May 15, 2020//Tony Howlett
A Virtual Private Network (VPN) is perfect for internal employees who need to access the server (or section of the server) from anywhere besides the office. In fact, at SecureLink we use VPN client software on our laptops to do just that; if you need to work remotely and need to update something that’s on the server, just use your VPN and you can easily get it done. Generally, this type of network offers high-speed connections that help companies operate efficiently. In addition to allowing employees to work from home or on the road, VPN connections can also give vendors access to internal resources they need in order to support company operations.
However, there are a number of problems, concerns, and vulnerabilities when it comes to deploying VPN services. Understanding these common VPN issues is crucial in protecting your company’s network security. That’s why we’ve categorized these common issues as the not-so-good, the bad, and the ugly to help you make an informed decision on whether or not your organization should implement a VPN.
Third-party vendors may sometimes follow a number of practices that are not optimal, yet are beyond your control – practices that create opportunities for hackers to enter your network.
Example: Sharing credentials with co-workers, or reusing weak passwords from personal accounts that are easily exploited. According to a Verizon report, 76% of network intrusions involved compromised user credentials.
While using VPN software increases security over an unencrypted connection, connection speeds and application performance can decrease due to several factors – such as the time needed to provision and test the VPN, which usually involves other departments such as IT support.
And this must happen before any application or server access can be tested. This two-step process slows things down and often involves personnel who aren’t familiar with the application or the vendors use case for getting access in the first place.
The result: Long lag times in getting vendor support technicians on the job, which also impacts your workforce’s productivity and customer service quality.
With VPNs, there’s no centralized remote management. Without the ability to deploy, monitor, and manage all of your connections from a single place, your support personnel must spend a great deal of time supporting the VPN client and the connected applications.
Plus, third-party vendors may not have in-house technical support to help with initial setup, troubleshooting VPN connection problems as well as solving everyday issues, and you may require more resources at your helpdesks to assist users, thus increasing your costs of doing business.
When a business uses VPNs to provide third-party vendors access to their network, those vendors either have full access to your network (for example, at the start of a job) or they don’t (when you revoke access after the job ends) – unless companies implement strict network segmentation with firewalls and switches, which adds additional complexity.
There are no shades of gray, no ability to give partial access only to required resources. The more servers, applications, and network equipment your vendors can access, the more you have at risk.
VPN servers and client software grant a vendor access to everything in your network unless least privileged access is implemented. Even if you segment your networks with VLANs, access can still be too broad, or even too narrow, which requires additional VPN troubleshooting and technician time.
VPNs typically provide little or no granular audit records, so you can’t monitor and record the actions of every third-party vendor using the VPN. Usually, all that is logged in connection times and even then that data is in yet another log to monitor and watch.
Without easy, centralized access to all the historical information on a connection (user, applications accessed, the reason for access, etc.), it is impossible to prove who or what created an issue, should a breach or mistake occur due to a vendor.
If your third-party vendors and VPN users have access to your network, you may believe that your company data and network are safe; after all, the “P” in VPN does stand for “private”.
However, history has proven otherwise. The reality is that malicious hackers have exploited weak VPN protocols and non-secure internet connections to cause data breaches at major companies such as Home Depot and Target.
Hackers often use VPNs to gain access to networks. If your business has many third-party vendors, and each vendor has full access to your network, a hacker now has multiple potential routes to break into and exploit your network using VPN traffic.
Let’s face the facts: One of the easiest ways a hacker enters a network is through a third-party connection – and 59% of companies reported that they have experienced a data breach caused by one of their third parties or vendors.
Given all of the above, do you really want to expose your company to these kinds of risks and common problems? Not just risks to your data, but to your company’s reputation, too, should a data breach occur? The answer is clearly no – especially since a better, smarter alternative exists: SecureLink.
With SecureLink, third-party remote access is given not to your entire network, but only specific areas, based on the (much safer) principle of Least Privilege: vendors can access only the resources they require to get their job done.
Thanks to SecureLink’s Vendor Privileged Access Management (VPAM) solution, you get the advantages of VPNs (allowing third-party access to your network) with none of the negatives. And that’s a very good thing.
To learn more about the SecureLink VPAM solution, check out our infographic to better understand how to easily identify, audit, and control vendor access.