Do You Know Where Your Traffic Is Going?
Prior to 2020, Most organizations had less than 10% of their staff working remotely over a VPN. Even after its peak and following stabilization after the pandemic, it is now not uncommon for 20-30% of staff to work remote at least partially. Software as a Service (SaaS) business applications, video conferencing, and cloud file storage can tax a more traditional full-tunnel VPN and negatively affect performance for users in and out of the office. As organizations feel the strain, they may begin evaluating split tunneling as a potential way to reduce load without fully sacrificing security.
Split-tunneling VPN means processing some traffic over the VPN connection, while allowing other applications and services to utilize the user’s local internet connection, be that at a colocation or at their own home. It can be application-based, URL-based, route-based, and can often be managed through policies defined by your IT staff. Practically, this means that your users may be connected to your corporate VPN to access network storage and internally hosted applications, while allowing other traffic to traverse the user’s local network instead. With less traffic going over the VPN, users should see an increase in responsiveness in comparison to full-tunnel.
However, such a choice is not without risk. Allowing some traffic to bypass the VPN means that it no longer passes through the organization’s centrally managed security systems. If an organization relies on centralized data loss prevention (DLP) systems, logging of file and web access, or proxy-based security tools to detect or block suspicious activity, a split-tunneling VPN can potentially allow certain traffic to bypass those controls. In addition, consumer-grade device security is generally weaker than that used by businesses. A home router can remain in service long past its end of support date, so the security measures installed on your remote devices themselves are paramount.
These risks can be mitigated by shifting to endpoint-based security which can be administered remotely by IT staff. Endpoint/Extended Detection and Response (EDR/XDR) can be utilized to detect malware, suspicious behavior, or unauthorized software despite not connecting to the corporate network. Utilizing host-based firewalls, full-disk encryption, and automated software patching are all important for all remote workers. DNS filtering and identity-based access policies also improve security posture. Combined, these methods can help keep your employees happy and productive while minimizing risk to your network and data.
As always, best practice is to periodically review policies and settings. Stay safe!