The significance of VPNs has changed and grown over the years, particularly with the massive digital transformation that businesses have been forced to implement post-pandemic.

Virtual private networks (VPN) are widely used by many businesses for accessing critical infrastructure and to secure connections between sites. They are also progressively important for the increasing number of employees who work from home, but who still need to retain access to key systems as if they were in the office. Prioritising data security for these remote workers is a key cyber resilience factor for any company.

A VPN works by creating a virtual point-to-point connection through either the use of dedicated circuits, or with tunnelling protocols over existing networks. This can also be done over wider area network (WAN) geographically, but also in the same methods of enabling data to be transmitted over the internet.

Unfortunately, this very flexibility can offer security challenges for some organisations, with 55% of organisations reported challenges with their VPN infrastructure during the pandemic.

A simple misconfiguration, loss of a single password, or security credential can result in a major data breach. Furthermore, many VPNs, particularly those used as border security for cloud infrastructure, run on virtual machines which are just as susceptible to zero-day vulnerabilities or advanced hacking techniques as any other server.

Cyber criminals will often use VPNs as the first rung in an attack, enabling them to get a good position in a network. Several significant data breaches in the recent past have resulted from security vulnerabilities in VPNs. Even hardware-based firewalls fundamentally run software that needs to be patched and maintained to provide adequate security.

Should a breach happen via VPN, an organisation will need to have a rapid response plan to reset accounts and appliances, so valid users can still use the network whilst an investigation can take place.

With the adoption of public cloud platforms or a hybrid mix of cloud services and on-premises infrastructure, data security is even more critical with potentially sensitive data being sent over the public internet. Even the cloud providers like AWS, Azure, and Google Cloud offer secure VPN connectivity between remote offices, client devices and their own networks, based on IPsec.

However, again there are disadvantages which range from data loss/leakage, insecure interfaces, to account hijacking. Also, if the cloud does experience outages or other technical problems, there needs to be a process in place to enable business operations. Nevertheless, cloud computing may not be a realistic option for companies. There are many businesses that have some older non-cloud-based programmes or have files that are primarily stored in private data centres. Employees that need to access those files will still require secure remote connectivity.

Deploying and managing VPN can be complex and resource intensive, with high risks for misconfigurations and a potentially large blast-radius for network level access. As such, organisations are considering a move to alternative remote access solutions and prioritising the adoption of a zero-trust network access (ZTNA) model. These ZNTA models can highlight gaps in traditional network security architecture, but also introduce a new layer of complexity in implementation and deployment, as this framework cannot leave any gaps open and maintenance and access permissions must be kept up-to-date regularly.

VPNs and ZTNA are at opposing ends of the security spectrum, but it is possible to reap the benefits of both from a security and usability perspective.

CyberHive have recently developed a Mesh network platform called Connect. This novel approach implements a low-latency P2P topology, suitable for traditional enterprise applications. But also, equally efficient on low-power embedded devices to add connection security to IoT devices, or high-cost equipment running lightweight hardware and operating systems – all whilst adding the principles of zero-trust and future proofing encryption by employing post-quantum resistant cryptographic algorithms.
This is a solution that is designed for ease of deployment and central management, so even if your long-term vision is to deploy the latest security technology buzzword, you can protect your users and critical devices easily today with no network disruption.

For more info on CyberHive Connect, and how it could support your business, contact [email protected]