The COVID-19 pandemic of 2020 has forced enterprises of all sizes and industries to adopt new work approaches that keep employees safe at home while ensuring productivity and security. Not only have videoconferencing applications such as Zoom, Skype, and Cisco Webex gone through the roof in usage, but new and more sophisticated networking and security products are also in high demand.
According to a report by Willis Towers Watson, nearly half (46 percent) of organizations are implementing work-from-home policies because of the pandemic. As a result, companies are relying on virtual private networks (VPNs), which establish encrypted connections to enterprise applications over the public internet, to connect their workforce.
Many organizations have used VPNs for years to provide seamless connectivity without compromising security for employees who travel or work remotely. These VPN endpoints are typically set up to support 5 to 10 percent of a company’s workforce at any given time. Ongoing VPN support for 100 percent of the workforce at companies around the world is unprecedented, and this “new normal” is putting unforeseen stress on both corporate and public networks.
There are important steps companies can take to address these challenges so that connecting to enterprise networks doesn’t leave employees frustrated during a time when stress levels are already high. These same best practices can support an enduring strategy for managing an increasingly mobile and remote workforce as the nature of work shifts.
Enhance VPN Security
VPNs are intrinsically designed to be encrypted tunnels that protect traffic, making them a secure choice for enabling remote work. Even with the increased number of people connecting to VPNs, this remains true. However, cybercriminals do take advantage of times of chaos to attack corporate infrastructure like VPNs. The strategy cybercriminals typically employ is to obtain a person’s network credentials to access the VPN and, by extension, the employer’s networks and systems.
With so many more VPN users, the pool of potential victims who lose their credentials is higher than ever before. Knowing this, companies can ensure they properly secure their VPNs by enabling and requiring two-factor authentication as a second layer of protection. With two-factor authentication, even if a cybercriminal obtains an employee’s login credentials, they won’t be able to access the VPN or network without additional information, such as a one-time-use security code sent to a preselected mobile number or, ideally, to a token application.
While no security measure can 100 percent guarantee complete security, setting up two-factor authentication can make it much more difficult for a cybercriminal to take advantage of increased VPN usage.
Add New VPNs to Support Increased Demand
Once a company has secured its VPN endpoints, it may find that the current infrastructure does not adequately support its entire workforce. A report from Atlas VPN estimates that VPN usage could increase by 150% as the coronavirus continues to spread. Companies can manage the increased demand by adding endpoints in multiple regions to cope. Depending on the company’s VPN architecture, this can be done through a cloud provider by increasing seats, adding licenses to the existing VPN hardware solution, or purchasing and deploying new VPN servers. One may also be able to enable VPN capabilities on existing edge network devices. This may be a great short-term solution for some as it allows for an increase in capacity without incurring additional capital expenses.
Ensure Positive Employee Experience with VPN Traffic Steering
While increasing the number of VPN servers will help to ensure a company has the capacity to accommodate more employees working remotely, there may still be issues with performance or availability if all the users log in to the same VPN server. To accommodate this increased demand, organizations can optimize VPN server use by using traffic steering at the DNS layer. In many cases, it is up to the employee to randomly choose an endpoint from a list. Employees continue connecting to a “default” endpoint for days or weeks, regardless of usage or capacity. Worse yet, if the user cannot connect to their normal endpoint due to high traffic volume, the client will often select a backup without consideration to location or load, resulting in slowness or outright disconnections.
Monitor Performance to Adapt as Needed
Lastly, continuous monitoring is a crucial step to making sure your VPN connections remain accessible and performant for employees. Many tools provide valuable insight that can help companies evaluate and adjust capacity as needs change. Consistent monitoring can also demonstrate trends about when employees are connecting the most often, and from which area. This allows companies to better plan for times of high volume, create strategies for when to add more VPNs based on employee growth plans, and set up informed traffic routing rules, optimizing VPN usage long term.
By adding VPNs, traffic steering at the DNS layer, securing the endpoints, and consistently monitoring performance, employers can deliver the same seamless network and technology experiences that employees expect when they are in the office. In a time of uncertainty and worry, this can help reduce the stress of working remotely while also creating a resilient network.
Industry information for this article was supplied by Karthik Krishnaswamy, Director of Product Marketing, NS1.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.