Our customers have come to us with a lot of questions, regarding cybersecurity and their remote workforce. In this 4-part series, Jason Caparoso, BlackHawk Data’s President and Chief Technology Officer, shares his insights and knowledge to help you safeguard your business, no matter where you are.
There’s a lot of talk about a virtual personal network (VPN) being a cure all. But it’s best to consider the what, how, and why when it comes to VPN deployment. With so many choices out there for VPN, it isn’t such an open-and-shut case as you may think.
Question: Do I really need a VPN?
Answer: If there are corporate resources, applications, files, etc. that can only be reached from the corporate network or if you have cloud resources (AWS, Azure, GCP) that are accessed over a direct access link or VPN tunnel from the corporate LAN, you need a VPN.
Let’s take a look at Full Tunnel versus Split Tunnel VPN.
As shown above, the split tunnel VPN allows a user to access the internet directly from their internet connection without traversing the corporate firewall. With the full tunnel VPN, all traffic from the end user is tunneled back to the corporate network then out to the internet if needed.
- Reduces bandwidth and resource consumption on the corporate network
- Allows users to reach cloud applications like O365 directly
- Provides better internet performance
- Provides traffic identification/filtering
- Enhances policy enforcement
- Preserves central control
- Maintains same traffic flow
- Stops outside threats (only useful if you force VPN to start at user login or in other words all traffic goes through the VPN so it can’t be contaminated by other local devices on the end user’s home network)
- Delivers limited to no control over internet-based traffic
- Lacks protection from standard corporate tools
- Offers direct access to corporate network since malicious files can be download from internet to PC
- Resources and bandwidth can be consumed with traffic destined for the internet
- Performance may be degraded
- User experience will be impacted if resources become strained
- In the case of VPN starts at user login—if VPN server is down, access to everything is lost
The defacto standard for almost 20 years has been Cisco AnyConnect. Cisco AnyConnect is still the most popular VPN we see in the market today. We like it since it’s a mature product that doesn’t negatively impact other applications installed on the device, plus it has a plugin that supports Cisco Umbrella to give you some great visibility into your end users from any location.
The other bonus here is if you need a VPN but don’t have the hardware either on premises or in the cloud, BlackHawk Data can create a virtual ASA firewall in a matter of minutes.
An industry veteran with more than 20 years of experience in both network design and delivering expert-level solutions to clients, Jason supports a variety of industry-leading vendors, including Cisco, Palo Alto Networks, F5 and Microsoft, enabling him to effectively lead BlackHawk Data’s Solutions Architects, Service Delivery, and Managed Services teams.