A secure virtual network is essential for companies whose employees work away from the office
Having a business-grade VPN is essential for any company with employees who work remotely. Somewhere, there may be a company whose public sites and apps are perfectly secure, whose business data can be safely accessed across all forms of connection and hardware. For the rest of us, there are VPNs.
A virtual private network is a secure way of transporting private data across unknown networks – a welcome reassurance for any company whose employees travel or work from home. Instead of worrying about the security of individual applications – database front-ends, email applications, enterprise resource planning and so on – you can focus on securing your VPN.
What is a VPN and how does it work?
A VPN connection begins with a remote worker logging into a corporate server and then confirming details based on previously exchanged security information. This information can be in the form of a password, IP address or an SSL certificate.
After that, the two ends of the VPN link (the tunnel) agree on a means of encrypting their further conversation. Finally, the ends agree on how to move traffic around.
This last part can be technically tricky, because the roaming device often needs to keep its local network addressing for local traffic, as well as a spoofed address for talking down the tunnel to all those remote resources. This is taken care of by the VPN client, however: from the user's point of view, connecting to the VPN should be as simple as logging on to any network resource.
VPNs divide up into old and new schools. The older ones use IPsec, moving traffic via their own network ports. Newer technologies use SSL, which travels over the same ports as regular web-browser traffic. This makes SSL VPNs more amenable to limited connections, such as those found in hotels and convention centres. Coincidentally, SSL VPN support and licensing is rather more expensive than IPsec.
Using a VPN from a smartphones or tablet?
VPN software is available on most mobile platforms, but they're not always for use with every possible brand and scale of firewall.
The lines become blurred here: the big software players tend to mix connectivity (traditional VPN) with management (remotely erasing a phone or tablet, for example) in a giant blancmange of services. Perhaps it's best to remember that SSL is the lowest common denominator for many tablet and phone devices when it comes to VPN transport.
Is VPN as safe as a dial in connection?
The phrase “dialling in” feels like Anglo-Saxon English, but you certainly can build a multi-location WAN with private access points.
"Generally, it's an approach that can work well for local workforces, but less well for those who travel internationally."
In the internet industry, this is called Multiprotocol Label Switching (MPLS). Essentially, it means your ISP delivers the topology of your WAN in a way that ensures users see only your private environment. This is very secure, but not without drawbacks – ease of changing ISP being one major compromise. You can do the same thing with mobile phone SIMs and data-enabled tablets and laptops, although in this architecture the free and easy nature of the classic VPN lifestyle may not be attainable with perfect security.
Generally, it's an approach that can work well for local workforces, but less well for those who travel internationally and rely on data-roaming services.
How hard is it to set up a VPN?
The hardware and software should be fairly easy to acquire and configure. The problem is that the majority of workers are already set up with domestic internet connections, which may be too slow or flaky to provide a reliable business-grade connection.
What are the ongoing costs and risks of a VPN?
Costs are fairly easy to assess, because almost all the firewall vendors want an annual licence for their SSL VPN user counts. Costs for roaming and international users are harder to nail down, and may come as a nasty shock. I've certainly heard stories concerning a 50-person division that's been hit with a bill of half a million pounds per year in roaming charges alone.
When it comes to the risks, it isn't the security of the VPN you need to worry about. More of a concern is the possibility that your firewall vendor, or mobile phone partner, could take an unexpected right turn and leave your VPN plans in tatters. All you can really do is bear this possibility in mind when choosing a provider.