Dealing with the recent spike in business VPN use: a Q&A with NetMotion

Working from home presents its own benefits and concerns. Three of the toughest challenges are overcoming problems with video conferencing, trouble accessing corporate files online and a lack of adequate support for employees from the helpdesk when things go wrong.

There’s been a breathtaking shift in the number of people working from home, obviously. Although a majority of medium and large-sized businesses had already deployed some kind of traditional VPN prior to the coronavirus, many of them simply weren’t ready for the sheer number of users or the volumes of traffic involved. 

As employees continue to struggle and be less productive, these companies will need to shift to solutions that are more suited to the deskless environment. This will likely prove to be the death knell for hardware-based VPNs that can’t scale without additional investment in new equipment. As a result, software-based VPNs or software-defined perimeter (SDP) solutions will swiftly replace legacy VPNs as companies emerge from the lockdown and re-evaluate their remote access technology stacks.

One of the easiest ways to ensure flexibility and scalability is to make sure it’s a virtualized VPN, and not necessarily reliant on a physical machine. Another important factor is to ensure that the VPN is highly configurable. In other words, to help relieve the stress on network bandwidth, the VPN should only be ‘on’ when it’s needed, and ‘off’ when it isn’t. This can be done a couple of different ways, such as using split tunneling or, even better, by implementing a solution that includes a context-aware policy engine that can figure out what data to send through the tunnel and when to simply allow the employee to work.

Lots of companies feel like they have to choose between tunneling everything so that they gain visibility and control, or tunneling only parts of their data but sacrificing visibility and control. Many instead are turning to content filtering that doesn’t require an open tunnel – for example a ZTNA or SDP solution – filling the visibility and policy gap even without using a VPN. This way, the organization’s most sensitive resources stay secure and hidden from would-be attackers, but the general activity of a worker remains as frictionless as possible, without compromising security.

An increasing number of organizations are embracing Endpoint Manager and Intune, which have a rich and valuable feature set for UEM but, crucially, do not include a native VPN for when traffic needs to be tunneled. Microsoft has always had a strong ecosystem strategy and in this instance has chosen to partner with NetMotion, helping address VPN requirements for its thousands of customers that are seeking additional security and remote access functionality.

The best security technologies are the ones that are virtually invisible to the end-user. VPNs, like most software, should be frictionless and have zero negative impact on the employee’s productivity. Unfortunately, many workers during the lockdown are realizing that they don’t really like having to use one. 

As the use-cases for VPNs continue to evolve, ensuring they are not degrading the user experience in any way will be essential to their long-term application inside businesses. If a user has to reauthenticate and log into a VPN ten times a day to get their job done, then something will need to change fast. As we emerge from this crisis, IT and security teams will be assessing the impact of all of their tools upon the happiness and productivity of workers and will be changing anything not up to standard.

Until very recently, VPNs had become unfashionable, with a plethora of vendors and commentators hailing the imminent death of the VPN entirely. However, the lockdown has clearly shown that there is still a pressing need for remote access, and that it is unlikely to go any time soon. The main shift taking place is the realization that the legacy VPN is ill-suited to the needs of 2020, and that it will instead be giving way to mobile-first and cloud-ready solutions – that means modern VPNs but also other technologies like SDP, ZTNA and CASBs. The simple truth is that network leaders need to demand more from their VPN, and that process just got accelerated. 

When considering the work environment today, it’s clear that the four walls of the office are no longer as relevant as they once were. Work takes place wherever the employee is located. Users should always be in a position of power when it comes to their data on their devices, naturally. Expectations are changing, however. Work being done on a corporate-assigned device is still the security responsibility of the employer. In the event of a data breach or compliance failure, it’s the CISO that’s held accountable. Managing, securing and protecting those devices from such incidents means a degree of oversight by the organization – even when being used in employees’ homes. 

Best practice depends greatly on the industry, but in general employees today are more aware of the kinds of things their IT and security teams need to do in order to keep them safe. There’s a heightened expectation that employers have a responsibility to help employees stay productive and protected from attacks, even when they’re working remotely. Monitoring is a key part of that security strategy, but privacy absolutely must be at the forefront of the minds for IT leaders – there’s a big difference between checking for potential threats or data leaks and reading an employee’s personal WhatsApp messages, for example.