Teleworking: VPN or SASE?
Nowadays, your company needs a VPN connection for secure remote communication with your corporate environment. How does a VPN work? And is it adequate if 60% of the data traffic goes to external cloud applications? And does the up-and-coming SASE offer an alternative?
Today, your employees connect from a variety of devices and locations with the data server that hosts your software and sensitive business data. That does entail quite a few hazards. Because people who surf on the public internet risk inviting strangers to join them in viewing their data traffic. With an SSL VPN solution, you reduce that risk to a minimum.
Thanks to a Virtual Private Network, VPN for short, all your external employees connect to your digital business environment as if they were in the office. A VPN ensures that external devices, laptops for example, operate as if they were on the same local network. VPN routers can support dozens of tunnels simultaneously so that employees have access to your business data wherever they may be.
The software ensures extra security and privacy on all online traffic within your corporate network: it conducts your data traffic via a connection that is closed off from the internet and encrypts it.
A VPN operates on the principle of multi-layer security.
- Authentication. Does an employee want to connect with your business environment? In that case, the VPN software first has to authenticate the connection. This authentication is often done behind the scenes, sometimes you have to enter your security details before you get access to your business environment.
- Redirection (tunneling). Once your identity has been confirmed, the VPN software directs your data traffic via a secure VPN connection to the server that hosts your business environment or to your company’s cloud resources. The VPN tunnel embeds small data packets in another data packet. You can compare it to an addressed envelope that you put underneath another envelope. The VPN software, as it were, simulates a direct connection between your laptop and your business environment.
- Encryption: Has your data traffic been unexpectedly intercepted by malicious hackers after all, and have they succeeded in opening the data packages? If that happens, there’s a third VPN security level: all the data that users share within your virtual private network is encrypted. That means nobody can decipher what content you share, download or send.
Now that teleworking has become reality, a VPN offers companies many advantages. It improves their online freedom, security and privacy. But it isn't foolproof. VPN connections were set up in the network-oriented world, when apps only existed in the data centre and a security perimeter around them was all you needed. An external computer that doesn't satisfy a company's security requirements may possibly pass on a worm or virus from the local network environment to the internal network. It is therefore essential to update the antivirus software on the external computer to minimise this risk.
It can also be a complicated matter to implement a VPN and to keep it operational in a secure manner. Adding new infrastructures or creating new configurations can lead to technical problems due to incompatibility – particularly if you add new products from different suppliers.
Traditional security measures were based on applications and users being located within the same network environment. And that is no longer the case. Increasingly, business data is located in the cloud, and employees are working remotely more and more often. The applications landscape is also much more complex. Users expect to be able to use cloud services from any location and via any device, and that entails considerable security risks.
The new security framework SASE (Secure Access Service Edge) has been designed with the changing global digital workplace in mind. The SASE network architecture combines an application-aware WAN approach with security functions in a single cloud-based service. The basic idea of the SASE model is that traffic is secure throughout the entire journey – from the device to the ultimate application – regardless of where the user connects from or what device is used.
- Flexible. SASE makes direct access to your network or the cloud possible from any location. And thanks to a cloud-based infrastructure, you can implement security services such as cyberattack prevention and data loss, web filtering, sandboxing, DNS security and next-generation firewall policies.
- Scalable. More users? With the SASE model companies can easily expand their VPN platforms because the potential for that is incorporated up front. As soon as the service is switched on, a company can support thousands more external employees - without having to use new in-house VPN equipment.
- Cost-saving. Thanks to the security-as-a-service model, companies no longer have to purchase and manage multiple endpoint solutions. Through the use of a single cloud platform, they reduce their management costs and IT resources dramatically.
- Less complex: The SASE model simplifies your IT infrastructure by minimising the number of security products that the IT team has to manage, keep and maintain, and by centralising the total security package in a cloud-based service model. SASE transforms the architecture of corporate networks and security and therefore enables the IT team to offer a holistic, flexible and adaptable service.
- Better performance: Thanks to its global cloud infrastructure, SASE improves and accelerates access to internet sources. That way, you connect easily to apps, the internet and business data - wherever they are located.
- Zero trust. An SASE solution applies a zero trust approach every time users, devices and applications connect. It offers total session protection, regardless of whether a user is on or outside the corporate network.
- Protection against threats. SASE stops cloud and web attacks such as phishing, malware, ransomware and malicious insiders.
- Data protection. SASE protects data everywhere, inside and outside the organisation, and helps to prevent unauthorised access and misuse of sensitive data.
You want to keep your customer data secure when someone is working on the move? To give your home workers or offices access to your business data with peace of mind? Together with you, we’ll set up your own Belgian and international VPN. Have you got questions about this? Don't hesitate to contact us.