The importance of VPNs changed significantly in early 2020, as the coronavirus pandemic caused massive digital transformation for many businesses and office workers. VPN trends that started prior to the pandemic were accelerated within days.
What does the future of VPNs look like from the middle of the pandemic?
The past and future of VPN connectivity
The migration of office workers to a work-from-home environment created a new dilemma: How should organizations support workers who may use computers and mobile devices from home to access corporate resources?
The traditional VPN uses a fat client model to build a secure tunnel from the client device to the corporate network. All network communications use this tunnel. However, this model comes at a cost: Access to public cloud resources must transit the VPN tunnel to the corporate site, which then forwards access back out to the internet-based cloud provider. This is known as hairpinning.
For the future of VPNs, end systems' increasing power will facilitate the migration of more software-based VPN technology into endpoints. VPN technologies will evolve to take advantage of local process capabilities, which make VPNs easier for users and network administrators alike. Network admins will control VPN administration through central systems.
Some predictions for the future of VPNs suggest hardware isn't necessary in a software world. Yet, as something must make the physical connections, hardware will still be necessary. More likely, x86 compute systems that perform functions previously done in hardware will replace some dedicated hardware devices -- particularly at the network edge, where distributed computational resources are readily available. The network core will continue to require speeds only dedicated hardware can provide for the foreseeable future.
VPNs may also begin to function like software-defined WAN products, where connectivity is independent of the underlying physical network -- wired, wireless or cellular -- and its addressing. These VPN systems should use multiple paths and transparently switch between them.
The past and future of VPN security
Corporate VPNs provide the following two major functions:
- encrypt data streams and secure communications; and
- protect the endpoint from unauthorized access as if it were within the corporate boundary.
The straightforward use of encryption technology is to secure communications. Encryption technology is relatively old and is built into modern browsers, which makes the browsers easy to use. Secure Sockets Layer or Transport Layer Security VPNs can provide this functionality.
Modern VPN systems protect endpoints from unauthorized access, as these systems require all network communications to flow over a VPN between endpoints and a corporate VPN concentrator. Other corporate resources, like firewalls, intrusion detection systems and intrusion prevention systems, protect endpoints with content filtering, malware detection and safeguards from known bad actors.
In the future, IT professionals should expect to see more examples of AI and machine learning applied to these security functions to increase their effectiveness without corresponding increases in network or security administrator support.
VPN paths become less efficient when an endpoint communicates with internet-based resources, like SaaS systems. The endpoint must first send data to the VPN concentrator, which then forwards the data to the cloud-based SaaS application and, therefore, adds to network latency. In addition, network overhead increases within the VPN because the SaaS application also employs its own encryption.
Split tunneling is a potential solution to this inefficiency, but IT teams must select VPN termination points carefully to avoid a security hole. Integration with smart DNS servers, like Cisco Umbrella, enables split tunneling to specific sites under the control of network or security administrators.
An even better security stance relies on a zero-trust model, which assumes endpoints are compromised, regardless of their location. Forrester Research introduced zero trust in 2010, and it has become the new standard to which networks should conform. Zero-trust security components include allowlisting and microsegmentation. The future of VPNs includes automated methods to create and maintain these security functions.
IT professionals can expect the future of VPN technology to provide an increase in security while reducing the effort needed to implement and maintain that security.