Virtual Private Network (VPN) Advantages and Disadvantages

Virtual Private Networks (VPNs) have been popular amongst numerous organizations and sectors. Now, with remote and hybrid work so widespread, companies need to be even more conscious of the way they allow employees and contractors to access files and internal systems.  You may ask "Do VPN's really work?" Continue reading to find out.

What is a VPN?

A VPN is, effectively, access to an internal corporate internet, sometimes known as an Intranet. Generally speaking, an Intranet works internally and usually only on-site, or between various offices. However, the difference is that a VPN establishes a secure connection between the devices employees are working on remotely (e.g. a laptop, tablet, or smartphone) and internal corporate systems.

Instead of employees (or contractors) logging in across a potentially unsecure connection, they can connect through a VPN. That way, even when an employee is working from home, or even a coffee shop, once they've logged in through the VPN remote access, they are contained within the secure internal network.

How Do VPNs Work?

A remote access VPN acts as a secure encrypted tunnel, between an internal network and external devices.

Think of the Internet or mobile data as a freeway. It is out in the open, exposed to anyone who wants to access that data. A VPN goes underneath the freeway, navigating a completely different route. So, even if data moves between the same locations, the traffic going through this tunnel is secure, encrypted, and is less vulnerable to cyberattacks. One advantage is a user's IP address is disguised, making the tunnel virtually invisible.

The two main components of a VPN are the Network Access Server (NAS) and VPN client software. For the end-user, such as employees, they access a VPN through cloud-based software. At the corporate end, the NAS acts as the other side of this secure tunnel, granting that VPN user access to the internal network.

Why Might an Organization Want to Use a VPN?

• VPNs provide more secure access to internal systems, such as email, CRMs, cloud-storage, telephony, and customer records.
• VPNs protect internal data and systems, making organizations safer and compliant with various national data protection and access laws. A VPN safeguards these systems when employees are accessing them through home-based WiFi or public WiFi networks.
• VPNs are more common in some sectors than others. For example, sectors that collect, process, and store sensitive data are more reliant on VPNs for data access security. Sectors using VPNs more might be part of the following:
  • Healthcare
  • Defense
  • Legal
  • Insurance
  • Financial services

Advantages and Disadvantages of a VPN

Advantages

1. Log in from anywhere

   VPNs should give one the ability to log into company networks and software securely and remotely from anywhere in the world, on any device, at any time. They should give team members the same advantages as being in the office, whether they're at home, a co-working space, a hotel, or on a plane.

   However, experience shows that isn't always the case. So, make sure any VPN used is compatible with as many networks as possible, especially WiFi in hotels and on planes.

2. Get operational quickly

   Teams can be up and running with it quickly. VPNs are fairly easy to install and use, and it shouldn't take much time to train teams across an organization on how to use them.

3. Enhanced security features and regulatory compliance, especially with remote or hybrid teams

   VPNs give companies the benefit of enhanced security and regulatory compliance. This is especially true for remote or hybrid teams. It's equally useful for those with field sales teams. That way, customer data is transmitted securely using a VPN instead of being sent across open and unsecure networks.

   Regulatory compliance is particularly important, especially in sectors with highly-sensitive data, such as healthcare, insurance, and financial services.

   Not only do companies have to carefully consider and implement compliance with data protection laws, such as CCPA in the US and GDPR in Europe, but there are other more rigorous sector-specific laws and regulations companies have to factor in. And VPNs can help.

4. Safe access to files over public networks

   When teams are working remotely, they are accessing systems and files using home-based Internet and public networks. None of these are as secure as VPN or cloud-based SaaS networks. There is enormous risk that files and data could be intercepted by cyber criminals and hackers.

   Chief Information Officers (CIOs) and Data Security and Compliance need to implement VPNs or comparable SaaS-based systems to protect the whole organization (data breaches are expensive and can damage a brand's reputation). Business leaders should ensure employees cannot access internal systems, including email, unless they're logging in through a secure encrypted portal.

5. Low operational and maintenance costs

   Generally speaking, VPNs should be affordable and cost-effective to run. Access is usually provided on a per head (employee count) basis, so the more staff you have the more a VPN will cost to run. Subscription to these services becomes more cost-effective when a company pays for an annual license, often with discounts as high as 25-30%.

   Maintenance is also cost-effective as that is the responsibility of the vendor. As VPNs or other SaaS-based software are managed by the vendor, hardware space on internal servers are not needed.

Despite these advantages, there are also disadvantages for consideration to operating a VPN which we cover below.

Disadvantages

1. Speed

   Accessing systems through VPNs can slow staff down. If access is required quickly, or across a low bandwidth connection, a VPN isn't always the best option.

2. Full access could be limited

   Some VPNs don't allow access across every network employees might be using.

   For example, if an employee is trying to access a company's systems while on a plane, most VPNs can prevent that kind of login attempt. If they cannot work while in transit to a meeting with a client, that could be disastrous for the business process.

3. Security

   While a VPN's main purpose is better security, limitations in access ironically might lead employees to circumvent the VPN. For example, employees might send data and information to personal email addresses and software, effectively sidestepping a VPN in order to get work done. This obviously defeats the reason for having a VPN and, at the same time, puts sensitive data at risk for cybercriminal activity.

Does a Company "Need" a VPN?

No. It is now no longer essential to have a VPN to experience all of the advantages VPNs have to offer.

As useful as VPNs are, companies don't always need them. One way around needing a VPN is working with a Software as a Service (SaaS) provider. Cloud-based SaaS vendors can give corporate employees a wide range of services and solutions. All of them run securely and through encrypted channels, eliminating the need for a VPN to access them. This also reduces the amount of software teams need to download, log into, and interact with.

As one of our clients, Gordon & Rees LLP, a San Francisco-based law firm with 1200 employees across 27 offices in 18 states, found, a SaaS-based system, such as Giva, can be a huge advantage. Floyd Withrow, Chief Information Officer (CIO) at Gordon & Rees, said:

"With Giva, we have eliminated a time-consuming step of logging into our VPN. Since Giva can be securely accessed from anywhere in the world, remote access into our firm network is not required."

Mr. Withrow continued, "It was very easy to get up and running on Giva. We had to take a step back from our old system to make sure going forward we would be properly customizing Giva to take advantage of all its capabilities. We did some advance planning with our Giva account manager, and all the configuration and customizations were done, without outside consultants, in a very timely manner that met [numerous] internal goals."

With the right SaaS-based service, a team should have no problem logging in securely from anywhere in the world, on any device, at any time. This provides all the advantages of a VPN, without the productivity downsides and adding another layer of software to a company's tech stack.

Key Takeaways: Should Your Business Have a VPN?

VPNs are useful in many ways. VPNs keep data secure and give remote employees ways to access internal systems over an encrypted network instead of unsecure public WiFi, mobile data, and Internet connections.

However, VPNs aren't the only solution for network security. Secure, cloud-based software, such as Giva, has all the advantages of a VPN without an extra layer of technology getting in the way and reducing employee productivity. VPNs are no longer essential, especially when you work with the right software partner to support various operational areas within your organization.