With the recent sudden and rushed deployment of virtual private network (VPN) services to support an onslaught of newly remote workers, many companies are discovering firsthand the nuances to VPNs that can lead to higher risk.
This article looks at those risks, moving from inside the enterprise outward, starting with impacts to the local network, overall network architecture, access control concerns, issues of scaling and load challenges, authentication concerns, and, finally, endpoint protection.
Throughout, we will identify four major risk areas: overall network architecture, access control, denial-of-service, and endpoints.
Network Architecture and Topology Concerns
Even in companies with successful VPN deployments, only a small subset of staff, such as remote salespeople and IT operations staff, use the VPN. This leads to the first immediate concern—the pool of IP addresses that VPNs use to connect users to the local network. Usually these pools are relatively small, just a few moderately sized netblocks, especially compared to the IP addresses used on the local network proper. In order to provide for nearly 100% remote workforces, companies need to assign thousands or even hundreds of thousands more IP addresses to VPN pools and, depending on their internal network topology, may have to scavenge IP addresses from former locally assigned blocks.
Secondly, while connecting to a VPN at a central company location (such as a company headquarters) may work well enough for operations staff or salespeople, shifting large populations of users who usually work in remote offices may introduce unacceptable network latency. The large jump in the number of active users will place an increased load on centralized VPN systems. Ideally, a company can provide VPN points of presence close to where staff live, leveraging existing backbone connections to the headquarters’ systems, but this is n ..
Support the originator by clicking the read the rest link below.
