Optimising VPNs for a Remote Workforce

For a device connected to the internet, a Virtual Private Network (VPN) acts as a gateway to remote networks. Once connected, the device appears to be locally connected to the remote network. This allows employees working off-premises to access on-premises networks and resources. VPNs provide the added benefit of a secure connection by encrypting connections.

But, as with most modern technology, VPNs require continual maintenance and optimisation to best serve the purposes of the people that use them.

What happens when a VPN is not maintained or optimised?

As it turns out, an unmaintained VPN is not entirely dissimilar to a computer, or even a mobile device. Speed and security are among the most notable drawbacks.

Causes of a slow VPN

Configuration

It should come as no surprise that several factors can influence VPN speed, with configuration a typical culprit. Unfortunately ‘configuration’ is a broad topic that can lead to all sorts of problems on a VPN, with congestion and high latency but two. Older encryption protocols are also a common culprit since they might be slower at encryption and decryption than their more recent counterparts. Configuration issues don’t just affect speed either; an outdated VPN config can also introduce security vulnerabilities.

Connection type

There’s much to be said about connections – not only from the end-user to the VPN, but between different branches and the connection of a branch to the main hub / headquarters. VPN topology plays a critical role here, with a mesh topology, for example, more efficient than a spoke-and-hub topology where branches not only need to communicate with a central site but also with each other. The connections between these different sites can massively affect VPN performance.

From an end user’s point of view, how they connect to the internet (and therefore the VPN) can also make a difference. Connecting to a VPN via wifi rather than a direct cable connection can result in slower speeds since cable typically outperforms wireless connections.

Location

Configuration issues are not the only cause of high latency (slower speeds). Distance can play a role, with greater distances (between all components of a VPN) typically resulting in lower speeds. Poorly configured routing can result in data packets unnecessarily travelling greater physical distances between two points.

Server / network load

In your standard VPN scenario, resources like bandwidth and compute resources are divided up between individual users and other servers on the network. Where growth wasn’t factored into the initial configuration of the VPN, sluggish performance and connectivity problems will likely arise.

Security risks of an unmaintained VPN

An unmaintained VPN could be slow, however not all VPN speed issues are related to maintenance; budget constraints, for example, may force an organisation to settle for a less-than-ideal solution. On the other hand, VPN security correlates directly to maintenance, a lack of which can pose serious risks, such as:

Man-in-the-middle (MITM) attacks

While there are different ways a MITM attack can be accomplished, it comes down to VPN traffic being intercepted by an attacker (who is typically positioned between the user and the VPN), putting them in a position to steal sensitive information which can include usernames and passwords, sensitive company information, credit card details, and so on.

Split tunnelling

With split tunnelling a VPN user’s connection is intentionally split in two between the VPN and normal internet traffic intended for the transfer of non-sensitive data. And it is typically a good thing that can reduce the amount of non-sensitive traffic sent to the VPN.

But when split tunnelling is not properly configured, it can result in data leakage, which is when an attacker may be able to steal sensitive information from a compromised device. Malware infection via unencrypted internet traffic is also a very real possibility and can compromise the entire VPN.

Weak authentication

Most VPNs operate on a trust-in-the-network principle, which states that all users and devices on a network are inherently trustworthy. As such, this model typically does not enforce any additional security measures. This can be compared to the principle of least privilege, where users are re-authenticated at regular intervals, and only given authorisation to resources required to perform tasks, nothing more.

Tips to optimise your VPN

Optimising your VPN to cater to the demands of a remote workforce requires the right equipment and the technical support to manage that equipment. But it also requires strategic thinking to ensure that technology is implemented in a way that delivers both speed and security to end-users. Some points to consider include:

Server location

Edge computing is a term you’ll want to remember. It refers to computing that occurs at the edge of the network, closest to the user. In a VPN scenario, this can mean that, despite being headquartered in, say, London, users of the VPN in Bangkok connect to an edge server closer to their location. Data is synced between the headquarters and the Bangkok server(s) via high-speed networks.

Internet connection

This list wouldn’t be complete without discussing the connection between VPN sites. In short, inadequate internet connections will act as a bottleneck, resulting in slower speeds. Unfortunately defining the best type of internet connection is a difficult task, given that there are different VPN topologies to take into account, as well as the hardware present at each site. And then, site location also has to be considered.

Processing power

VPN servers and routers rely on the available processing power and memory to encrypt and decrypt data, which can be a resource-intensive exercise. Ensuring that your VPN equipment is equipped with a powerful CPU and enough RAM to ensure that all threads are used can greatly improve performance.

Split tunnelling

Split tunnelling is a risk when not properly configured. But, when done right, it can improve VPN performance by effectively routing non-sensitive traffic directly through the internet, rather than the VPN. This alleviates VPN bandwidth consumption, which means everyone can get a bigger piece of the bandwidth pie.

Encryption

Nowadays there are efficient VPN encryption protocols that offer benefits over their older counterparts. These benefits include strong encryption such as AES-256, and enough speed to ensure that data can be processed efficiently without causing delays. They are also more reliable (stable) and can adapt to different operating environments. Ensuring your VPN is equipped with a modern protocol that is well-maintained will not only make it easier to optimise data throughput but also to keep your VPN secure.

Software updates

By now it’s common knowledge that keeping your system up to date improves both security and performance. Updates should ideally be installed as soon as they are available to ensure that all systems are patched against emerging threats.

Educate users

Users need to know why they are using a VPN, what the benefits are, and also how VPNs work. Creating this awareness ensures that users are more likely to act with security in mind than make decisions that could compromise the network. At the same time, VPN software should be easy to use.

Principle of least privilege

As previously explained, giving users access to all resources on a VPN can pose a serious security risk. Instead, only grant access to those resources they require to complete their tasks. Additional security measures such as re-authentication and two-factor authentication can go a long way to protect sensitive company information.

What to do next

Detecting the root causes of VPN problems can be difficult, and requires expertise – these aren’t the relatively simple solutions that existed yesteryear but have become notably more complex as new technologies arise which are capable of narrowing distances between remote workers and their branches and headquarters. As such, it requires constant maintenance and fine-tuning to ensure that all users get the speed and security they need to do their jobs.

Learn more about Storm’s Managed VPN Services.