This article first appeared in Network Computing.
As the coronavirus pandemic's realities began to unfold over the course of Q1 2020, companies across the globe quickly pivoted to remote work. Organizations sought to become digital businesses overnight, and IT departments turned to VPNs to provide employees outside the traditional enterprise perimeter with secure and reliable connections to corporate networks. This led to a massive yet unsurprising 124% surge in VPN usage in the U.S., specifically during the first couple weeks of the outbreak.
After all, VPNs have been the go-to approach for privately and securely sharing data across networks and distributed locations for decades. They're still highly beneficial when it comes to providing point-to-point access to a company's network. That said, it's now time for organizations to consider dramatically shrinking their dependence on VPNs for secure file sharing and collaboration in the age of remote work.
While some experts are quick to praise VPNs and label them “vital when working from home," many organizations are now finding that they are quite expensive to deploy and operate, and can actually increase security risks. The National Security Agency even issued a recent warning that the uptick in VPN usage for remote work has attracted malicious threat actors' attention, increasing the risk of cyber attacks if VPNs aren't properly secured.
Beyond these security and cost challenges, VPNs can also create a tremendous level of inconvenience (and extra work) for IT teams while frustrating end-users. This makes it difficult for digital businesses to thrive and their remote teams to work together efficiently and productively. Let's take a closer look at these drawbacks.
VPNs inevitably increase IT workloads
Setting up, configuring, and managing access for a VPN takes a significant amount of time and can be an immense drain on IT resources. Frequently, companies don't have a formal policy in place to determine VPN access terms, so managers are forced to submit individual access requests for each external user. Due to lengthy delays caused by the endless list of other requests IT teams are juggling at any given time, administrators often need to chase down the manager behind the initial VPN request to ensure it's still valid once they're finally able to review it and grant access.
However, even with formal VPN setup policies and processes in place, internal stakeholders will inevitably grow tired of waiting and simply circumvent these proceedings altogether by sharing files through third-party apps such as Dropbox. This creates shadow IT issues that make it impossible for administrators to understand and account for the data users are creating and sharing. It also exacerbates existing data silo and visibility issues. Digital businesses today simply can't afford any unnecessary obstacles when it comes to managing data growth and ensuring that data is protected, available, secure, and compliant.
VPNs stifle collaboration among remote workers
In addition to contributing to unnecessary IT complexity, VPNs can hinder collaboration across distributed teams. Most VPN deployments are not designed to support organizations operating nearly - if not entirely - remote. With enough volume, employees connecting over a VPN from home offices can quickly overwhelm the network. The resulting performance degradation can delay file sharing and content syncing, which are two highly critical aspects of effective remote work. While users may be able to access servers easily, there can be massive latency penalties when it comes to collaborating on large projects, such as editing a sophisticated design document or creating a lengthy PowerPoint presentation.
These performance challenges can frustrate end users almost as much as the UI and reliability issues that so often come with VPNs. All of this adds up to sluggish workflows and sub-optimal productivity that can ultimately hurt the bottom line. As remote work continues its shift from the exception to the norm, digital business will be here to stay even after the pandemic is behind us. This means that the time has come to look past VPNs to find more effective ways to secure remote work without impacting performance and productivity.
Enabling a remote workforce without VPNs
Remote employees want access to the information and services they need, when they need it, from wherever they are. It's imperative that digital businesses now empower employees, customers, vendors, and other third parties to safely access, share, and edit files 24x7, 365, globally. To better support these needs, IT leaders must move away from VPN dependence instead of supporting secure remote work through new approaches with end-to-end security that can maintain the integrity and privacy of valuable company information throughout its life cycle.
Here are four keys to doing so:
- Enable user-friendly apps within a secure environment: Help employees working from home to securely access all the files they need, even those that reside in widely-used third-party apps. Doing this effectively means centrally managing content across different apps for different types of users.
- Deliver end-to-end security: Ensure shared files remain private through end-to-end encryption, not just document password protections that don’t apply to every file or folder.
- Strengthen the mobile experience: Provide the same level of access and capabilities for mobile devices as users have become accustomed to on desktop devices so that they have consistent experiences when engaging with content from home.
- Create a cloud governance committee composed of IT and line of business leaders: Cloud usage policies should incorporate organization-wide priorities and go beyond the enforcement of simple allow/block strategies. This will ensure that all stakeholders' voices are heard, and there's a balance between business needs, security, compliance, and user experiences.
The rapid shift to remote work over the past two quarters has created a vast range of new digital business requirements. Neither IT departments nor end-users can afford to sustain the many performance, usability, security, and cost shortcomings inherent to widespread VPN usage today. Now is the time for organizations to make the leap toward becoming true digital businesses and reimagine how they can better support and secure their remote workforce in a way that inspires productivity and collaboration while reducing friction and frustration. And so, contrary to popular belief, the birth of this new remote age will undoubtedly coincide with the death of VPN as we know it.
Kris Lahiri is a co-founder and the Chief Security Officer of Egnyte. He is responsible for creating and implementing Egnyte's global information security and compliance management strategies, policies, and controls that protect all of Egnyte's customers' content and users. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology, Banaras, and an MS from the University of Cincinnati.