Recent events have compelled organizations of all sizes and across industries to adopt new work approaches that keep employees safe at home while ensuring productivity and security. According to a report by Willis Towers Watson, nearly half (46 percent) of organizations are implementing work from home policies because of the COVID-19 pandemic. As a result, companies are relying on virtual private networks (VPNs), which establish encrypted connections to enterprise applications over the public internet, to connect workforces. Many organizations have leveraged VPNs for years to provide seamless connectivity without compromising security for employees that travel or work remotely. These VPN endpoints are typically set up to support 5-10 percent of a company’s workforce at any given time. Ongoing VPN support for 100 percent of the workforce at companies around the world is unprecedented, and this "new normal" is putting unforeseen stress on both corporate and public networks.
Also, during this time of increased stress, it is even more important that employees’ have a good experience with company technology when working from home. If employees can’t connect or get kicked off the VPN because traffic is higher than normal, there is a great potential for disengagement and loss of productivity. There are important steps companies can take to address these challenges so that connecting to company networks doesn’t leave employees frustrated during a time when tensions are already high. These same best practices can support an enduring strategy for managing an increasingly mobile and remote workforce as the nature of work shifts.
Enhance VPN Security
VPNs are intrinsically designed to be encrypted tunnels that protect traffic, making them a secure choice for enabling remote work. Even with the increased number of people connecting to VPNs, this remains true. However, cybercriminals do take advantage of times of chaos to attack corporate infrastructure like VPNs. The strategy cybercriminals typically employ is to obtain a person’s network credentials to access the VPN and by extension the employer’s networks and systems.
With so many more VPN users, the pool of potential lost credentials victims is higher than ever before. Knowing this, companies can ensure they properly secure their VPNs by enabling and requiring two-factor authentication as a second layer of protection. With two-factor authentication, even if a cybercriminal obtains an employee’s login credentials, they won’t be able to access the VPN or network without additional information such as a one-time use security code sent to a preselected mobile number or ideally, to a token application. While no security measure can 100 percent guarantee complete security, setting up two-factor authentication can make it much more difficult for a cybercriminal to take advantage of increased VPN usage.
Add New VPNs To Support Increased Demand
Once a company has secured their VPN endpoints, they may find that the current infrastructure does not adequately support their entire workforce. A report from Atlas VPN estimates that VPN usage could increase by 150% as the coronavirus continues to spread.
Companies can manage the increased demand by adding endpoints in multiple regions to cope. Depending on the company’s VPN architecture, this can be done through a cloud provider by increasing seats, by adding licenses to your existing VPN hardware solution or by purchasing and deploying new VPN servers. One may also be able to enable VPN capabilities on existing edge network devices. This may be a great short-term solution for some as it allows for an increase in capacity without incurring additional capital expense.
Next Generation DNS: Using Your Data to Steer Traffic with NS1
Ensure Positive Employee Experience with VPN Traffic Steering
While increasing the number of VPN servers will help to ensure a company has the capacity to accommodate more employees working remotely, there may still be issues with performance or availability if all the users log into the same VPN server. To accommodate this increased demand, organizations can optimize VPN server use by using traffic steering at the DNS layer. Without traffic steering, when an employee logs into the VPN the client selects the best endpoint and likely continues connecting to that endpoint for days or weeks, regardless of usage or capacity. Endpoints that choose, or have the user choose, the VPN endpoint based on location are particularly problematic because they don’t account for the latency and congestion created by a large number of users trying to access the same network from the same general area. Worse yet, if the user cannot connect to their normal endpoint due to high traffic volume, the client will often select a backup without consideration of location or load.
NS1 customers have approached us about using Filter Chain™, our traffic steering solution, to incorporate real time telemetry to automate routing to the fastest and best performing point of presence for each user, minimizing latency and preventing regional overload that could crash systems.The Filter Chain can also be built to implement unique, complex policies that incorporate real user performance, and even cost, making it an ideal solution for managing multiple VPN endpoints
Monitor Performance to Adapt as Needed
Lastly, continuous monitoring is a crucial step to making sure your VPN connections remain accessible and performant for employees. Many tools provide valuable insight that can help companies evaluate and adjust capacity as needs change. Consistent monitoring can also demonstrate trends about when employees are connecting the most often, and from which geographies. This allows companies to better plan for times of high volume, create strategies for when to add more VPNs based on employee growth plans, and set up informed Filter Chain rules, optimizing VPN usage long term.
By adding VPNs, traffic steering at the DNS layer, securing the endpoints and consistently monitoring performance, employers can deliver the same seamless network and technology experiences that employees expect from an office setting. In a time of uncertainty and worry, this can help reduce the stress of working remotely while also creating a resilient network.
Is your company seeing an increased use of VPNs and how are you managing it? We're happy to walk you through different approaches we're seeing, help you take advantage of traffic steering capabilities in your stack, or just lend our expertise - whatever we can do to help as we all navigate change together. Reach out any time.