A virtual private network (VPN) creates an encrypted connection between a device and the public internet. Businesses use VPNs to enhance their security while also enabling remote employees to access company files. Here's what you need to know about VPNs, including how to find the best VPN for your business.
Types of VPNs
Though VPNs are designed to increase one's security while they are online, the applications differ between personal and business use. While personal VPNs are often used to protect users' internet privacy and improve access to a wider range of content, businesses typically use VPNs to maintain secure communications and file access to employees who might be spread across various locations.
"Personal-use VPN services are mainly used for anonymity when browsing online, but they do not add much security," explained Andrius Ulenskas, technical director at Hyve Managed Hosting. "In fact, they can actually have the opposite effect if the VPN provider is not trusted."
As such, it is recommended you opt for a business-specific VPN. To help you better understand your options, here are five common types of VPNs explained.
Remote access VPNs connect devices to a remote server located in another country. This allows users to browse the internet on this network while also encrypting any data sent and received during a session. Users can enjoy privacy and protection of their personal data, as well as gain access to region-locked websites and content. Additionally, remote access VPNs tend to be relatively inexpensive, making it a popular choice for individuals and small businesses.
While remote access VPNs are the most commonly used VPN solution, they are optimized for personal or single-user configurations. As such, they may not necessarily meet the needs of a large business that has multiple users from various locations using the network simultaneously. Businesses' amplified security and access needs often exceed what a remote access VPN is typically equipped to handle. Remote access VPNs, however, can work well for small businesses (particularly with a limited number of employees and/or office locations), as well as individual remote employees.
Site to site
Rather than connecting devices to a single remote server, site-to-site VPNs (also known as router-to-router VPNs) allow multiple local area networks (LANs) to connect to each other securely over the internet. This enables users to share resources and collaborate online regardless of their physical location while ensuring that communications and data remain secure. Essentially, the router-to-router VPN establishes an internet "bridge" between the networks at each office. One router essentially functions as a VPN client, while the other functions as a server. Once authentication is validated between the two routers, communication can begin.
For example, consider a company that has offices in New York and Utah. A site-to-site VPN can connect each of these office networks, allowing team members from both to securely access necessary company files. As a result, site to site tends to be a popular VPN option for businesses, especially those with multiple offices or with a large number of remote employees.
Site-to-site VPNs require specialized equipment to be implemented and can be further subdivided into two types: intranet and extranet VPN.
- Intranet: In an intranet-based VPN model, several offices within the same company connect to each other using site-to-site VPNs. Each LAN is connected to a single wide-area network (WAN), allowing users across different geographical locations to communicate with each other quickly and securely. This is commonly used by organizations that have multiple remote locations, but that don't need to connect with other external entities over their network.
- Extranet: While intranet VPNs only allow access to users within the enterprise, an extranet VPN connects LANs of two or more different organizations to access a shared infrastructure. This allows all parties to access the same network while also protecting each company's respective private intranets and communications. Extranet VPNs can be useful for organizations that want to connect securely with outside customers, suppliers or business partners.
Client-based VPNs allow users to connect to a remote network through an application or client, which manages establishing and maintaining the communication process of the VPN. Software must be installed or accessed on an individual device, then launched and authenticated with a VPN username and password. This process builds an encrypted connection between the device and the remote data, allowing for a secure data exchange.
While large corporations with multiple offices may require the connection power of a site-to-site VPN, client-based VPNs can be an ideal solution for single business users and remote employees who need access to the main company network.
VPN security and protocol types
Different VPN providers have different instructions governing how your data will route between a device and the VPN server. These instructions are also known as VPN protocols and are used to ensure a secure and stable connection. Below are six common VPN protocol types.
Internet Protocol Security (IPSec)
IPSec is used to keep internet communications secure across an IP network. It does this by verifying the session, then encrypting each data packet for the duration of the connection. IPSec can run in two modes: transport mode and tunneling mode. In transport mode, the message is encrypted within the data packet, while tunneling mode encrypts the entire data packet. IPSec is often used with other protocols to further boost security.
Layer 2 Tunneling Protocol (L2TP)
L2TP defines how data should be transmitted from one device or network to another. Tunneling involves transforming data into a different format to protect it. L2TP is often combined with other VPN security protocols, most commonly IPSec, to establish a highly secure connection. In this process, L2TP creates a tunnel between two L2TP connection points, while the IPSec protocol encrypts data and ensures that communication between the tunnel remains secure.
Point-to-Point Tunneling Protocol (PPTP)
In addition to generating a tunnel between devices or networks, PPTP confines the data packet. Then, point-to-point protocol (PPP) encrypts the data within the connection. PPTP has been in use since the early days of Windows, and is also used on Mac and Linux devices. As such, it is one of the most widely used VPN protocols.
SSL and TLS
Secure sockets layer (SSL) and transport layer security (TLS) both generate a VPN connection in which the browser acts as the client. User access is limited to specific applications, rather than the entire network. (You'll know that a website has SSL certification if you see a padlock icon as well as "HTTPS" in the address bar instead of "HTTP.") This type of protocol is commonly used by e-commerce websites.
Open-source VPNs have a source code that is available for anyone to see and use, while closed-source VPNs limit the source code to their developers. Other developers and outside parties can inspect and review open-source VPNs and quickly identify security flaws or vulnerabilities. One of the best-known open-source VPNs is OpenVPN, which is commonly used to create point-to-point and site-to-site connections. Its security protocol is based on SSL and TSL.
Secure shell (SSH)
Another VPN tunneling protocol is SSH, which generates an encrypted VPN tunnel through which data transfer can take place. SSH connections are generated by SSH clients; data is then transferred from the remote server through the encrypted tunnel.
The most popular VPN protocol types include IPSec combined with L2TP, as the two protocols together offer one extremely secure encryption. OpenVPN is also a popular option because of its strong security and its compatibility with all devices and operating systems. Most VPN services allow users to select their desired protocol; choosing OpenVPN or L2TP with IPSec is recommended to give your business the most comprehensive access and security.
Which VPN type is best for businesses?
The best business VPN for your organization will hinge on your company's needs. After exploring your options, you may even decide on a VPN alternative. However, if you decide to purchase an enterprise VPN, there are several factors to keep in mind, including these considerations:
- Remote access versus site-to-site. Consider how many employees and locations you have, as well as how many will need to be connected.
- Level of authentication. A VPN's protocols determine the network's ease of use and level of security. Remote access VPNs authenticate users with usernames and passwords, while site-to-site VPNs use certificates and passphrases that have already been loaded onto the hardware.
- Level of management. For smaller networks, access levels are typically configured for each user. With larger networks, global management allows administrators to assign permission levels to groups of employees.
Consider these factors when choosing a top VPN provider is best for your business.