Balancing Security and Flexibility on the VPN
VPNs are growing increasingly critical to the distributed enterprise. Learn why they aren't all the same and what to look for in VPN technology.
The enterprise data environment is making its way across a broad array of wired and wireless architectures, both within the data center and over the wide area. So it is small wonder that organizations are turning to virtual private networks (VPNs) to pair the flexibility of dynamic data functionality with thorough security and high performance standards.
But even within the relatively narrowly defined VPN segment, there is a host of options when it comes to building and maintaining connectivity. And as usual with advanced data solutions, one size does not fit all.
A good primer on the various VPN solutions can be found at Security News. It offers quick synopses of the various protocols, like point-to-point tunneling (PPTP) and Internet Protocol Security (IPSec). But it is important to remember that security is not the only factor when it comes to building a VPN. Many of the newer proprietary protocols, like Cisco’s AnyConnect, utilize various VPN strategies to encapsulate data for tunneling between endpoints, and depending on the configuration, this can hamper connectivity by adding substantial overhead even though it provides a highly secure solution.
Lately, many telecom carriers have been touting Multi Protocol Label Switching (MPLS) as a robust alternative to traditional Time Division Multiplexing (TDM) approaches. As Vodafone India COO Naveen Chopra points out, TDM was fine when plain vanilla VPN was all that was needed to provide a competitive edge. But MPLS over a private IP network is proving to be more cost-effective and delivers a number of performance benefits, such as improved redundancy, application prioritization and multipoint connectivity.
Top cloud providers are also shoring up their VPN capabilities to provide higher levels of service to enterprise customers. Google recently upgraded its Compute Engine with a VPN module to provide a more integrated network environment with on-premises infrastructure. The service provides site-to-site networking via multiple encrypted tunnels managed through a single gateway, while at the same time supporting static routes that allow the enterprise to manage traffic between Google’s virtual machines and their own data center resources. Ultimately, the service enables a faster, more responsive cloud that, according to Google executives, provides a key differentiator from rival providers, like Microsoft and Amazon.
VPNs are also handy when it comes to unifying wired and wireless infrastructure, says Route1 CEO Tony Busseri, but be careful: if not designed properly, they could actually leave the enterprise open to a serious data breach. Most wireless VPN solutions involve placing a client or agent on the mobile endpoint, which does in fact provide a secure connection to the home office that is typically enhanced by a Master Data Management (MDM) platform. The danger lies in data becoming unencrypted on the mobile network, as in a collaborative workflow, and then falling prey to malware on the client device or non-secure WiFI access point. This essentially provides an open door that exposes not only the data on the mobile device, but in centralized or distributed storage pools as well. The only fix at the moment, Busseri says, is adequate employee training on proper mobile connectivity procedures.
The increasingly distributed, abstract data environment that has arisen around the enterprise requires an equally distributed and abstract networking infrastructure. A virtual private network is probably the best way to ensure applications and data receive the same kind of support over long-haul connections as they do in the data center, albeit with a bit more latency due to the distances involved.
But the VPN also requires as much, if not more, TLC as the rest of the stack given its task to provide connectivity that is both flexible and secure. Rather than simply deploy a cloud solution via a VPN, the enterprise needs to take a hard look at what kind of VPN it needs and whether it truly serves the purpose for which it is intended.
Arthur Cole covers networking and the data center for IT Business Edge. He has served as editor of numerous publications covering everything from audio/video production and distribution, multimedia and the Internet to video gaming.