Â
When COVID-19 hit, organizations were forced to go from a five percent remote workforce to up to a one hundred percent remote mode. And for organizations worldwide, the sudden surge in remote work placed unprecedented stress on VPN solutions. For starters, VPNs were not built to support large-scale remote work and definitely not built to scale to the connected world of 2020. But overnight, building sufficient VPN capacity became critical for business continuity. Over the past few months, IT teams across the board have dramatically increased VPN capacity to tackle the load and also implemented authentication to securely deliver corporate access to a distributed remote workforce.
Tempered Networks CEO Jeff Hussey, the pioneer of Airwall technology sums up the current scenario succinctly, “It’s not like you can run down to your local Best Buy, grab a bunch of VPN concentrators and be up and running with secure remote access in a few hours with traditional VPNs. There is a great deal of planning, installing, testing, and expense to ensure remote workers maintain a given level of security posture compliance while enabling access to company assets and information required to keep staff productive. Unfortunately, many organizations have traded security for business continuity which adds stress to IT and security teams, while raising cyber risk exponentially.â€
So what does this mean for CISOs building a post-COVID security roadmap? In the new normal, IT decision-makers will need to re-evaluate solutions that reduce complexity, deliver trust and privacy, and have the flexibility required for business continuity. In the case of VPNs, IT leaders will need to rethink VPN solutions that pack advanced security, visibility, and capacity. The U.S. Department of Homeland Security sounded off the alarm on VPN vulnerabilities amid the surge in telework.
AvastOpens a new window describes VPN as a private tunnel that masks your identity by rerouting traffic through other servers. In a way, VPNs offer complete anonymity and protect user privacy. Instead of sending your user generated traffic, such as browsing activity, shopping, uploads etc. directly to the ISP, a VPN routes the traffic through a VPN server. “With VPN, the apps end up following zig-zag paths between a home user and the cloud,†NetFoundry’Opens a new window s founder-CEO Galeal Zino explained. So, a VPN masks your IP address by adding encryption to keep your online identity secure.
Check out 4 best practices for choosing a VPN service:
Â
1. Choose VPN service that provides its own DNS Servers
Remember how NordVPN, one of the world’s leading VPN providers that also promises the fastest speed, got hacked. TechCrunchOpens a new window reported last year how a hacker gained access to the server by exploiting a vulnerability. On its part, NordVPN maintained servers didn’t contain any user activity logs, so usernames and passwords couldn’t have been intercepted. To bolster the security posture, ensure the solution providers don’t use public DNS servers, that can’t guarantee such privacy. Opt for a VPN service that maintains its own DNS server.
2. No Log & GDPR Compliant VPN service
In the post-COVID world, no logs VPN services will become increasingly important, though many experts cite that it is just another marketing buzzword to sell as there’s no way to verify claims. Over the last few years, there has been a shift from no-browsing logs to zero logs with most VPN providers opening up for third-party audits to gain user trust and become privacy-first. For example, NordVPN (that has 5600 servers worldwide) has taken a lead in becoming a no-log service provider and claims it doesn’t track, share or collect user data. Another leading service provider, PureVPN (has 2000+ servers across 141 countries) is also GDPR compliant. Opt for a service provider that is transparent about its data privacy policy.
3. Strong Encryption features
The Zoom incident highlighted how a lack of strong encryption created gaps in software that allowed bad actors to exploit vulnerabilities and crash Zoom meetingsOpens a new window . Typically, VPN providers use a combination of encryption techniques to strengthen the solution, such as symmetric and asymmetric cryptography for 256-bit AES encryption. By and large, most VPNs have strong encryption features and some vendors like Avast offer an extra layer of protection with its own DNS resolution system. According to AvastOpens a new window , its DNS resolution system blocks bad actors with further encryption and ensures all IPv4 traffic is firewalled and also disable IPv6 requests.
4. IPV6 Support
In case you haven’t noticed, the world is shifting towards a new IP standard, IPv6.Now, for a VPN service provider that doesn’t support IPv6, IT teams will need to block traffic to prevent data leaks. Currently, a majority of VPNs only operate on IPV4, which means the traffic is redirected to an external DNS server that is susceptible to DNS leaks. In this scenario, it’s best to choose a VPN service that provides its own IPv6 DNS server. Leading service provider NordVPN offers DNS leak protection and plans to add the support in 2021. Meanwhile, Perfect Privacy touts it has a dual stack which means it provides VPN-specific IPv6 address.