A crash course in VPN protocols for newly remote teams

You can’t call a time-out on data security. Especially not now when this current crisis finds many people working from home.

It’s easier to feel secure about your data when all your employees and their devices are in the same office, but it’s now pretty clear that this is an impossible requirement to rely upon. Even putting the pandemic aside, remote work has been a rising trend for years now, and the frequency of companies going remote-first or at least heavily remote seems likely only to increase as time goes on.

Leaping into the minutiae of Internet security may not seem particularly interesting when everyone is first and foremost worried about their own personal health and security, but bad actors and hackers won’t wait patiently for you to be ready for them, and unprepared remote workers give them an opportunity to steal and exploit data.

Do a quick Google search and you'll find yourself bombarded with options for virtual private network (VPN) providers. So please allow us to add to that bombardment with our own crash course in VPN protocols.

Employees working from home are using their own Wi-Fi networks (and potentially their own devices) to connect to mission-critical tools like code repositories, email, finance software, business accounts, applications, etc. Unless the employees are IT veterans, chances are their device and network security are subpar, potentially exposing their internet usage to unsavory characters — and your business to data breaches.

If you don’t have a pile of cash to drop on secured laptops and routers for every employee, never fear — that’s why VPN is here. What is a VPN? In short, a VPN forms a protective private tunnel around internet traffic, encrypting data as it travels between client (employee device) and server.

VPNs can also be used to allow access to your office’s network (and all its local resources) to employees at home. This increases security for sensitive intellectual properties and ensures access to important office resources (such as that pricey single-license CAD software installed on the desktop in Sandra’s office. Only the very best in CAD software for Sandra).

The VPN is a backyard fort, where only people who know the secret handshake can access your data. The VPN protocol is the secret handshake. When it comes to your VPN, choosing the right secret handshake is essential to ensuring that your employees can work without worrying about security or stability.

Unless “learn about VPN protocols” is a personal research hobby you’ve decided to start while under quarantine, you probably aren’t interested in VPN protocols for their own sake. All that matters is ensuring your whole company isn’t brought down by one employee whose roommate set their home Wi-Fi name to “Cool WiFI” and password to “pizza123”.

While you don’t need to know the nitty-gritty of VPN protocols to safeguard your data, a good working knowledge of VPN protocols is important when it comes to choosing the right VPN. Why? Because every VPN protocol offers its own unique combination of speed and security, which allows you to customize your VPN to best suit your work. This customization happens in two key ways:

Your required speed-to-security ratio will differ based mainly on the kind of work you’ll be doing over VPN and how many people will use it at a time. If most of your work apps are cloud-based (such as G Suite, Microsoft Office 365, SaaS apps, etc.), VPN bandwidth usage will be fairly light, even with many people connected. In this case, security might be more important to you than speed, since speed likely won’t be a major problem.

If you’re using your VPN to connect workers remotely to resource-intensive software like design programs, you’ll need to use a VPN protocol that supports higher speeds, so that your workers don’t lose their collective minds staring at little spinning pinwheels all day.

The other consideration is your company’s infrastructure. If you’re a remote-only company, you don’t have to worry about connecting employees securely to a single network based at a physical location. This frees you from factoring your office’s internet bandwidth and speeds into the equation, which in turn frees you to double down on security without having an added slowdown factor.

If your company centers on a physical location, then more complicated factors of IT support, office internet speeds, and remote desktop access (or company-issued laptops) enter the equation. In this case, speed and volume are going to be your biggest considerations. Ease of setup and use are also important to bear in mind, since your IT folks have to get your VPN playing nicely with your existing network infrastructure.

When it comes to choosing the VPN protocol you’ll use, remember that most VPN software supports multiple protocols, so you’re not locked into one protocol forever. Many VPN providers also give you the option to automatically select the protocol that will perform the best* on any given day.

Bear in mind that’s only The Best™ according to the VPN provider. So read on to get a feel for what you’re getting into before just setting and forgetting protocols.

OpenVPN is pretty much the standard of VPN protocols (at least currently) and for good reason. While “open VPN” sounds like an oxymoron, being open source and having a strong community behind it has made OpenVPN one of the most secure protocols available. It offers users the flexibility of two different Internet Protocols (TCP and UDP), the security of the OpenSSL library and 256-bit encryption, as well as decent speeds.

Popular VPN software that supports this protocol

OpenVPN is a good, balanced protocol if you’re looking for a sweet spot of both speed and security. While it can be a little more involved to set up than others because it’s not native to any operating system, most of the industry chooses OpenVPN as their top pick of VPN protocol due to its security-to-speed ratio and its open-source nature.

IKEv2 is often hailed as the fastest VPN, but it’s best known as the mobile VPN protocol. This is because IKEv2 has MOBIKE support, which basically means it can change networks (like from Wi-Fi to 4G) without losing VPN connection. IKEv2 offers excellent security, including a certificate-based authentication process. It’s generally regarded as less CPU-intensive than OpenVPN, while offering a level of security (through IPSec) that is nearly as good.

Popular software that supports this VPN protocol:

The biggest downside to IKEv2 is that it has very limited compatibility. If you have a Microsoft system, this won’t be a problem for you, since IKEv2 was developed by Microsoft and Cisco. But for other users, IKEv2 may not currently be an option.

If IKEv2 is second place for speed, L2TP is second place for security when paired with a second encryption protocol. L2TP should never be used on its own because it has no native encryption. This would be a major problem, except it pairs excellently with IPSec (Internet Protocol Security). IPSec is a collection of encryptions and security protocols designed to anonymize and protect data packets from third parties. Because of this, you’ll almost always see this protocol listed as L2TP/IPSec (and if you don’t, that’s a red flag).

Popular VPN software that supports this protocol includes:

L2TP/IPSec is usually faster than OpenVPN but also a little less secure and less stable. However, data sent through this VPN protocol is double-authenticated, a level of security that might be the deciding factor for some users. The biggest downside to L2TP is that it can be blocked by NAT firewalls far more easily than OpenVPN, which makes it inherently less stable. However, if you want a VPN protocol that can run natively on both Mac and Windows, L2TP/IPSec offers a safe, solid choice.

There are many more VPN protocols, of course, but this article is more of a crash course than an exhaustive list.

At the moment, you might understandably be scrambling to make sure your employees are working from home securely. You might not have the option to thoroughly research solutions, compare quotes, or consider overall business strategy. If this is the case, try these quick, relatively cheap stopgap solutions to ensure security while you work on longer-term solutions.

Make sure you have other data security measures in place. Even with a great VPN, security vulnerabilities will still exist if you haven’t covered the basics of online security. You may even find that these measures provide adequate security for the short-term situation, giving you breathing room as you figure out your VPN requirements.

Look into VPN software designed for individual setup. Many top-notch VPN providers have offerings geared toward the individual user. They design their software to be simple enough that individuals can set them up with little to no intervention from the IT team. While this approach won’t give you a unified business network, it will provide a much-needed layer of security while your employees work from home. Here are some of the internet’s top recommendations to get you started:

There are a lot of VPN options out there, and not a lot of time right now to explore them all. If none of these options feels right to you, consult a security expert.

VPN protocols aren’t the be-all and end-all of your VPN choice. But knowledge is power, so, hopefully, armed with this knowledge you’ll be in a more powerful position to make decisions on how to best secure your data with an increasingly distributed workforce.

Clubhouse is not a VPN provider, but we are where remote teams do their best work. If you're in need of better project management (and you don't already use Clubhouse), you should sign-up and give us a try.