Recent events have compelled organizations of all sizes and across industries to adopt new work approaches that keep employees safe at home while ensuring productivity and security. According to a report by Willis Towers Watson, nearly half (46%) of organizations are implementing work-from-home policies because of the COVID-19 pandemic. As a result, companies are relying on virtual private networks (VPNs), which establish encrypted connections to enterprise applications over the public internet, to connect their workforce.
In the past, VPNs were known to cause various levels of grief in many organizations because they can be tricky to implement and maintain. But they’re also very important components in enterprise security, and implementations have improved markedly in recent years when it comes to user-friendliness.
Many organizations have used VPNs for years to provide seamless connectivity without compromising security for employees who travel or work remotely. These VPN endpoints are typically set up to support 5% 10% of a company’s workforce at any given time. Ongoing VPN support for 100% of the workforce at companies around the world is unprecedented, and this “new normal” is putting unforeseen stress on both corporate and public networks.
There are important steps companies can take to address these challenges so that connecting to enterprise networks doesn’t leave employees frustrated during a time when stress levels are already high. These same best practices can support an enduring strategy for managing an increasingly mobile and remote workforce as the nature of work shifts.
This eWEEK Data Points article is based on industry information supplied by Karthik Krishnaswamy, director of product marketing at NS1.
Data Point No. 1: VPN Security
VPNs are intrinsically designed to be encrypted tunnels that protect traffic, making them a secure choice for enabling remote work. Even with the increased number of people connecting to VPNs, this remains true. However, cyber-criminals do take advantage of times of chaos to attack corporate infrastructure like VPNs.
The strategy cyber-criminals typically employ is to obtain a person’s network credentials to access the VPN and, by extension, the employer’s networks and systems.
With so many more VPN users, the pool of potential victims who lose their credentials is higher than ever before. Knowing this, companies can ensure they properly secure their VPNs by enabling and requiring two-factor authentication as a second layer of protection.
With two-factor authentication, even if a cyber-criminal obtains an employee’s login credentials, they won’t be able to access the VPN or network without additional information, such as a one-time-use security code sent to a preselected mobile number or, ideally, to a token application. While no security measure can 100% guarantee complete security, setting up two-factor authentication can make it much more difficult for a cyber-criminal to take advantage of increased VPN usage.
Data Point No. 2: Add New VPNs to Support Increased Demand
Once a company has secured its VPN endpoints, it may find that the current infrastructure does not adequately support its entire workforce. A report from Atlas VPN estimates that VPN usage could increase by 150% as the coronavirus continues to spread. Companies can manage the increased demand by adding endpoints in multiple regions to cope. Depending on the company’s VPN architecture, this can be done through a cloud provider by increasing seats, by adding licenses to the existing VPN hardware solution, or by purchasing and deploying new VPN servers. One may also be able to enable VPN capabilities on existing edge network devices. This may be a great short-term solution for some as it allows for an increase in capacity without incurring additional capital expenses.
Data Point No. 3: Ensure Positive Employee Experience With VPN Traffic Steering
While increasing the number of VPN servers will help ensure a company has the capacity to accommodate more employees working remotely, there may still be issues with performance or availability if all the users log in to the same VPN server.
To accommodate this increased demand, organizations can optimize VPN server use by using traffic steering at the DNS layer. In many cases, it is up to the employee to randomly choose an endpoint from a list. Employees continue connecting to a “default” endpoint for days or weeks, regardless of usage or capacity.
Worse yet, if the user cannot connect to their normal endpoint due to high traffic volume, the client will often select a backup without consideration to location or load, resulting in slowness or outright disconnections.
Data Point No. 4: Monitor Performance to Adapt as Needed
Lastly, continuous monitoring is a crucial step to making sure your VPN connections remain accessible and performant for employees. Many tools provide valuable insight that can help companies evaluate and adjust capacity as needs change. Consistent monitoring can also demonstrate trends about when employees are connecting the most often, and from which geographies. This allows companies to better plan for times of high volume, create strategies for when to add more VPNs based on employee growth plans and set up informed traffic routing rules, optimizing VPN usage long term.
By adding VPNs, traffic steering at the DNS layer, securing the endpoints and consistently monitoring performance, employers can deliver the same seamless network and technology experiences that employees expect when they are in the office. In a time of uncertainty and worry, this can help reduce the stress of working remotely while also creating a resilient network.
If you have a suggestion for an eWEEK Data Points article, email [email protected].