Introduction

These days, there is a good chance that at least a portion of your staff is working from home for at least part of the week. Before the global pandemic hit, most workers were co-located in one or more centralized office locations, with the exception of a few "road warriors" that did most of their work on the go. Now a new reality has set in and working remotely has become the new default.

As a result you likely experienced that your organization's IT systems, networks, and security measures which were geared to support a co-located workforce are inadequate - or in some cases - epically failing to enable and empower a distributed workforce to get their work done efficiently.

According to a study by Entrust, over half of employees reported lost productivity due to network access issues, while business leaders cited home internet security and leakage of sensitive company data among their top security challenges with hybrid and remote work models.

Securing Your Business Data in Transit

Now that your hybrid and remote workforce is more de-centralized than ever before, data security has become a pressing priority for business leaders. More and more processing of business and mission-critical data is now being done in home data processing environments, with this data being transported between residential networks, the main office and the cloud.

A key tool for securing data in transit from an employee's remote workplace to your company's data processing points of service are Virtual Private Networks (VPN): encrypted network tunnels that create secure private overlay networks over the public internet between these residential networks and your company networks.

When deploying a VPN solution for your business, there are three options to choose from:

  1. Physical VPN and firewall appliance: a hardware network security solution that connects to your office network’s public network ingress points to filter incoming traffic. Many of these security appliances offer a remote access or VPN services as an add-on component.

  2. VPN-as-a-Service: a hosted service, often offered as a monthly subscription fee, where a VPN service is provided by a software-as-a-service business.

  3. Self-managed VPN service in the cloud: a private VPN service that you host yourself on your business cloud infrastructure.

Let's take a closer look on how these solutions stack up in the modern workplace.

Hardware Solutions

Traditionally, VPN services in an enterprise are provided by firewall appliances. These are physical units that act as a gatekeeper for all data coming into the office network from a router that connects the office to the internet or another wide-area network (WAN). The job of the hardware appliance is to analyze each incoming network packet and to filter out specific threats as they come across the device.

Since hardware firewalls already control the flow of incoming and outgoing data according to a pre-configured set of rules, many manufacturers such as Fortinet, Cisco, Sonicwall, Ubiquiti, Firewalla or Palo Alto Networks offer VPN capabilities as an addon for their firewall appliances.

A major shortcoming with using hardware firewalls for VPN services is that of processing power: the firewall duties of most appliances already put them under significant strain to inspect, analyze and filter every single network package flowing through the network. A VPN service running on top of that requires additional processing power, and often impacts network quality for all - which in turn results in decreased productivity for both remote workers and workers in the office.

VPN as a Service

To mitigate the limitations of deploying, operating and maintaining additional and costly hardware to offer data protection to remote workers, you might be looking at a VPN service, such as ExpressVPN, NordVPN, Surfshark, and many other, which offer VPN services on a monthly subscription basis.

These VPN service offerings route all internet-bound traffic from connected devices through a battery of VPN servers in the service provider's cloud, and VPN servers are commonly shared between hundreds or even thousands of client devices, with traffic multiplexed across the provider network, thus creating a huge headache for privacy. There are countless VPN service providers to choose from and not all of them offer the same level of reliability, speed, privacy, which makes monthly "top 20" lists a popular publishing topic.

Worst of all, the data flowing across the service provider's VPN network is completely open to the service provider, with some service providers reportedly spying on user data, creating a worst-case scenario for any organization looking to protect their mission critical and sensitive business data.

Self-Hosted / Self-Managed VPN

A self-hosted / self-managed VPN service is the best solution for any business that cares about data privacy and full control over their business data. These are typically delivered as software-based VPN solutions that can be deployed on any on-premises or cloud infrastructure in your organization, making them a flexible solution for access to both your corporate networks, and your cloud resources.

With the right self-hosted VPN solution you get total privacy, faster speeds, and affordable pricing. That's a win across the board!

As software solutions they offer a much reduced total cost of ownership and keep you from the dreaded "vendor lock-in". In essence, you become your own VPN service provider with the ability to leverage all the benefits of cloud without the data privacy concerns.

How to Choose a VPN Solution?

No matter which route you go, be that a hardware appliance, a VPN service, or a self-managed solution, you first need to understand the critical differences in VPN protocols and solutions out there today, which can be evaluated along the following set of criteria:

  • Total Cost of Ownership (TCO)
  • Data Privacy
  • Ease of Use
  • Connection Speed and Reliability
  • Mobile Functionality
  • Security
  • Integration with Existing Infrastructure

We created KUY.io Konnect™, because none of the existing VPN solutions checked all the boxes for our customers that were looking for innovative ways to support their hybrid and remote workforce. Since release, KUY.io Konnect™ has been carrying terabytes of data securely, reliably and fast from home offices, coffee shops, airplanes and hotels to business networks across the world.

Total Cost of Ownership

The total cost of ownership for a VPN solution is a combination of the acquisition cost or capital investment, the operating costs and the resource costs associated with the solution. Hardware appliances have a significant disadvantage over software VPN solutions: the hardware is associated with a significant capital investment, requires specialized personnel to be configured, and maintained, and operating costs need to factor in power, cooling, and potential hardware replacements.

Overall, unless you are running a large enterprise with a dedicated IT department that is already operating a private data center, chance are that a software solution like KUY.io Konnect™ offers you the lowest TCO.

Data Privacy

The ultimate reason for deploying a VPN solution in the first place is that you want to empower your remote workers to reliably access office networks and resources, as well as cloud resources from untrusted remote network locations without exposing your business and mission critical data. By routing your business data through a third party service provider you are ultimately giving up a large portion of your privacy.

You may argue that giving up data privacy is a necessary evil we must accept in the age of Everything-as-a-Service. Giving up some data to trusted third parties with strong checks and balances in place, as well as documented SLAs and security governance is one thing (e.g., storing Office documents on an enterprise Sharepoint in Microsoft Office 365). But network traffic to and from mission critical business services should be considered very seriously! Some VPN service providers claim they don’t keep any logs but were proven completely false and actually tracked user behaviour through visited websites.

Overall, if you are concerned for the privacy of your business data, chances are that a self-managed VPN solution like KUY.io Konnect™ will offer you the peace of mind that you business data stays secure and never leaves the umbrella of your own data governance.

Ease of Use

VPN protocols such as IPSec, PPTP, or OpenVPN use outdated algorithms that come from an era of cryptography that equated security with complexity. Users are required to install client software with custom security libraries that are often outdated, cause system crashes or are outright incompatible with certain OS and hardware platforms. In addition, many VPN solutions require users to maintain an additional sets of login credentials - creating a major friction point for users to contend with before they can even attempt to access their remote office network.

Connecting to KUY.io Konnect™ cannot get any easier. After logging in to the self-service portal that comes with every KUY.io Konnect™ deployment, users follow simple instructions to setup their laptop, PC, or mobile device, and get connected with a single click. The overwhelming response from our non-technical users: “we love it because it’s the first VPN that is actually easy to use”.

Connection Speed and Reliability

A NetMotion survey about the top 10 remote worker frustrations revealed that poor network connectivity, restrictive security, terrible mobile app experience and login issues where the biggest friction points for remote workers. Many of our customers are switching from slow and unreliable hardware solutions to KUY.io Konnect™ and are raving about their increased remote worker happiness.

When connected to a KUY.io Konnect™ acess server, the impact on a user's network connection is less than 3% compared to a connection without VPN - that means close to full line speed without lag. Additionally, the VPN protocol used in KUY.io Konnect™ is based on stateless packets and crypto key routing - making connection drop outs and losing unsaved work a thing of the past.

Mobile Functionality

Lack of mobile clients, and even when mobile clients are available, degraded network performance and battery drain, as well as requiring constant switching on and off / back and forth between networks are major usability headaches, especially on mobile devices and tablets that are meant to keep your workforce productive on the go.

KUY.io Konnect™ is a set and forget solution. With native support for virtually every mobile platform, you flip one switch on your mobile device to connect to the VPN and forget about it. Moving from WiFi to a mobile network? Putting your mobile device to sleep? No problem, because KUY.io Konnect™ stays connected across network switches and instantly reconnects when a device wakes up, so users can forget about fiddling with switches and get work done.

Security

When it comes to keeping data in transit safe, security considerations span multiple different domains. First, the cryptographic primitives used to establish a connection to the VPN gateway, and the crypto used to encrypt data packets in transit. Second, the security of the actual VPN gateway: is the code frequently audited for security issues, are patches and updates to problems as they arise provided quickly, as well as the evaluation of the attack surface of the VPN gateway.

We built KUY.io Konnect™ with a very serious take on security. The underlying VPN protocol has been independently audited by industry experts and undergone multiple formal verification processes of the underlying crypto as well as the protocol itself. The source code for KUY.io Konnect™ undergoes automated code security audits for every source code change, and each release undergoes automated vulnerability scanning of the application software itself, as well as all software and operating system dependencies.

Integration with Existing Infrastructure

Offering remote workers a productive (remote) work environment in which they can get work done efficiently and without friction and frustration is a concerted effort of many different tools, services and solutions that need to cooperate, coordinate and work in unison. One such key service is single-sign on, with a single source of managing users, their identities and credentials.

We built KUY.io Konnect™ such that it can integrate with your existing user directories, be that an Active Directory server on-premises or a cloud directory like Azure AD or JumpCloud. Additionally, since KUY.io Konnect™ access server is a fully containerized application stack, you can run KUY.io Konnect™ access server virtually anywhere with minimal host requirements, from bare metal servers on-premises, to Kubernetes clusters in the cloud.

Summary

No matter where your workers use a device, unencrypted data is vulnerable and puts your business at risk of a data breach and malware attacks. By deploying a Virtual Private Network (VPN) for your remote workers, you can mitigate the security risks of untrusted networks, especially places that offer free WiFi, but to a certain extent also home internet service providers (ISP).

A VPN encrypts data such as an attacker cannot tell what data a remote employee is sending, or where it is being sent, and keeps messages, browsing history, sensitive information, downloads and anything else that is sent over the network private and confidential.

Paired with an endpoint protection platform that ensure security of remote devices, IT and security teams for organizations of any size can significantly improve the security footprint of any business when transitioning to hybrid and remote-first work models.

A self-managed VPN solution like KUY.io Konnect™ can offer significantly reduced total cost of ownership, eliminate frustrations and friction points common with other VPN solutions while safeguarding your business data in transit.

Ready to give KUY.io Konnect™ a try?

Get Started with KUY.io Konnect™ Today