Why IT Pros Aren't Happy with Their VPNs

Businesses were reporting VPN problems even before COVID-19 exacerbated their use.

That’s according to DH2i‘s study, “The Pre-Pandemic State of Virtual Private Networks VPNs.” The survey demonstrates the serious pain points IT professionals are experiencing with their VPNs, particularly in the area of security.

Nearly two-thirds (62%) of VPN users expressed significant problems around security. Disturbingly, two in five (39%) respondents said they believed unauthorized users have accessed their corporate network. Another 48% expressed concerns about their VPN’s compatibility with disaster recovery.

Source: DH2i’s “The Pre-Pandemic State of Virtual Private Networks (VPNs)”

DH2i CEO and co-Founder Don Boxley said respondents who worried about security knew that they were dealing with an unprotected attack surface.

DH2i’s Don Boxley

“VPNs reveal a ‘slice of the network,'” Boxley said. “VPNs suffer from an inability to segment at the application level; they segment at the level of the entire network instead, leaving the network unprotected against lateral network attacks.”

Boxley said the anonymity of the survey allowed IT professionals to offer their completely honest assessment of how concerned they are. But he said the number of threat actors penetrating their defenses might be higher than they are willing to admit.

“We expect this number to grow during the next research phase, given the rise in bad actors during the past year that were looking to exploit data security vulnerabilities as a result of the pandemic,” Boxley said.

Survey Details

Virtual Intelligence Briefing (ViB) conducted the survey on behalf of DH2i. The survey queried 228 responds in a variety of IT positions across multiple industries. The firm gathered the answers just before COVID-19 drastically altered the business landscape. However, it’s fair to say that the study hits on many points that hold especially true in the pandemic era. Work-from-home trends caused VPN usage to surge and inspired new solutions designed to relieve the strain on VPN concentrators.

“Of course, as we were analyzing the results of our initial research, the pandemic hit, and countless individuals found themselves trying to navigate the challenges of a work from home scenario — including how to gain access to their organization’s applications and information. Simply gaining access was the priority for most workers,” Boxley said. “However, for IT ensuring that their employees not only had uninterrupted access, but that it was secure on both ends, and everywhere in-between, pushed other alternative remote access IT initiatives to the back burner.”

Openness to Change

A key takeaway is that 86% of respondents expressed an interest in checking out a different VPN solution. Boxley said key criteria are “security, configuration and management, cost, performance and availability.”

“Specifically, 89% of the respondents indicated that they prefer a substitute to their current VPNs if given the ability to easily limit remote users’ access to specific applications or services without creating a network attack surface,” he said.

Source: DH2i’s “The Pre-Pandemic State of Virtual Private Networks (VPNs)”

Cisco was by far the most popular VPN provider, listed by 63% of respondents, ahead of Palo Alto Networks (22%) and Check Point (12%). On the other hand, one-half (50%) of respondents used a different brand of VPN. People most commonly (83%) used VPNs for remote worker access, while another 57% used VPNs for site-to-site access. Forty-eight percent connected site-to-cloud or cloud-to-cloud through VPN.

Partner Application

Source: DH2i’s “The Pre-Pandemic State of Virtual Private Networks (VPNs)”

Boxley urged partners to use the report to help their customers evaluate their VPN usage and related problems.

“VARs, MSPs, systems integrators and/or consultants serve as trusted advisers to their end clients,” he said. “It is therefore critical that they are aware of all the pros and cons of potential solutions — especially those they may recommend, deploy, integrate and/or manage.”

However, Boxley said the study represents a “phase one” of research and will soon receive a follow-up study.