In today's digital age, many organizations (regardless of size) ...
Do I need a VPN?
- By Loïc Calvez
We are getting asked that questions more often lately and decided that writing a blog would probably help many.
Part of the confusion is that the term is used to mean different things based on the context of the person asking. So first, some definitions. A VPN is a Virtual Private Network, it used to be primarily a technology used by businesses to provide remote access to its network to its [remote] users. Lately? It is gaining popularity on the consumer side as a way to “hide” your network traffic. Both work the same way; they use encryption to obfuscate the traffic and encapsulate the network traffic so that it brings it to another location.
If you are a consumer, the two main reasons for having a VPN are privacy and to hide your location (you may want to notice I did not say cybersecurity).
- Privacy: when you use the internet, the owner of the network you are on (Internet Service Provider, fast food chain, café, hotel…) can see what you are doing (or infer it). Most of the web pages are now encrypted, so for example they do not see your bank details, but they know you are on your bank website and they know which bank (and that you are looking for a mortgage or a car loan). Using a VPN can hide this from them, but you are just transferring that trust to the VPN provider who can now see all your internet traffic (the same way the network owner does above). So, you must decide who you want to give this information to, a company registered in your country with a privacy policy, or a company registered in a random country with an unenforceable privacy policy (if they even have one). FYI: if you are using a free (or cheap) VPN just remember the good old saying: if you are not paying for the product, you are the product [your data].
- Hiding location: well, let’s just cut to the chase, most people do this for illegal purposes (watching content from a different geographical region, hiding the source of a cyber attack…)
If you are a business that has local servers and remote users, and you want them to access those servers, yes, you need a “VPN” (many options here, not the point of this blog, contact us if you need assistance. For simplicity, let’s refer to this as remote access for this blog).
If you are a business that does not have local servers but have remote or travelling users? The answer is usually no. Hiding your browsing habit should not be your main concern (if it is, giving that information to a VPN provider that can track you everywhere may not be a better option). If you require to hide your location to run your business, well, that’ a different story. Once again, no real cybersecurity improvements by hiding your traffic or location in any of those cases.
Lastly, there is an entire topic we did not cover here: SASE (Secure Access Service Edge)(more specifically ZTNA (Zero Trust Network Access)). For all intents and purposes, this is a form of VPN, but the goal here is different: bringing the same level of protection that a Next Generation Firewall in an office can provide, but for devices that are not in the office. This will improve your cybersecurity posture. We will post more on this later, but you can contact us directly if you would like to learn more about it today.
Agree, disagree? Let us know!