By now everyone pretty much knows what a VPN does. Or do they? Do you?
Most folks rightly understand that VPNs are meant to protect their data flow. Where they often lose the thread is understanding from where to where their data is protected.
As we've discussed, a VPN sets up an encrypted tunnel between two machines and protects data transmission between those two points. Most people today are familiar with VPN services. We've profiled many of them to help you choose which you might want to use. But what most people don't realize is that VPN services don't protect your data all the way to and from the site you're accessing. Take a look at this chart:
A VPN service places nodes all across the internet, usually in different countries. When you use a VPN to protect your traffic, you are encrypting your traffic from your computer to the VPN's servers -- but after that point, your traffic is not managed by the VPN.
The VPN's goal is to protect your local connection from Wi-Fi and other snooping locally, then let you make a protected (or mostly protected) connection anywhere on the Internet. That shortfall is picked up by HTTP encryption. Most modern SaaS (Software-as-a-Service) providers require encrypted http packets, so you're generally safe traversing from the VPN's server to the destination site (and back again).
By contrast, corporate VPNs usually consist of hardware deployed in the corporate data center, and those provide point-to-point protection, from an employee's computer to the corporate network, and back.
Both will help to protect you from The Roommate Problem (which also applies to teenagers, guests, and so on). When you access the internet from inside your home, you're doing so on a local area network (LAN). This LAN transfers packets among all the machines that connect to your router. Here's an illustration.
While some of your traffic is encrypted by virtue of using an https URL to remote services, your computer is still much more open to devices inside your home than devices outside your home, which is why running VPN client software directly on your computer is important.
Some routers offer VPN capabilities, running everything on your network through a VPN connection. These do protect your data as it leaves your home. But router-based VPN capabilities do not protect individual devices inside the home from other individual devices.
With VPN software running right on your local machine, your computer provides its own tunnel, effectively creating its own network that none of the other devices inside your home can use. This private network blocks others from seeing what you're doing or meddling with any data as it's transmitted.
Let's recap before we move on:
Commercial, branded VPN services protect data between a user's computer and the VPN service's server. HTTPS protects between the VPN server and your destination, which can be anywhere on the internet.
Corporate VPN clients can protect data between a user's computer and the corporate network, but don't provide protection to other sites on the internet.
On-computer VPN clients protect against other users in the home, where on-router VPN clients don't provide that protection.
VPNs at home
So now that you understand the benefits and limits of the different types of VPN solutions, do you need one while at home? If you're an employer, should you mandate your employees use one while at home? Also, do you need a VPN if you use your computer outside the home?
After all, once the pandemic passes and we're all able to move about freely, you're going to want to take your computer, tablet, and phone to all the usual places: coffee shops, restaurants, airports, hotels, and so on.
In all of these locations, especially if you're using free Wi-Fi (whether with a computer or a phone), you must use a VPN because you will likely be connecting all across the internet. The risk of data interception is far too high to avoid doing so.
So now, we'll discuss using a VPN at home, while you are physically in your house or apartment. Let's look at the situations where doing so is highly warranted:
If you have potentially troublesome co-residents, you should use either a corporate or commercial VPN to protect your in-residence traffic.
If you are concerned about the security of your broadband supplier, or if your broadband supplier is monitoring your connections in any way, you should use a VPN.
If you deal with restricted data, like healthcare or even credit card data, you should use a VPN.
Home VPNs as part of your business strategy
Now, what about if you're an employer? Let's look at some options:
If you're a small employer without an IT team and you're concerned about employee network security, it wouldn't hurt to provide commercial VPN service licenses to your employees.
If you're a large employer but you don't hve a dedicated software WAN, consider providing commercial VPN service licenses to your employees.
If you're a large employer considering extending your internal LAN to employee homes, you might want to look into SD-WAN technology.
Briefly, SD-WAN technology extends the LAN that exists inside a corporate headquarters across a wide area, usually creating nodes in branch offices. WAN means wide-area network. The SD part stands for "software defined," and it reflects how these networks can be built logically on top of existing transport infrastructure, either dedicated connections or the open internet.
SD-WAN will be the subject of a future blog, as it's a big network strategy commitment. That said, it's a powerful way to extend the full interactive and security capabilities of your local corporate network all over the world.
VPNs do add overhead to computer processing, and sometimes slow down Internet connections. But VPNs can provide a very simple answer to some very severe security issues. If you're an employee, you know if you live in a home situation where there is some risk from other residents. If you're an employer, you know whether your data needs to have extra layers of security.
From those "knowings," you can make some decisions. Signing up to and deploying a VPN service provider is a five-minute process. Most just work. Even if you're considering deploying a corporate-level VPN or extended software-defined network, a commercial VPN provider is a good stopgap solution.