Virtual Private Network (VPN) Pros and Cons for Business

Virtual Private Networks (VPNs) were already popular amongst numerous organizations and sectors before the pandemic. Now, with remote and hybrid work so widespread, companies need to be even more conscious of the way they allow employees and contractors to access files and internal systems.  You may ask "Do VPN's really work?" Continue reading to find out.

• VPNs provide more secure access to internal systems, such as email, CRMs, cloud-storage, telephony, and customer records. 

• VPNs protect internal data and systems, making organizations safer and compliant with various national data protection and access laws. A VPN safeguards these systems when employees are accessing them through home-based WiFi or public WiFi networks. 

• VPNs are more common in some sectors than others. For example, sectors that collect, process, and store sensitive data, such as healthcare, defense, the legal sector, insurance, financial services, are more reliant on VPNs for data access and keeping internal systems and networks secure. 

What is a VPN and why do I need it?

A VPN is, effectively, an internal corporate internet, sometimes known as an Intranet. Generally speaking, an Intranet works internally and usually only on-site, or between various offices. However, the difference is that a VPN establishes a secure connection between the devices employees are working on remotely (e.g. a laptop, tablet, or smartphone) and internal corporate systems. 

Instead of employees (or contractors) logging in across a potentially unsecure connection, they can connect through a VPN. That way, even when an employee is working from home or a coffee shop, once they've logged in through the VPN remote access, they are contained within your secure internal networks. 

Even though they are physically in whatever location they are working from, once they've accessed systems using a VPN, employees are digitally within your internal networks. 

How do VPNs work?

A remote access VPN acts as a secure encrypted tunnel, between your internal network and external devices. Think of the Internet or mobile data as a freeway. It is out in the open, exposed to anyone who wants to access that data. 

A VPN goes underneath the freeway, navigating a completely different route. So, even if data moves between the same locations, the traffic going through this tunnel is secure, encrypted, and is less vulnerable to cyberattacks. One advantage is your IP address is disguised, making the tunnel virtually invisible. 

The two main components of a VPN are the network access server (NAS) and VPN client software. For the end-user -- such as your employees -- they access a VPN through cloud-based software. At the corporate end, the NAS acts as the other side of this secure tunnel, giving anyone logging in through a VPN access to internal software and systems. 

As useful as VPNs are, companies don't always need them. One way around needing a VPN is working with a Software as a Service (SaaS) provider. Cloud-based SaaS vendors can give corporate employees a wide range of services and solutions. All of them run securely and through encrypted channels, eliminating the need for a VPN to access them, and reducing the amount of software your teams need to download, log into, and interact with. 

Pros and Cons of a VPN

Pros:

1. Log in from anywhere 

   VPNs should give you the ability to log into company networks and software securely and remotely from anywhere in the world, on any device, at any time. They should give team members the same advantages as being in the office, whether they're at home, in a coffee shop, a co-working space, a hotel, or on a plane. 

   However, we know from experience that isn't always the case. So, make sure any VPN you use is compatible with as many networks as possible, especially WiFi in hotels and on planes. 

2. Get operational quickly 

   When you start using a VPN, your teams should be up and running with it quickly. VPNs are fairly easy to install and use, and it shouldn't take much time to train teams across an organization on how to use them. 

3. Enhanced security and regulatory compliance, especially with remote or hybrid teams 

   VPNs give companies the benefit of enhanced security and regulatory compliance, especially when you have remote or hybrid teams. It's equally useful for those with field sales teams. That way, customer data is transmitted securely using a VPN instead of being sent across open and unsecure networks. 

   Regulatory compliance is particularly important, especially in sectors with highly-sensitive data, such as healthcare, insurance, and financial services.

   Not only do companies have to carefully consider and implement compliance with data protection laws, such as CCPA in the US and GDPR in Europe, but there are other more rigorous sector-specific laws and regulations companies have to factor in. 

4. Safe access to files over public networks 

   When teams are working remotely they are accessing your systems and files using home-based Internet and public networks. None of these are as secure as VPN or cloud-based SaaS networks. There is enormous risk that files and data could be intercepted by cyber criminals and hackers. 

   The potential for a data breach increases when more of your team is working remotely, making it increasingly important to implement appropriate safeguards, such as providing access through a VPN. 

   Chief Information Officers (CIOs) and Data Security and Compliance need to implement VPNs or comparable SaaS-based systems to protect the whole organization (data breaches are expensive and can damage a brand's reputation). Business leaders should ensure employees cannot access internal systems, including email, unless they're logging in through a secure encrypted portal. 

5. Low operational and maintenance costs

   Generally speaking, VPNs should be affordable and cost-effective to run. Access is usually provided on a per head (employee count) basis, so the more staff you have the more a VPN will cost to run. Subscription to these services becomes more cost-effective when a company pays for an annual license, often with discounts as high as 25-30%. 

   Maintenance is also cost-effective as that is the responsibility of the vendor. As VPNs or other SaaS-based software are managed by the vendor, you don't need to worry about these systems taking up hardware space on internal servers. 

Despite these advantages, there are also disadvantages for consideration to operating a VPN which we cover below. 

Cons:

1. Speed

   Accessing systems through VPNs can slow staff down. If access is required quickly, or across a low bandwidth connection, a VPN isn't always the best option.

2. Full access could be limited

   Some VPNs don't allow access across every network your employees might be using. 

   For example, if you're trying to access your company's systems while on a plane, most VPNs can prevent that kind of login attempt. If you're on the way to an important meeting with a client and cannot work while in transit that could be disastrous for the meeting you're about to attend. 

3. Security

   While a VPN's main purpose is better security, limitations in access ironically might lead employees to circumvent the VPN. For example, employees might send data and information to personal email addresses and software, effectively sidestepping a VPN in order to get work done. This obviously defeats the reason for having a VPN and, at the same time, puts sensitive data at risk for cybercriminal activity. 

   VPNs are far from perfect, especially when they impact productivity. One way around this problem is to use cloud-based software you know is secure, such as Giva, a SaaS product with solutions for numerous sectors. 

How important is a HIPAA compliant VPN in the healthcare sector?

Healthcare organizations need to be compliant with The Health Insurance Portability and Accountability Act (HIPAA). This means data needs to be sent only across secure networks. VPNs are one solution for that.

Another is to use secure, encrypted cloud-based software, such as Giva, for Customer Service, IT Help Desks, Asset Management, Knowledge Management, and numerous other functions within healthcare organizations. 

Do you "need" a VPN?

No.  It is now no longer essential to have a VPN to experience all of the advantages VPNs have to offer. 

As one of our clients -- Gordon & Rees LLP, a San Francisco-based law firm with 1200 employees across 27 offices in 18 states, found, a SaaS-based system, such as Giva, can be a huge advantage. Floyd Withrow, Chief Information Officer (CIO) at Gordon & Rees, said:

"With Giva, we have eliminated a time-consuming step of logging into our VPN. Since Giva can be securely accessed from anywhere in the world, remote access into our firm network is not required."

Mr. Withrow continued, "It was very easy to get up and running on Giva. We had to take a step back from our old system to make sure going forward we would be properly customizing Giva to take advantage of all of its capability. We did some advance planning with our Giva account manager, and all the configuration and customizations were done, without outside consultants, in a very timely manner that met [numerous] internal goals."

With the right SaaS-based service, your team should have no problem logging in securely from anywhere in the world, on any device, at any time. Giving you all of the advantages of a VPN, without the productivity downsides and adding another layer of software to your company's tech stack.

Key Takeaways: Should your business have a VPN?

VPNs are useful in many ways. VPNs keep data secure and give remote employees ways to access internal systems over an encrypted network instead of unsecure public WiFi, mobile data, and Internet connections.

However, VPNs aren't the only solution for network security. Secure, cloud-based software, such as Giva, provides all of the advantages of a VPN without an extra layer of technology getting in the way and reducing employee productivity. VPNs are no longer essential, especially when you work with the right software partner to support various operational areas within your organization.