Request Information
1.877.459.4347

Request Information

or Call 1.877.459.4347

The Virtual Private Network (VPN) – Is it Dead?

October 9, 2020 / Kevin Sullivan

At the start of 2020, many ‘industry insiders’ would have told you that the VPN is dead, but like, seemingly, everything this year, expectations could not have been further from reality.  COVID-19 and the expedited need for work-from-home solutions across practically all industries and verticals has clearly proven that notion wrong, and it would be a fair assumption that there are more client VPNs in use for enabling work-from-home and remote work solutions than at any other time in IT history – many of these hastily put-in-place or quickly expanded in their usage by urgent necessity.  As more time passes, however, and we transition from solutions of ‘immediate need’ to ones of ‘long-term outlook,’ the new question may not be ‘Is VPN dead?’ but rather, ‘Should it be?’  In this post, we’ll review a few of the key concerns around a VPN-centric ‘work-from-home’ solution, and how Evolve IP’s Workspaces solution can help to address and alleviate these concerns.

Secure VPN

Let’s start by addressing the elephant in the room.  VPNs, by their very nature, present an inherent security risk for your network.  There are a number of mitigating technologies and practices which can help to manage the level of risk involved, but the risk of allowing external machines to become an extension of your internal network still carries with it a number of concerns.

One of the most obvious ways that organizations look to secure their VPN is to ensure that when client devices connect, they are placed into a ‘quarantine’ network which exists adjacent to (rather than as part of) the internal network.  The challenge, here, is that the whole purpose of the VPN is to enable access to those internal resources which reside on that internal network, so you still need to provide some form of crossover between those networks.  Why is this risky?  Simply, the biggest concern here is that any of those external devices that connect via VPN could be compromised; they could have viruses, malware, ransomware, or a range of other potential infections or issues that will attempt to propagate across whatever networks and devices they are connected to.  This begs the question, ‘Can’t I just make sure that the devices have antivirus?’  Sure… you could, but now you have just expanded your role to managing and securing all of these devices as well.  This comes with a cost, both financial and administrative.  You now have to supply the licensing for the security software you choose to leverage, you need to ensure that users have installed it, you need to maintain definitions for it to keep it updated as well as ensure patching of the device Operating Systems in order to ensure no vulnerabilities there may be exploited.  Many folks now turn to the idea of SDP, or a Software-Defined Perimeter solution, which provides Network Access Control and automates the process of ensuring the client devices meet certain minimum requirements like: running a supported OS, running approved antivirus/anti-malware, etc.  Unfortunately, this then further increases the cost and complexity of a traditional VPN solution, and frankly, many organizations don’t take these additional needs into consideration as a result.

Many organizations tend to focus their time, attention, and finances on ensuring that their network is most secure at its assumed weakest point, the firewall.  This makes a ton of logical sense because we can think of the firewall like the front door of your home.  Naturally, you feel safer if that door has more and better locks or maybe a thicker or more secure door and door frame, but many organizations make these significant investments in providing the best door and best locks possible, but then, in the interest of providing simple and fast remote access simply leave the door unlocked so that everyone can come and go as they need.

Why not embrace a solution in which there is no need to actually establish a connection between the end-users’ devices and the internal network, though?  This solves many of the aforementioned concerns because it effectively makes the user’s device simply a terminal to connect to published desktop sessions or applications, and internal company or organizational data never has to leave the datacenter and be processed locally on the client device.  This is the type of solution afforded by Evolve IP’s Workspaces solution which even goes a step further by securing access to those applications and desktop sessions behind an included Identity and Access Management platform that can utilize both Multifactor Authentication and Single Sign-On capabilities.

Comparing DaaS Solutions

This virtual desktop or DaaS comparison guide is designed for those who are looking into hosted virtual desktops or desktops as a service (DaaS). It also compares the technology to Evolve IP’s Workspaces solution.

VPN Reliability and Performance

As we established in the Security section, employing a VPN is, basically, extending your internal network to an external client device.  Historically, this has worked well for things like access to file shares, network printers, and other internal resources, but what about actually running an application across the VPN?  Some applications will perform fine and seem no different than when a user is in the office; however, many applications (especially some older apps) can be sensitive to latency.  Let’s first establish what latency is.

Imagine driving on a highway from New York to Los Angeles.  If you are the only car on that highway, then you can get back and forth as fast as your car will allow you.  That is latency: the amount of time that it takes to travel the distance back and forth.  Many people tend to confuse latency with bandwidth.  In the same scenario, think of bandwidth as the number of lanes that the highway has.  Once you introduce other traffic, beyond just your car, now, the more lanes there are, the faster you can make the trip, but you still can’t go any faster than your car can drive that road back and forth.

I bring this up because if you have a latency-sensitive application, the app performance will suffer simply because ‘the road’ between where your user is running the app and where the backend of that app is too long.  In some cases, those two things not being directly adjacent (or within the same network) may be enough to cause significant performance issues, unresponsiveness, unreliability, or application ‘slowness.’  When this occurs, we often see IT teams mistakenly think that adding more bandwidth can correct this issue, but the problem isn’t that there’s ‘too much traffic’ it is just that ‘the road is too long’ for that application to function as intended.

One of the best ways to solve these types of reliability and performance issues is to continue to actually run the application in the same location where its servers, data, and backend reside.  With Evolve IP’s Workspaces solution, the users’ applications are running within the same datacenter where their servers, databases, files, etc are located even though, from a look and feel perspective, it appears that the applications are running directly on the end-users’ devices.

Virtual Private Network Cost

A common misconception is that a client VPN solution is cheap and easy to integrate.  This might be true if you are only considering the costs associated with whatever VPN concentrator device or VPN-enabled firewall and the per-user licensing for the VPN solution.  Once you begin to add all of the additional costs around ensuring the security and integrity of your organization’s network, data, and devices, however, these costs quickly begin to mount.

Here are some of the ancillary cost considerations required when attempting to properly secure and manage a client VPN solution:

  • VPN Concentrator / Firewall
  • VPN client licenses
  • Network devices capable of and licensed to allow network segmentation (quarantine networks)
  • Reactive client antivirus
  • Proactive client threat protection
  • Client Firewall solution
  • Software Defined Perimeter solution / Network Access Control solution
  • Client OS Patching Solution
  • Remote Monitoring and Management Solution
  • Enhanced Intrusion Detection and Prevention on your company network

There are more solutions that can be added to this list and constant new technologies coming to market to counter new, emerging threats which can threaten your end-user devices but consider the above to be a good starting point for at least some of the things that you would need in order to ensure a client VPN solution that is as secure as possible.  With the threat of new zero-day attacks and additional threat vectors always being discovered, even with all of these solutions in place, there is still some risk in expanding your organization’s network to allow access to these external devices.

While I will never say ‘Client security doesn’t matter,’ I can say that with a solution like Evolve IP’s Workspaces, client security CAN significantly become less of a concern for your organization.  While you certainly want your users to protect themselves, their devices, and their personal information, most organizations don’t want to take on the burden and cost of ensuring these things.  By separating your organization’s data, applications, client information, etc, and ensuring that these things never actually leave the data center and do not end up being processed or stored on your users’ devices, you can let your users manage their own security needs while you ensure your data center and internal network are meeting your security needs and compliance standards.  Even in the event that a user’s device may be compromised, by putting access to BOTH your internal data and applications AS WELL AS your external applications behind the Evolve IP Workspace Identity Management platform, you are ensuring that a user’s compromised credentials without the Multifactor Authentication are, effectively, useless and ensure the security of your data and that of your clients.

[Desktop as a Service] – Workspaces by Evolve IP – a Better DaaS solution

Finally! A different virtual desktop solution that users love and is significantly more cost-effective than traditional cloud desktops. Workspaces, from Evolve IP, allows businesses to deliver the right tools for each user. HIPAA / HITRUST and PCI compliant, and ultra-secure with SSO and MFA.

Virtual Private Network Support

Obviously, the long list of additional considerations above suggests a complex interwoven mix of technologies.  Each of these disparate platforms and solutions will require configuration and administration from a knowledgeable IT team.  Couple this with the need to be prepared to support multiple different user devices, multiple Operating Systems, users of varying skill levels, and a myriad of potential issues on end-user devices, and it is easy to see the difficult nature of supporting a client VPN solution.

If an application isn’t performing well, is it because of latency?  Is it because of the end user’s hardware?  Does that user not have fast or reliable enough internet connectivity?  These are the types of challenges that IT teams come across on a daily basis when managing this type of Work-From-Home solution.   Couple this with the need for password resets for not only general access and internal applications but all of the different external applications that your users regularly use, and it isn’t difficult to imagine an IT team or helpdesk becoming quickly overburdened.  This has been the reality for many organizations that have adopted this type of solution due to the current pandemic.

Imagine, instead, a single user experience – that no matter what type of device a user is connecting from or where they are, everything looks, feels, and most importantly, behaves the same way.  Imagine enabling user self-service account administration for things like password resets and being able to only log in once in order to launch your desktop, your softphone, an internal application that lives on your servers/network, an external application like SalesForce.   Evolve IP’s Workspaces makes this a reality.  By providing a unified cross-platform user experience and leveraging the tools of our Identity Management solution, supporting Work-From-Home users has never been easier.  As an added bonus, even when your users return to the office, they will still access all of their resources the same way which makes user onboarding, training, and support and optimized and simplified experience.

So, no… the VPN is definitely not dead, but there are a lot of reasons that, for many organizations, it can and should be.  We would love to speak with you further about how Evolve IP’s Workspaces solution can better enable your organization to provide a highly-secure, reliable, predictable-cost-conscious, and easily-supportable Work-From-Home solution that will both solve your immediate needs and provide a strategic long-term solution that will take your productivity and mobility to the next level.

Categories: Work Anywhere Workspaces
Recommended For You
The Evolve IP Compliance CloudTM

Compliance is a way to do business … not an afterthought when clients need it.

At Evolve IP we have a dedicated compliance and security practice and work with two of the world’s top 3rd-party compliance auditors, Grant Thornton and Ernst & Young, to enable customers to extend their compliance to our fully audited cloud. This focus allows us to deliver the documentation and assurances that other’s simply cannot including HIPAA / HITRUST, PCI-DSS (all 12 sections), SOC 2/3 and more. The Compliance CloudTM includes true client isolation, encryption in transit and at rest, private VLANs, firewalls and dozens of other security measures.

 
 
What Our Clients Say
  • "Yesterday was, perhaps, my busiest day of client interaction either by phone or email since I have been a PM, and I don’t think any of my clients knew I was working from home unless I told them. I was also able to do trades behind the scene and interact with my team. So, for me, the technology has been working great. As an old guy, I am constantly dazzled by technology in general, but being able to do this stuff from home is amazing!"

    James C. Hunter, CFA, CFP, AIF, Senior Portfolio Manager, Principal

  • "Hey, IT people, As I’m working away in my home office, I just wanted to say thanks to you for all you’re doing, and have done in the past, to make it possible for us to run our company virtually. Not many of us JICers have jobs that everyone in the firm sees and could stop us from doing business. But you have this job, and do it well. Thank you for having the foresight and wisdom to get us in a position to succeed in a pandemic! You’re awesome."

    Michael D. Barnes, Esq., CTFA President, Principal

  • “That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!”

    - Ken Schultz, CIO Ogletree Deakins

    Watch Testimonial

  • "The people that Evolve IP are more personable; you don't feel like there's necessarily a script when you're talking with them, they’re easy to understand, quick to get a hold of, and they follow through on what they say they're going to do."

    Watch Testimonial

  • "Evolve IP has been a vendor partner that has grown with us, that has helped us, and that you know stands by us and stands by their word."

    Watch Testimonial

What the Experts Think

Our analyst-acclaimed solutions are built on a world-class, compliant architecture that leverages the blue-chip technologies organizations already know and trust.

Gartner

We deploy best-of-breed solutions including: Disaster Recovery, Contact Center, Unified Communications, DaaS, IaaS. Our services are analyst-acclaimed, vendor-validated, client recommended and award-winning.

HITRUST

Evolve IP is proud to have achieved the honor of being HITRUST CSF certified! Certification to the HITRUST Common Security Framework (CSF) affirms that all of Evolve IP’s cloud computing and cloud communications services adhere to the strictest security standards for electronic protected health information (PHI). The HITRUST security standard was developed by and for the healthcare industry as a means of going above and beyond the compliance requirements of HIPAA.

The HITRUST Common Security Framework (CSF) was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. The HITRUST CSF was developed by healthcare and IT professionals to provide an efficient and prescriptive framework for managing the security requirements inherent in HIPAA. HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. An important part of the “What is HITRUST” answer is understanding that the CSF is risk-based and compliance-based so that organizations can tailor the security control baselines and vendor management programs that they follow based on their specific organization type, size, systems, and regulatory requirements.

HIPPA

The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.

The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls.

SSAW 16 Service Organization Control II (SOC 2)

Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.

Forbes

While Forbes regularly features coverage and recognition about Evolve IP, they've most recently recognized Evolve IP as being the "Best Cloud Computing Companies And CEOs To Work For In 2017".  They've ranked Evolve IP in the Top 3 just behind Google and Microsoft in the Cloud Infrastructure classification.  (Feb 2017). Forbes  also recently recognizes Evolve IP for bringing Singer Equipment Corporation, a mainstream business based in PA, into the cloud by means of unified communication. (Sept  2017). Last year, Forbes recognized Evolve IP's survey of 1,080 executives citing that the number one reason to go to the cloud is the same reason that it is avoided. (Mar 2016).

Unified Communications Product of the Year

TMC and Internet Telephony Magazine have named Evolve IP’s unified communications platform as a 2017 Unified Communications Product of the Year Award winner. This marks the 6th time Evolve IP has been honored with this prestigious award and follows a series of product innovations that have allowed the company to rapidly expand its international coverage.

Evolve IP’s business collaboration tools and IP phone system dramatically improve employee productivity in the office and on the road with a Unified Communications as a Service (UCaaS) platform that fully integrates voice, video, instant messaging & presence (IM&P), desktop sharing, audio/web conferencing and more. The company also provides a sophisticated Web-based management portal, OSSmosis®, that allows administrators to easily configure system functions and quickly modify users without the need to reach out to a third party for changes.

Inc.

Inc. magazine has recognized Evolve IP in the 34th annual Inc. 500|5000, an exclusive listing of the nation's fastest-growing private companies. The list will be unveiled in the September issue of Inc.

The story of this year's Inc. 5000 is the story of great leadership. In an incredibly competitive business landscape, it takes something extraordinary to take your company to the top," says Inc. President and Editor-In-Chief Eric Schurenberg. "You have to remember that the average company on the Inc. 5000 grew nearly six-fold since 2012. Business owners don't achieve that kind of success by accident.

Payment Card Industry Data Security Standard (PCI DSS)

Evolve IP has achieved Payment Card Industry (PCI) Data Security Standard (DSS) compliance covering all 12 sections of the PCI DSS. The PCI data security standard is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.

CSA STAR

Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.

Deloitte’s Technology Fast 500TM

Evolve IP has been ranked for the second consecutive year on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America – both public and private. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2012 to 2015. The list is a veritable Who’s Who of technology that has included tech companies like Google, VMware and Facebook.

Technology Fast 500 provides a ranking of the fastest growing technology, life sciences, and energy the companies – both public and private – in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth during the period from 2012 – 2016.

Red Herring

Red Herring has named Evolve IP as one of the Top 100 Companies in North America.  Red Herring’s Top 100 recognizes the leading and most promising private companies from around the world. Among the over 20 criteria used to analyze companies for the award, Evolve IP was noted for its financial performance, technological innovation, customer footprint, the DNA of its founders and addressable market.

Red Herring selects the award winners for North America from approximately 1,200 privately financed companies each year in the US and Canada. Since 1996, Red Herring has kept tabs on these organizations and its editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, Palo Alto Networks and eBay would change the way we live and work.

Entrepreneur

Evolve IP has been recognized as one of the “Best Entrepreneurial Companies in America” in Entrepreneur magazine’s Entrepreneur360™ Performance Index, a study involving a comprehensive analysis of private companies in America. Based on this study forged by Entrepreneur, Evolve IP is recognized as a company that exemplifies growth, not just in top and bottom line, but in sustainability and the ability to achieve lasting success.

According to Entrepreneur, after evaluating approximately 10,000 U.S. based firms, the team of editors and researchers behind the E360 Performance Index collected more than 250 pieces of data from the finalists, focusing on growth drivers and challenges, goal setting, resource allocations, and reward systems. The analysis uncovered a class of leading companies, including Evolve IP, whose continued success is largely based on superior value creation for their customers, building an adaptive learning culture, and aggressive geographic expansion—placing them amongst the most dynamic firms in America today.

Latest Press Releases

Evolve IP Named To The Gartner Magic Quadrant for Contact Center as a Service
November 16, 2020 / Evolve IP
Evolve IP today announced that Gartner has named it to the Magic Quadrant for Contact Center as a Service*. Evolve IP’s omnichannel offering, which runs 30-40% less than comparable...
Evolve IP Appoints Pete Stevenson as CEO and Randal Thompson as CRO to Drive Next Phase of Growth
October 16, 2020 / Evolve IP
Evolve IP, a leading global provider of Work Anywhere™ solutions, today announced that the Company’s Board of Directors has unanimously appointed board member Pete Stevenson as Chief Executive Officer....
Evolve IP Enhances Its Microsoft Teams and Cisco Voice Direct Routing Platform
September 22, 2020 / Evolve IP
Evolve IP announced that it has integrated SMS business messaging and voice recording with AI speech analytics into its Microsoft Teams direct routing platform.
Evolve IP Integrates Business Messaging Into Microsoft Teams; Enhances Microsoft’s Direct Routing Solution
September 17, 2020 / Evolve IP
Evolve IP® announced that it has launched a fully-integrated SMS / business messaging platform for its Microsoft Teams Direct Routing solution.
View More
close

Contact Us

or Call 1.877.459.4347