dcsimg
 

The Dos and Don’ts of VPNs

Saturday Feb 9th 2019 by Arthur Cole

If implemented incorrectly, VPNs can provide an even greater threat to sensitive data than standard wired or wireless infrastructure.

The twin forces of greater data mobility and the need to maintain high levels of security and protection are leading many organizations to embrace virtual private networks (VPNs). The technology is not new, of course, but it is becoming commonplace both as an internal, home-grown solution and a commercial service.

Still, network executives should be wary of rushing into VPNs, or of ignoring their use by the workforce, because if implemented incorrectly, they can expose critical data to just as much danger, and perhaps more, as standard wired or wireless infrastructure.

PC Magazine’s Wayne Rash recently highlighted the many advantages that VPNs bring to the enterprise table. Among them is the anonymity they provide, regardless of whether they rely on the public Internet or not. For workers connecting to centralized storage from a portable device, VPNs offer a secure, pre-engineered means of access. Companies looking to maintain secure, reliable connections to cloud providers are turning to VPNs as well, not just for security purposes but for added levels of resilience, bandwidth and control.

But this is only true if you can verify that you are actually getting the kind of VPN you want from your provider. In a recent study, Mohammad Taha Khan of the University of Illinois and Narseo Vallina-Rodriguez of the IMDEA Networks Institute in Spain reviewed 200 providers and found there were high levels of deception throughout the industry. For one thing, payments for positive comments on review websites are rampant, with 24 out of 26 sites getting kickbacks. Additionally, one quarter of providers do not post their privacy policies online, even when laws require them to do so, and tests of many services revealed programming and configuration errors that allowed data to travel outside of encrypted connections, which defeats the purpose of creating a VPN in the first place.

Network execs should also be leery when it comes to extending standard security footprints to the VPN perimeter. Security researcher David Balaban notes that once someone has connected through a VPN, they pretty much have full access to the entire data environment, even if their roles are quite narrow. This is why many organizations are turning to software-defined perimeters (SDPs), which can be populated with a wide variety of policies to provide access only to what is necessary. They may be a little trickier to set up and maintain, but they provide an added level of security at a time when network breaches pose an increasingly serious threat to the enterprise.

Another potential VPN-boosting technology is blockchain. Jong Kim, chief architect at the Marconi Foundation, says blockchain could eliminate the need to create an overarching VPN to connect multi-cloud environments by streamlining the management of resilient peer-to-peer connections. As an open, decentralized digital ledger, blockchain can maintain a robust bridge to the cloud as an agnostic overlay atop underlying connection points. The result is a simpler, more secure and more resilient wide area network.

One of the best things about VPNs is that they come in so many flavors that there is likely to be a readily available service for just about any use case the enterprise can come up with. The downside is that it takes a bit of time and research to find the perfect fit.

As enterprise infrastructure itself becomes more distributed across geographic areas and starts to incorporate more third-party resources, building and securing private networks will likely become a core function for the IT team.

Arthur Cole is a freelance journalist with more than 25 years’ experience covering Enterprise IT, telecommunications and other hi-tech industries.

Home
Mobile Site | Full Site