Apr 09 2020

Are VPNs Ready for the Masses Working from Home?

As businesses shift to widespread remote work, virtual private networks are being tested.

Moving an entire workforce to remote work has been challenging for businesses. IT departments have had to make sure employees are armed with the right devices, collaboration tools and network access to sustain productivity — and they’ve had to do it with little to no notice as the public health crisis escalated in a matter of days.

With working from home an increasingly popular benefit for employees, many businesses already had some remote work protocols and tools, such as virtual private networks, in place. But even organizations that already have VPNs are having to scramble, as most weren’t built to sustain use from the full workforce.

“I’d bet my next paycheck that most organizations plan for a maximum of between 10 percent and 30 percent of their employees connecting concurrently to their existing infrastructure,” says Stan Lowe, global CISO at Zscaler. “When you plan for VPN utilization, you plan for a maximum load of about 30 percent of your overall population. But now it’s not 30percent, it’s not 60 percent, it’s not location specific. It’s all of their employees, and that's not typically how you plan. You don’t plan for an event that affects the entire company.”

That reality is pushing IT departments to stretch the capacity of their VPNs and find creative ways to get essential business done, while still reaping the security benefits a VPN provides. 

How Businesses Can Get the Most Out of Their VPNs

For businesses that don’t already have the VPN capacity they need, expanding it now could prove challenging. “That presents a problem because of long lead times,” says Lowe. “If you have to ramp up additional capacity to be able to support your base, you’re not going to be able to do that.”

Instead, IT departments have to find ways to keep the organization productive within their current constraints. This means managing access to critical applications.

“You’re looking at doing some interesting internal juggling by tiering your applications,” says Lowe, noting that the systems most critical to business continuity are more basic than organizations may realize.

“Businesses are going, ‘Oh, it’s going to be the financial system, it’s going to be the manufacturing system, it’s going to be this, it’s going to be that.’ But really, one of the most critical business systems that people have is email,” he says. “Email and instant messaging and conference installations are actually the most critical business applications. You’ve got to figure out how to support that.”

Another way to make sure the VPN isn’t overloaded is to manage when employees are using it. Grouping workers together with designated times to get on the system can help distribute the workload. This approach might not work for some businesses, says Lowe.

“You end up saying, ‘Okay, you’re in group one, you have access from 0800 to 1600. You’re in group two, you have access from this time to that time,’ etc. That’s not really conducive to the way some businesses work, because the organizations that you’re dealing with don’t work like that.”

These organizations may have to look outside the VPN to provide supplemental support to workers. Cloud-based security tools like private access solutions from Zscaler and Netskope can be useful additions to the infrastructure.

MORE FROM BIZTECH: Watch how to power remote work at scale, from the experts.

Ways to Keep VPNs Secure During Remote Work

While deploying collaboration tools and solidifying networks are critical right now, businesses can’t afford to lose sight of security. The large number of devices connecting to networks is leaving organizations more vulnerable to attacks, both on the company level and the individual level. Implementing solutions such as multifactor authentication and unified endpoint management can help IT departments keep a tight grip on network access.

But one of the greatest vulnerabilities isn’t technological, but rather personal. Employees need to be alert to potential risks, and Lowe says that the simple reality of not being in the office can lead to problems.

“You walk around any office building, there’s a cybersecurity awareness campaign going on whether they know it or not,” he says. “They also don’t have the ability to pop up over the cube and ask their next-door neighbor, ‘Kevin, what do you think about this email? Do you think it’s kind of sketchy, or not?’ They don’t have the ability to do that.”

Keeping up awareness and vigilance among staff should be the first priority, Lowe says.

“Employees think that they’re just as protected as they are at the enterprise. And they just don’t have the backup resources to be able to ask those questions. Implementing an education and an engagement methodology for your remote workers with regard to security is critically important.”

VPNs can be a crucial tool for businesses during this shift to remote work. By getting creative and engaging the workforce, organizations can successfully — and securely — make a smooth transition to work from home.

Geber86/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.