Turning the humble VPN into a hot ticket item

(Image credit: Shutterstock)

Working remotely used to be seen as a perk for certain employees and certain companies. That has, of course, completely changed now. In the space of just a few weeks this year, a massive population of office workers was transformed into an entirely remote workforce.

Networks were instantly stretched to their limits, many of them failing to cope with the higher demand. That’s particularly true of enterprises that are saddled with legacy virtual private networks (VPN) solutions from companies like Pulse Secure or Cisco, with physical server stacks that weren’t designed with rapid scalability in mind. For many IT teams – and the workers forced to use IT-selected applications – this has been an extremely painful experience.

Every IT organization understands the importance of secure remote access. But workers have long complained about the inconvenience and unreliability of VPNs. The perception is that they slow down network speed, particularly impacting video conferencing and other data-intensive applications. They’re also infamous for requiring users to frequently reauthenticate, especially when the user changes location and/or network. From the user’s perspective, there are myriad problems associated with using a VPN.

So far, many companies have been taking a wait-and-see approach to their network infrastructure investments. That’s understandable, particularly if life goes back to normal fairly quickly. The reality, however, is that even as restrictions begin to lift, a vast number of employees may choose to continue working remotely. As a result, the second half of 2020 will leave a lot of IT and security leaders with a big question to answer. Namely, how to provide secure remote access to those workers in a way that doesn’t degrade the user experience – and perhaps even makes it better.

How to improve the VPN experience in the short-term

First, let’s look at what can be done to improve the VPN experience. Regardless of the VPN being used, the days of always-on tunneling are (thankfully) almost over. There are fewer and fewer reasons to have the VPN on at all times, unless, of course, your organization is highly regulated, as is the case for healthcare and public safety. If the option is available, find ways to implement split tunneling with the existing VPN, activating it when users need it, and turning it off when they don’t.

Load balancing and throttling are also vital considerations. Software-based VPNs are by nature incredibly scalable, making them 10x easier and more cost-effective than their hardware counterparts to manage when demand rises. The takeaway is, put the VPN in the cloud or at least on company-owned servers – software is the answer.

Further, if the VPN has a policy engine, take advantage of it. Prioritize mission critical applications so that users never have issues accessing important resources. The reverse is also true. Throttle the applications with less important traffic that may get in the way of productivity. In practice, this could mean that the IT team throttles or even blocks streaming platforms and social media traffic on corporate devices during work but permits them after hours.

Some VPNs actually have technologies built in that enhance connectivity. These can include traffic shaping, session persistence, tunnel persistence, seamless roaming, traffic acceleration, video improvements, QoS, image optimization and others that all contribute to a more stable, faster experience for end users. Think no more disconnects, smoother video calls, faster downloads and no need for reauthentication – even with weak or spotty cellular and Wi-Fi conditions. With solid options on the market, it makes sense to look for remote access that employs at least some of these technologies.

The future of VPN rests alongside software defined perimeters

Perhaps the most future-proof approach to improving the remote access user experience would be to consider incorporating software defined perimeter (SDP) – also known as zero trust network access (ZTNA) – technology. These solutions take a context-aware approach to resource access, classifying users and devices as either trustworthy or not based on various criteria.

The smart thing about SDP technology is that it prevents lateral movement, reducing the attack surface for the organization, while still allowing users to get what they need in the moment that they need it – based on whatever conditions they are currently in. SDP judges everything from network type (e.g. public Wi-Fi, private network, cellular, etc.) and location (country, time zone, etc.) to website reputation and security, and device configuration, all to assess the risk profile of each request. This is a far more surgical approach to remote access that can even be carried out on the individual device and is almost certainly the natural successor to VPN.

The challenge is that 98% of organizations today still maintain some kind of on-premise resource. As a direct result of this and other requirements, most IT departments are simply not ready to throw out the reliable ol’ VPN any time soon. The question, then, becomes how can they embrace the future of remote access in a way that doesn’t overlook what they require today?

The obvious answer is to look for a platform that provides both. The experience of managing separate VPN and SDP tools is likely to be painful – multiple clients, multiple gateways, multiple consoles and multiple policy engines that are likely to have a significant bearing on end user experience. Getting around these limitations means trying to find an SDP platform that meets VPN requirements, too; a solution that can offer the benefits of both as the organization manages the transition from old world (primarily on-prem, primarily desktop, VPN) to new world (primarily cloud, primarily mobile, SDP).

Remote work requires a flawless experience, no matter the technology

Is it possible to improve on the VPN? Absolutely. In fact, the whole employee experience can undergo a welcome overhaul simply by properly utilizing existing tools such as split tunneling, load balancing and the policy engine. For an even more dramatic effect, implementing traffic acceleration, session persistence and the other features of a mobility-enabled VPN will drive enormous changes that users instantly appreciate. And finally, put SDP on the IT roadmap. As the need for remote access expands, users will naturally demand a flawless work experience from anywhere. Organizations with an SDP that can perform double duty as a VPN will find themselves in a much better position – and with far fewer trouble tickets.

Joel Windels is Chief Marketing Officer at NetMotion

Joel Windels

Joel Windels is the CMO of NetMotion Software. He is responsible for the global marketing and sales development teams, as well as running the company's second largest office in Victoria, Canada