IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The secrets of VPNs for business

Secure access to your network isn’t something to be taken lightly

Mature mid-sized businesses

Larger organisations are more likely to have specialist IT staff guys who've been doing remote access since the days of the character-based terminal and noisy modem. For them, VPN is the latest faddy way to do it, and they're happy to jump aboard.

But this presents risks of its own. These guys tend to be early adopters, which might be fine for them but can create a steep learning curve for everybody else. They're also likely to want to set things up just so. This can lead to situations where changing anything at all outside the LAN, inside it, with software, hardware, supplier or anything else has unexpected consequences. A single cable popping loose might result in two routers both advertising as the single authoritative endpoint, causing security errors and leaving users locked out. Tracing the trail of cause and effect in a lovingly designed VPN can be agonising.

Let's not panic too much, though. Such situations are rare and high-end architecture can deliver legendary levels of reliability, especially when the people connecting to the VPN are doing so in consistent ways, from their branch or homes offices. It's when things are more unpredictable and chaotic that issues arise. Which brings us to the cloud.

Modern cloud-based ventures

If you've managed to cast off the traditional shackles of information technology, then good for you. But when your services and assets are all up in the cloud, the demand for secure access doesn't just evaporate: it becomes ubiquitous.

Accordingly, both Microsoft and Amazon prefer you to present your entire pool of client phones, machines and tablets in a privately connected way. This can go as far as setting up a dedicated, physical fast link between you and their nearest cloud-access point. Whether you go that far or not, both use a popular VPN technique, namely connecting over Secure Sockets Layer (SSL).

Most people are familiar with SSL in the form of HTTPS, which provides secure access to web services, but that's by no means all it can do. Transporting data through a secure pipe between your browser and a website is functionally indistinguishable from a regular VPN workload and, while many public hotspots and ISPs will block unusual connection types, they can't block SSL, as this would make most of the web inaccessible. It's no coincidence that firewall vendors charge extra for SSL connections, controlling how many VPN users you can have operating simultaneously.

If your business transacts a lot with the cloud, passing your VPN traffic over SSL out to be a no-brainer. Unfortunately, it comes with an extra level of complexity to deal with in the form of SSL certificates. These require renewing biannually, and come with their own classes of spam, phishing attack and malware. You'll even have to contend with competing certificate issuers engaging in dodgy customer-capturing strategies.

Once you're in a cloud-centric business, it's very likely all of this grief will come to visit anyway. All the same, you'll need to take a step back and evaluate how to manage the risks associated with relying on certificates. It should be fairly simple in theory, but failures can be protracted and fantastically disruptive: being cut off from your entire computing resource is something that modern cloud businesses don't fire-drill for enough.

Another potential pitfall for heavily cloud-connected businesses is not paying enough attention to local infrastructure. A typical issue that might arise is a router wanting to do its own thing with SSL packets, rather than loading up the certificate that's been issued. It may not be easy (or possible) to resolve the problem, short of replacing the router with a better-behaved, more expensive model.

VPNs and the distributed business

The stereotypical use case for a VPN involves executives travelling around the world with their laptops, but this isn't how most people work in daily life. In many cases, it's about working from home, while maintaining secure, reliable access to professional-grade resources.

This sort of environment is what the big firewall companies make small firewalls for. Rather than messing with the challenges of remote support and distributed traffic gateways, it's far easier to look at the lifecycle costs of setting up little IP subnets at each home office, each one supporting whichever devices the job requires.

Ensuring that an arrangement like this is properly fault-tolerant isn't a trivial matter. There are pressures from all sides. Plenty of ISPs will offer something like this as a turnkey solution but they'll run it over their own wires, rather than over the public internet. This means you're stuck with the provider's timetable for maintenance operations, which can be in the order of weeks rather than days, and users can't connect to their home router and go.

And what if the line goes down? You can get routers with 4G SIM cards, to keep an internet connection going if the main line is lost, but there's no way to guarantee performance. Apart from anything else, your teleworking neighbours may be in the same boat and hitting the same cell. No wonder distributed businesses are becoming increasingly interested in the new wave of collaborative productivity platforms, which can be used over any consumer-grade connection and are usually presented via web browsers.

A few final caveats: remote access can be tricky to manage if you have a high staff turnover. Very few distributed VPN services are responsive enough to disconnect a departing staff member in the time it takes them to leave the office and drive home. Another issue is whether the local council approves of turning an employee's home into their regular place of work: there have been cases of two-up two-downs being re-rated as business premises, with all the associated tax implications.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Most Popular

Empowering employees to truly work anywhere

Empowering employees to truly work anywhere

22 Nov 2022
Larger monitors aren't all they're cracked up to be

Larger monitors aren't all they're cracked up to be

3 Dec 2022
Defra's legacy software problem 'threatens' UK gov cyber security until 2030
Business strategy

Defra's legacy software problem 'threatens' UK gov cyber security until 2030

6 Dec 2022