As organizations around the world struggle to enable millions of remote workers, the use of VPNs is skyrocketing. And for most organizations, that is a huge mistake.
While VPNs are often one of the first tools that IT departments think about when it comes to enabling remote workers, VPNs are not the answer for enabling productivity to people working from home.
Introducing Security Risks
I know this may seem counterintuitive, as VPNs are traditionally thought of as a tool to help increase security. After all, VPNs are designed to protect the pipe between a person’s home and the corporate network. Sounds secure, right?
But in the era of COVID-19 where millions are being asked to work from home on short notice, this actually presents a significant risk. Many of these new remote workers are being forced to use their personal devices to work from home, because 68% of organizations still prefer desktops vs. laptops as their devices of choice. So, in those cases, all the VPN is doing is providing a secure link between people’s personal devices - which are not corporate-managed and could be infected with malware, etc. - and the corporate network.
It’s actually quite a bit like the computing version of COVID-19. Just like one infected person coming into the office could infect everyone in that building, introducing even one person’s infected personal computer to the corporate network could end up infecting everything attached to the corporate network.
So, while VPNs do a great job of creating a secure link between people’s homes and the corporate network, that could end up being a serious risk when people are using personal devices that may be infected.
Obviously, the best approach when using a VPN is to ensure that the people accessing your network via VPN have a professional device that is managed by IT. But even if all of your people who are working from home have a corporate-managed device, that doesn’t mean that’s what they’re using at home. For example, if some of your people have to use a PC at work but prefer Mac (and have a Mac at home), they could choose to connect to the VPN from home using their personal device instead of their work device.
And finally, even for those people who do use their work laptops from home, the reality is that their corporate devices are now being introduced to a less secure network (their home networks).
So when it comes to security, VPNs are not the solution for enabling remote work. Ideally, you would be able to give your people access to all of the business-critical applications they need on any device, from the browser - while separating the applications from the OS. This ensures that your people can remain productive on any device, without your corporate network having any exposure to their personal devices.
Sacrificing User Experience Means Lower Productivity
Even if we dismiss the objections above regarding the security risks that VPNs introduce when people are using their personal devices, VPNs still have a major flaw - the user experience.
Anyone who has ever been forced to use a VPN to connect to their corporate network from home knows the usability issues well. First of all, there’s the added step and delay involved every time a user logs on, as they need to wait for the VPN to connect before they can get started.
Even once connected, one of the biggest complaints users have with VPNs is “lag” or connection speed issues once connected to the VPN. Especially when your people are using the VPN to access critical applications, the lag they experience is maddening when it prevents them from getting work done.
Anytime a technology introduces frustrations and hurdles - rather than removing them - productivity is deeply impacted. So even if security isn’t your primary concern (even if you can confirm that all of your people are only using corporate-managed devices to connect to the VPN), the loss of productivity is yet another strike against VPNs as a solution for remote workers.
This is where virtual application delivery platforms are ideal, as they provide your people with access to the full desktop version of their critical applications, but from the browser. There’s nothing to install on their end, no new user behavior to learn - they just use the applications the way they’ve always done, but without the application being installed locally on their device. This ensures a seamless user experience without the connectivity and lag issues.
The Bottleneck Issue
TechTarget’s SearchNetworking reported last week that “VPN has become a bottleneck for companies with a high number of workers staying home to avoid spreading the coronavirus. Many companies have VPN concentrators or gateways with insufficient licensing or capacity to accommodate the unexpected demand, executives said. As a result, some businesses have had to scramble to provide network access to the high number of remote workers.”
In a time where remote work policies are being enacted immediately for the sake of public health, in most cases IT was not given sufficient time to plan ahead. Which means that - in most cases - companies don’t have anywhere near enough VPN licenses to enable the current number of users they have working from home. This creates a load issue that prevents many of your usrs from connecting until you can negotiate and secure the appropriate amount of licenses. Then, once those licenses are secured, you need to get a whole lot of new people who’ve never used VPNs before set up so that they can use it.
So whether you’re currently using VPNs or considering a move to VPNs, take a step back and think about your users and evaluate whether or not the security risks, loss of productivity, and bottleneck issues can be eliminated. Also, think about what it is you’re trying to solve for. If you’re trying to get your people secure access to the business-critical applications that they rely on to be productive, then a virtual application delivery solution is likely a much better fit for your organization than VPNs.