The term VPN is usually heard in the context of hiding your location and/or IP address, as well as for private web browsing. But for businesses, it has another application: security. Employees of small companies today often work from home or in cafes and can be scattered across different cities or even countries. It’s often impossible to ensure that the network they’re using to access the internet or the company’s infrastructure is secure. But it’s still necessary for these remote workers to communicate and exchange documents with each other. Wo what’s to be done? In order to prevent hackers from intercepting business-critical information, companies can use a VPN as a secure communication channel.
So what is a VPN?
A VPN, or Virtual Private Network, is one of those rare cases when the abbreviation helpfully captures the essence:
- Virtual — to transfer data, a VPN establishes a connection over existing channels and communication protocols (no new physical channel is necessary);
- Private — data is transferred securely thanks to encryption. It’s impossible to intercept the transfer somewhere down the line and access the data;
- Network — a VPN ensures reliable communication between its nodes, and the outside world is accessed through gateways.
To sum up, a VPN is a private network that is set up on top of an existing network — primarily, the internet itself.
Previously, setting up a VPN required a hardware/software complex providing branch offices and employees on work trips with secure access to the company’s local network. With the rise of cloud services, VPNs have also become cloud-based, somewhat losing the “N” from their name in the process. Nowadays, a VPN is usually understood to mean a virtual tunnel for the secure transfer of encrypted requests and data between a subscriber endpoint and the server of the VPN provider, which in turn delivers these requests and data to the recipient. That is, VPNs serve most of all to neutralize threats in the last mile.
What does a modern VPN do?
In today’s world, VPNs provide two functions to subscribers:
- Security: a VPN protects against the theft of data while it’s being transferred from a device to the network;
- Anonymity: in theory, a VPN makes it impossible to pinpoint the user’s geolocation unless they’re willing to reveal it.
This second function has become very relevant recently, with the increase in internet segmentation and the number of entertainment services tied to specific regions. As a result, many VPN services focusing on the needs of end users offer features such as the obfuscation of encrypted traffic. But for businesses such tricks are not really necessary and only complicate the data transfer.
Why small businesses need a VPN
Small companies these days don’t even bother to try and build their own IT infrastructure: it’s expensive, difficult and, most importantly, completely pointless, because there are plenty of ready-made cloud solutions. These solutions provide a level of convenience, effectiveness and safety that can’t be achieved any other way. But all these delights are up there in the cloud — and it’s the “stairway to heaven” that’s the weak link. Attackers are increasingly using man-in-the-middle attacks on the communication channel between an employee’s work device and the trusted work servers or services. Most often, this happens when the employee is working through an uncontrolled intermediary, for example when connecting from home, a cafe or hotel.
This is precisely the stage where the VPN steps in to protect you. If you have to work on an unknown network (a public Wi-Fi connection in a cafe, for example), you should always use a VPN — simply because you can never know for sure who’s controlling the router. In theory, an attacker can interfere with the data flow by spoofing requests and responses to them, or just trying to intercept sent logins and passwords.
How to choose the right kind of VPN
First of all, you need to decide what you need a VPN for. For businesses, security is most likely the top priority. There are three ways to achieve it:
- Set up your own VPN. This old-school solution may be suitable for a business that already has its own cloud-based work server with confidential data, which employees require constant access to. Remotely accessing such a server via a VPN will help to completely close it from the outside world, and at the same time ensure security and (relative) anonymity on the internet. The downside is that this is quite an expensive approach that requires a dedicated specialist to deploy and maintain it;
- Buy a VPN service subscription. The advantage of this approach is the huge range of options, allowing you to choose the right solution for your specific needs and budget. Make sure you do your research on the service provider: read reviews and look at tests in professional publications, because you’re going to be trusting them with your data security. We recommend choosing a service that’s specifically focused on business clients rather than users trying to hide their location;
- Buy a complete security solution that includes a VPN. The main advantage of this approach is the additional security, since companies offering such packages are specialists in the field. In addition, you’ll avoid any potential conflicts between your security software and your VPN. In particular, our Kaspersky Small Office Security solution now includes a license for our VPN solution, Kaspersky VPN Secure Connection.
A VPN is a must-have tool for any modern business. It’s been a long time since we worked in closed local networks, and today even the very concept of a “network perimeter” is becoming irrelevant. Employees often work on laptops, carrying them around everywhere. A small business can hardly afford to deploy a full-fledged hardware/software solution, which means that the best option is to use a third-party cloud service to ensure the security of work-related connections.