4 Ways Where Remote Access VPNs Fall Short
Qcom Service Areas: Networking and Security
Secure remote access is a common need for most SMEs today
While employees almost exclusively worked from the office in the past, this has changed in recent years. The pandemic and mobilisation of the workforce means that businesses may have users connecting and working from across the UK, Europe or world wide, and these remote users need secure remote access to your networks and other resources.
Historically, virtual private networks (VPNs) were the only available solution, and this familiarity has driven many businesses to expand their existing VPN infrastructure as the need for secure remote access has grown. However, VPNs are network solutions that were designed for business networks and security models that no longer exist, and cannot provide secure, high-performance network access to a workforce that requires a more modern remote access solution.
Let’s take a closer look at how remote access VPN is falling short:
1. Lack of built-in security/access management
VPNs are designed to provide secure remote access to business networks or IT resources. This includes creating an encrypted tunnel between two endpoints — such as a remote employee’s computer and a VPN server on the business network — for business traffic to travel over.
While VPNs can protect against eavesdroppers, that’s about all that they can do. They include no built-in access management or security controls beyond requiring a username and password at logon. Protecting the business network against any threats that come over the VPN connection — such as those from an infected computer or a compromised user account — or implementing a zero-trust security policy requires additional security solutions deployed behind the VPN endpoint
2. Geographic constraints
VPNs are designed to connect two points with an encrypted tunnel that network traffic can flow over. Securing network traffic along its entire route requires VPN connections along each leg of that route. Business IT environments are becoming more distributed with the growth of cloud computing, remote sites, Internet of Things (IoT) devices, and business use of mobile devices. Securing access to all of the WAN often creates trade offs between network performance and security.
VPNs’ lack of built-in security means that security solutions must be deployed behind each VPN server, making it more difficult to directly link every potential traffic source and destination. Instead, many businesses backhaul traffic to the headquarters network for inspection, degrading performance and increasing latency.
3. Inefficient routing
The point-to-point nature of VPN connections means that a VPN connection can only provide secure access to a single location. For example, a user may be able to connect directly and securely to the WAN.
However, networks are increasingly distributed with infrastructure in on-premise data centres and scattered across multi-cloud environments. As a result, VPNs either force users to have VPNs configured for multiple different locations or to accept inefficient network routing that passes through a single VPN terminus en route to their intended destination.
4. Excessive trust in endpoint security
The goal of a VPN is to protect remote users’ network traffic from being intercepted or eavesdropped upon en route to its destination. VPNs don’t inspect the traffic that they carry or perform any access control beyond basic user authentication. As a result, VPNs are overly trusting in the security of the endpoints that they connect.
Some of the threats that VPNs provide NO protection against include:
- Infected Devices: If a remote employee’s device is compromised with malware, the malware can send traffic over the device’s VPN connection as well. This could allow an attacker to bypass security restrictions and gain access to your networks.
- BYOD Devices: The rise of remote working has resulted in increased use of personally owned devices for business purposes. These devices can connect to your IT assets via VPNs and may be infected with malware or non-compliant with your business security policies.
- Compromised Accounts: VPNs only implement access control in the form of user authentication when setting up a VPN session. If an attacker has compromised a user’s authentication credentials (password, etc.), they can log in as that user and connect to business IT assets.
VPNs only secure the connection over which two endpoints are communicating. They’re overly trusting of the endpoints involved in the communication, which can result in malware infections or other threats to business assets.
Building Secure Remote Access for a Modern business
VPNs have significant limitations in terms of their performance, usability, and security. While these issues may have been manageable in the past, rapidly evolving business networks make them an increasingly unsuitable solution for secure remote access. Relying on legacy remote access VPNs forces companies to make choices between network performance and security.
Businesses looking to modernise their IT infrastructure to better support remote and hybrid work schedules need to replace their VPNs.
With Qcom, companies can move security to the network edge, enabling network optimisation without sacrificing security. To learn more about how our cutting-edge solution can enhance an organisation’s remote access infrastructure. Feel free to request a free consultation.