A look at what they do and don’t do

A look at what they do and don’t do

/

Virtual private networks, or VPNs, are not an entirely new technology. When I started my IT career about 15 years ago, VPN tunnels were the standard way to connect us to remote offices by extending private networks over the public internet.

Recently, as the workforce continues to decentralize due to the rise of cloud computing in addition to the current pandemic, VPN has become a hotter topic and is being marketed as an important security solution.

As you might imagine, a 30-second ad praising the virtues of a VPN doesn’t tell the whole story. Like any other tech solution, VPNs are not all-encompassing. You probably have many good reasons to use a VPN, but I wanted to take a few moments to explain specifically what VPNs can do for you as well as areas where VPNs may not address your security and privacy needs.

Benefits and Reasons for Using a VPN

While reviewing all the details about VPNs beyond the scope of this blog, let’s talk about some common reasons for using them:

1. Create some privacy when transferring data between different sites Every time you go online, whether you’re going to Google, watching Netflix, or sending email, you’re transmitting data over the public internet. Just as if you were driving from one place to another, you always use the highways and highways to get from point A to point B. The VPN “smears the windows”, so to speak, so that when your data continues on these on public highways, the bad guy can’t necessarily see the traffic. They might see that the traffic is there, but it’s usually encrypted to be unreadable.
2. Work around some filters Sometimes a VPN can be used to route traffic differently and make the service think I’m calling from a geographically different place than my actual location.
3. Remote communication control – If a VPN is required to establish a remote connection between the client and the service such as servers or data in a central location, the administrator can also restrict connections from unauthorized third parties such as ex-employees. With this VPN disconnect, they do not have to worry that their computer or mobile device is accessing data that they are no longer authorized to access.

The key here is that VPNs route traffic with a layer of encryption that allows the free exchange of data between two points regardless of geographic locations and the device used. Looks good, doesn’t it?

Well, just deploying a VPN solution will leave you with some serious blind spots, so let’s go over some of the things that VPNs do not. Next, I will briefly discuss how you can use this information to make good decisions about overall security and risk management.

As remote work continues for longer than we might have expected, has your organization properly invested in cybersecurity for *long-term* remote work?

Please vote and comment below! 👇🏽👇🏽#cybersecurity #workingfromhome

— Cybersecurity | Tripwire (@TripwireInc) July 16, 2020

What a VPN won’t do for you

1. VPN solutions do not protect against account hack Between your home life and your work life, you likely use a variety of tech solutions such as Microsoft Office 365 for email, perhaps a web-based CRM, accounting app, or even tax software where you keep your income tax information for filing. A VPN can encrypt data between two points, but if your authentication information isn’t secure enough, a hacker can get in and start snooping data or commit a fraud.
2. A VPN will do nothing to protect your team from phishing attacks Phishing is on the rise because it is cheap and effective. It also circumvents many common security tools and is a direct attack on personal vulnerabilities, unlike technical vulnerabilities. When you volunteer information after clicking on a bad link or allow malware to be installed by tricking you into it, a VPN won’t do you much good.
3. A VPN is not likely to improve speed or performance While a good VPN solution likely won’t harm your connection, a bad one can make things worse. Some VPN solution providers make claims about performance improvements that are questionable at best.
4. A VPN will do nothing to address internal threats When we extend a corporate network using VPNs to give users access to technology assets, we give them the keys to the castle, so to speak. Once someone returns data to their home computer via their VPN connection, for example, you don’t necessarily know what to do with it. If they take this data and put it on another unauthorized device or share it with people who are not supposed to, your VPN will be of no use.
5. The VPN will not address any vulnerabilities on the devices themselves Creating a series of VPN tunnels can create a strong private network where you can feel confident that the data transmission is private and controlled. However, if your servers, desktops/laptops, and other devices have unaddressed flaws, or if these devices are in an unsupportable state, you may face data penetration through these vulnerabilities regardless of the VPN. In fact, you can prove that VPNs don’t really address the right risks for certain organizations with outdated technological infrastructures.

VPNs are one of the many valuable tools you can use to protect the security of your systems and the privacy of your data, but they should be just one part of your overall technology management strategy. The one thing I always say is that nothing is without risk. Everything we do carries with it the risk of failure or loss. The goal of risk management is to reduce these risks. I fear the marketing behind VPNs and other security products will lull people into a false sense of comfort that is driving them away from the holistic approach.

Decision makers tasked with avoiding the practical errors of technology need to view robust security as reducing risk at multiple levels: people, devices, and networks. VPNs deal primarily with networks, so when you assess your technology tools are in place, especially as the new normal for the workplace requires changes to it, never shy away from the idea of ​​holistic security that seeks to address risks from multiple angles and areas.

About the author: Ben Schmerler is Director of Strategic Operations at DP Solutions, an award-winning Managed Service Provider (MSP) headquartered in Columbia, Maryland. Ben works with his clients to develop consistent strategies not only for technical security, but also for policy/compliance management, system design, integration planning, and other business-wide technology concerns. You can follow DP Solutions’ updates on LinkedIn or their website: www.dpsolutions.com.

Editor’s note: The opinions expressed in the guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

[ad_1]
Don’t forget to share this post with friends !