessive throughput. To protect from this, IT must implement a reasonable quota on bandwidth and throughput per session. For this to be effective, they also need to ensure that termination capacity, bandwidth, and throughput can scale on demand.
Set acceptable usage parameters
While VPNs are very important for many aspects of remote work, they are not universally needed, and certainly should not be used for holiday purposes. This is especially true if you don’t use split-tunneling [see next point].
Prohibiting the use of VPN for non-business use, such as video streaming platforms and online games, is an obvious place to start. However, in business use, it can be unclear to which business application employees do and don’t need VPN access. Therefore, it is important that this is clearly laid out by IT and acceptable usage policies are communicated and enforced so that employees do not inadvertently add to the burden on VPN.
Consider using a separate VPN tunnel
This can direct all internet traffic not specifically within the company domain through a local ISP, helping to alleviate some of the tension caused by using VPN.
Use proper access control
Not all VPN concentrators have the same network policy and using the wrong access control can cause some performance problems. For example, generic SSL / TLS-based VPN concentrators will have different network policies than IPSEC-based remote access VPN concentrators. Fortunately, this is easy to solve, the IT team only needs to double check that the proper access controls have been implemented and correct the errors if not.
Take advantage of geographically dispersed employee pockets
Now that most employees work from home, a centralized remote access network infrastructure may no longer be the most effective policy. Conversely, companies with geographically dispersed employee pockets should consider regionalizing their remote access infrastructure. This can help distribute internet access and intranet network loads rather than placing all requests on one source. Doing this will also add an extra level of security by increasing resistance to attacks and other potential service interruptions that can affect local pockets rather than full networks.
Use analytic tools
Network traffic can be analyzed at the packet level using network visibility tools. These products can provide data at a universal and granular level to give the team an accurate insight of the network infrastructure facing the public. This enables accurate problem diagnosis, better bandwidth allocation and can draw attention to where specific services need to be built to address certain problems.
Improving VPN performance must go hand in hand with increased VPN security if not, this important business lifeline will still be at risk of cyber attacks. Indeed, a joint joint statement from the United States Department of Homeland Security and the British National Cyber Security Center found that the smallest denial of service (DDoS) attack was distributed.
Using software-based services (SaaS)
Default protection is the best way to ensure VPN security, so take advantage of providers that already offer this service. Most major SaaS providers already have DDoS protection built in to maintain the availability of their services, so use this service wherever possible. For example, for everyday business applications, content sharing, collaboration and communication.
Follow current best practices (BCP)
Re-checking whether they use BCP is an easy way for IT teams to build resilience to attack across network infrastructure, servers, and services such as DNS. The main starting point should be for the IT team to ensure that they have implemented an intelligent DDoS mitigation system to ensure protection from DDoS attacks for all servers, services, applications, data and supporting infrastructure facing the public, such as remote access technology.
Use a special internet link
Using links associated with components such as public facing websites or DNS servers can increase the likelihood of DDoS attacks, or other such events, will prevent IT from being able to respond quickly. Therefore, it is important to use a special transit link for VPN so that remote security can be as effective and as seamless as possible.
Implement secure user access
The IT team must ensure that the remote access mechanism is integrated with the organization’s security system and multi-factor authentication (MFA) technology that must be required for all user accesses.
Avoid clear DNS names
Don’t make it easy for an attacker by using the string “vpn” in the DNS resource record for the VPN concentrator. Instead, the IT team must choose a DNS naming convention that benefits them, without signing potential attackers directly into the main functional area.
Working from home is here so it remains important that businesses protect and ensure the performance of their VPN gateways to enable their employees to continue to work effectively and safely.