Rightsizing Your VPN Without Sacrificing Remote Worker Security

Remember back in March, when workplace doors were closed and employees were sent home for a brief shutdown? Some five months later, it’s safe to say the shutdown has been anything but brief. While some organizations have made the move to reopen on a provisional basis, many others have kept their buildings shuttered. There are plenty of reasons why but some simply see no reason to change as their safely scattered teams have functioned and produced much as they did when under the same roof. Users may not have buckled under the strain, but a core technology in their work-from-home support system may be feeling the pinch: VPNs.

Part of the issue is VPNs are handling far heavier traffic volume than was intended. When they were deployed, working from home was a perk enjoyed by some just once or twice a week and not the organization-wide mandate it became. Even lifting those mandates and reopening offices might not make the problem completely go away as one popularly cited statistic from Gartner suggests. According to the research firm, employers are planning to transition roughly 5% of their previously onsite workforce into fully remote roles.

We checked in with network experts in search of insights on what organizations need to consider as they plan for the remainder of 2020 and what comes after.

What to focus on during a VPN audit

Leaders in the field suggest conducting a thorough audit of a VPN, focusing on two areas:

• Enhancing security: Cyber criminals have no reservations about leveraging the coronavirus pandemic to score a quick payday. Some scams have merely used the pandemic as window dressing, covering tried and true social engineering and phishing campaigns. Others see opportunity in a company being forced to operate in a way it wasn’t built to, e.g., entirely remotely. A properly tuned VPN along with a few supporting technologies can be instrumental to making sure these attacks fizzle. Some capabilities worth pursuing – if they’re not already in place – include granting a network the ability to assess an endpoint’s defense posture (antivirus running, patches implemented, etc.) and to restrict access to the network in the event of noncompliance. Network access should be further guarded using multifactor authentication as the security boost it provides far outweighs the mild inconvenience inflicted upon users. Audits should also confirm time is being made for more mundane, but important, maintenance tasks such as reviewing access control lists, revising policies as needed, etc. Organizations must also ensure they’re prepared for a data breach, should one happen. VPN access logs should be collected so they can be used to follow in the footsteps of an attacker, helping to fully remediate any damage caused.
• Right-sizing capacity: Earlier we mentioned the idea that organizational VPNs are already stretched thin. We also talked about how, even when that traffic does eventually recede, it may not quite find its way back to pre-pandemic levels. Remote work has been validated in the eyes of many former skeptics. Now it’s a matter of ensuring your organization is able to support an appropriate level of access moving forward. To start, measure. It’s just like the cliché goes: “you can’t improve what you don’t measure.” Continuously monitor the traffic traversing your various VPNs as well as the number of distinct devices seeking connections, all in order to gain a feel for what an average day looks like. This might reveal that additional VPN resources aren’t needed. Instead, they may simply need to be redirected from lesser used sites to those that experience heavier traffic. Note: Be sure to engage with all departments to learn more about their individual strategies for reopening workplaces or possibly relocating users. If more resources is the answer, this data can help allocate new IP addresses, hubs, firewalls, etc. Of course, solving certain network bottlenecks may require a call to the organization’s internet service provider for additional circuits or more flexible usage caps.  

Next Steps: Start planning now for the future of your VPN

These are the kinds of conversations organizations must have in order to be sure users are able to continue to access the resources they need and that they can do so securely. The fact that so many businesses have adapted so seamlessly, and so quickly, to a fully remote posture is a testament to their digital maturity. However, more changes are coming and organizations must be ready to continue to evolve as they arrive.  

Need help auditing your VPN and network environment? Want to learn more about the steps you can take to right-size and secure user connectivity? Arraya can help. Our team of network experts can provide the strategic as well as hands-on technical support your organization needs to keep users securely connected while allowing for room to grow.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team.

Comment on this and all of our posts on: LinkedIn, Twitter, and Facebook.

Follow us to stay up to date on our industry insights and unique IT learning opportunities.