Cloud-based VPNs can ease network traffic overload due to COVID-19

Software-defined perimeters are a modern way to balance security with the demands of the mobile workforce.

How to use SSH as a VPN with sshuttle
27:30:00

No one knows what the new normal will look like for companies and employees, but remote work will be a big part of any post-coronavirus plan. Now that executives and individuals have proof that telecommuting is possible for many employees, it's time to refit corporate connectivity, including VPNs. Schools, local governments, and healthcare organizations are all getting a real-time reality check on the status of their networks. 

Bill Flatley, a senior service delivery manager at OST, a business and IT consulting company, said that healthcare organizations are a prime example of an organization rethinking its VPN capabilities.  

"Since COVID-19, we have seen major investments in new VPN appliances, client licensing, and internet bandwidth," he said. "More people working remotely means more data throughput for VPNs, and for healthcare, this means imaging as well as raw data."

Here are two ways to modernize your VPN strategy.

Shifting your VPN strategy

One approach to scaling VPN capacity is to move to a software-based service.

Joel Windels, chief marketing officer at NetMotion, said the 19-year-old company has spent the last five years talking about products other than its flagship offering: a UDP-based VPN popular with public safety departments, airlines, and infrastructure companies. The coronavirus and increasing security concerns changed all that and made VPNs cool again.
 
NetMotion uses a software-defined perimeter to monitor the quality and security of wireless connections and to monitor user activity. If a user visits a suspicious website or has a weak connection, the company's mobile VPN software turns on.  
 
"By default, it doesn't do anything, but companies can have an infinite list of conditions and then actions to take, based on those conditions," he said.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF)

Customers set their own rules about access, and the software enforces those rules by blocking certain types of connection or activities, such as accessing a gambling website at work.

"Every company has a different culture and risk tolerance; for example, banks and hospitals are extremely strict, but other companies don't want to authenticate 10 times a day," he said.

NetMotion's VPN platform is in the cloud and uses subscription licensing.

Many NetMotion customers are in emergency services, and the company traditionally provides surge licenses at no cost to police, firefighters, and other first responders during natural disasters and other crisis situations. Windels said that the company has given away a record number of licenses during the coronavirus pandemic to help ease the burden on cities and healthcare organizations. At the same time, NetMotion just finished the best quarter in the company's history.

"We have hit two of four company targets in Q1," he said. 

The sudden transition to 100% remote work has brought lots of new customers to NetMotion.

"Companies using hardware-based VPNs can't get new equipment because it is out of stock, and it's a real nightmare to scale up an old-school VPN quickly," he said. 

Windels said that IT managers should look at help desk tickets and talk to employees outside the IT department to determine whether or not the VPN is helping or hindering daily work.

"If you are an IT leader, it's your job to make sure employees can do their job," he said.

Split tunnel vs. full tunnel VPN traffic

Another VPN management tactic is full tunnel or split tunnel. A split tunnel can conserve bandwidth and protect a company's most sensitive information, but this approach opens up corporate networks to more security risks. 

With a full tunnel VPN, all traffic is inspected whether it's activity on a SharePoint site or shopping at Amazon. All security tools--anti-virus and anti-malware software--are applied to this traffic.

Maya Levine, a security engineer at Check Point Software Technologies, said that a full tunnel approach also gives a company better visibility into what the user is doing.

"One of the cons of full tunnel was that it adds a lot of overhead to your gateway, and it could impact connectivity for customers," she said.

This was not an issue when companies had only 50 employees out of 500 using the VPN.

Levine said now that a company's entire workforce needs the VPN, it's difficult  to scale up quickly with a hardware-centric solution.

"If this is going to be the norm for the next however many months, companies should purchase a solution that can handle the maximum amount of users," she said.

Scaling up is easier with a cloud-based VPN, she said, particularly for newer companies that don't have physical hardware on premise.
 
Levine said that gateways designed for a set number of users wouldn't be able to handle full tunnel traffic right now given the increased load. She added that companies should be transparent about VPN policies.

"If you say you're only using split tunnel and then you're in full tunnel, it will cause a lot of issues with the company," she said.

With split tunnel, monitoring options are limited. Managers can only see how long an employee is connected to the VPN and not much else. With full tunnel monitoring, companies can see when a person is connected to the VPN as well as everything the person is doing. Levine said that companies shouldn't trade security for convenience.

"Hackers have not slowed down at all, and they are still heavily targeting companies so people are really at risk right now," she said.

Also see

Secure VPN Connection. Virtual Private Network or Internet Security Concept.

Image: Getty Images/iStockphoto