Modern Work Security Tip: VPN

Written by Dom Kirby

Former MSP Owner, CyberSec Practitioner, Modern Work Pro, Evangelist, Husband & Father


September 18, 2021

TL;DR: Use a cloud-based VPN tunneling service to protect traffic when your employees are using untrusted networks. 

One of the best things about being cloud-native is the reduction or elimination of the VPN for remote access. When your data is managed securely in the Microsoft cloud, you simply don’t need to hop onto a VPN to get to that S drive anymore. 

However, as I’m sure you’ve heard plenty, a VPN can also be a crucial piece of the security puzzle. For my personal computing, I use Proton VPN (not an affiliate, just a user and fan so far). I use it whenever I’m on an “unfamiliar” or “untrusted” network. Basically, anywhere but home or at the office. I don’t use it to try to hide from the NSA (If you do, it’s wishful thinking). I just use it to tunnel my traffic so that there’s no chance of data being sent in the clear over an untrusted network. It adds a huge layer of protection that would otherwise be missing. 

There were plenty of companies who used non-split tunnel VPNs to provide a mechanism through which their employees could securely leverage public Wi-Fi. Traditionally, this VPN would tunnel through the company’s on-premises equipment and out through their internet connection. It achieves basically the same goal: tunnel traffic over untrusted networks. 

However, with the proliferation of cloud-based work, it makes very little sense to tunnel traffic through your bandwidth limited offices. 

Enter Cloud Based VPN Options for Business 

This was an issue I was struggling with myself, thinking of how to advise folks to create protection without bottlenecking employee productivity. Thankfully, companies have begun solving this problem. The most notable example is NordLayer (again, not an affiliate, just a fan), Nord VPN’s business grade product. Nord VPN is one of the most popular VPN products on the market today and extending into business grade services is a huge win for them and the market at large. 

With a product like NordLayer, security practitioners can deliver a secure and managed tunneling VPN solution for their business. With key features like SSO, you’re able to maintain control of who’s using the service and how. Adding a product like this means that you can tunnel your traffic securely even when on that Starbucks mocha choca Wi-Fi that’s ripe for compromise. 

Other notable examples include ZScaler, who’s been doing this for years. You can lockdown access to specific IPs to force traffic to be routed over the solution, if you’d like to require strict tunneling. Try it out today. Adding this small layer will help add to the overall picture when your team is working remotely and connecting to assets in the cloud! 

You May Also Like…

Data Loss Prevention for Any SMB

Data Loss Prevention for Any SMB

It's time for a new guide for MSPs! The Safeguards within CIS Control 3 speak to the need for proper Data Protection....

CISA’s Secure by Design Pledge

CISA’s Secure by Design Pledge

In some very exciting news today, CISA announced their Secure by Design Pledge. The Secure by Design Pledge is a...