Does Your Business Need a VPN?
Join our friend Cheri Hotman as she explains whether your business needs a VPN.
Need a VPN?
Short answer is ‘It depends’. It depends upon what you are protecting.
This is a risk-based decision, as many of the technical and security controls are. A VPN is a technical control that mitigates a security risk. Consider, a company or home office network is no longer confined to the walls of a building, it spans across public internet. Having a VPN (“virtual private network”) encrypts the traffic to keep it private as it travels throughout the world.
Implementing a VPN
Implementing a VPN is not be done just because you read an article, or someone said you have to have one. If you don’t understand the risk that is being mitigated, then a VPN might be solving for the wrong problem. A VPN is most often used as one technical control for keeping data (e.g. PHI, PII, proprietary code) secure. Understanding the risks of your specific data is key to the decision-making and implementation process.
Moreover, VPN has a cost way beyond the money to implement it. Also, it must be maintained and fixed when it breaks. You upgrade it from time to time to keep its software (e.g., firmware) secure. You need staff to run it, train for it, document it. It is year-over-year spend. And, your employees (e.g. Sales, Marketing, Management) won’t like a VPN because it slows them down doing their day-to-day job.
MFA (“multi factor authentication”), another technical control that often pairs with VPN, mitigates a different risk. Equally important, MFA mitigates the risk of someone else using my credentials to log in. VPN mitigates the risk of keeping my company network private.
In closing, you make the best decision for your company by understanding the risk(s) you’re intending to mitigate. Then, you can evaluate and fit the appropriate technical control(s) within your budget and resources that actually accomplish the intended goal.
Please, watch the video above for a full explanation, you will find it a good use of your time.
Please feel free to reach out to us if you’d like help implementing a VPN.