With the vast amount of detail involved in the various technologies, we will be generalizing for brevity.
The first decision to be made here is between hardware, software, or hybrid-based solution. This week we will discuss the hardware solution.
Hardware-based VPNs usually come with a routing device or firewall and have the benefit of assisting in making the security decisions on whether to allow or disallow a VPN connection at the edge of the network. Usually located either facing the internet or very near the gateway. The task of segmenting the network is made easier with this design, due to the location of the VPN device.
Enterprise VPN devices usually have higher throughput as they have processors dedicated to the functions of encrypting, decrypting, and decision-making related to VPNs. A lot of malware tracking and reporting has the benefit of being integrated with the general reporting for the device’s specific function. For instance, if the VPN is on the firewall, you can get an overview of the traffic path that includes a view of the non-VPN portion of the traffic.
As a solution used for a remote worker
VPN hardware devices for remote workers are less common, but when used, come with similar benefits. Especially inviting, in this solution, is the ability to segment the remote worker from the home network, which will be shared with devices not maintained by your company. This prevents a device, sharing a network with the remote worker, getting infected, and then propagating the infection to the remote worker’s device and then onto the company network.
A drawback as a solution for remote workers is the fact that it could carry a higher support burden. Unless installed onsite by an engineer, you would need to walk a person through the installation.
Users have also gotten used to making use of their Wi-Fi to have the ability to work in different areas of their house. The steps to expand the VPN solution onto Wi-Fi would require you to either limit them to a dedicated location, set up a second segment on their Wi-Fi (if supported), or a whole new Wi-Fi network dedicated to this role.
One benefit a hardware device as a remote worker solution does have is the ability to make decisions locally before traversing the network. It’s commonplace for remote working solutions to include policy-based or inspection-based decision-making. Traffic is allowed or blocked based on certain criteria which could include, the device having the required updates, time of day, and/or the actual data being sent which gets inspected for malware. This could cause a bottleneck if the decision is made remotely by the destination device. By blocking traffic locally, also reduces unnecessary processing and network utilization on the destination network, for traffic that will ultimately be blocked.
In terms of cost comparisons, although VPN hardware devices often come at a higher cost, most firewalls and routing devices often come with VPN licensing included when you purchase them. However, the cost of administering and maintaining needs to be considered.
Next week we will have a look at Software solutions for remote workers as well as hybrid solutions.