For any territorially distributed company, ensuring business continuity is always connected with the protection of transmitted information. For a long time, this task is being performed by various VPN service providers. They differ markedly in their technical features and implementation: these can be specialized solutions, solutions based on software and hardware systems (firewalls / routers), or completely software packages. After choosing the implementation, there are many questions: what company to select; cooperate with market leaders or choose a solution of a young company that promises more functionality at a more affordable price? Even having defined these parameters, there are many other more specific questions. The variability, in this case, is very high. That’s why we are here to help you narrow your search and formulate the most important parameters to research on.
Encryption at the software level is implemented using a “crypto provider” or a crypto library. Here are two approaches: the development of a proprietary crypto-provider integrated into the product or the use of an external one developed by a third-party company. Both approaches have their pros and cons. Thus, using its own crypto provider allows the manufacturer to better predict the process of certification of a VPN product, to use a single license for cryptography and a product, and to reduce the final cost of the solution. At the same time, applying an external crypto provider may ease its integration with the PKI infrastructure of a client. When making a VPN comparison on the matter, it is better to choose a VPN service provider who supports both approaches and grants a fast and constant connection at a reasonable price.
The development of a certified VPN, like any other product, should be based on the world experience and best practices. The technology should be tested and verified by the maximum number of experts. Otherwise, the customer becomes the object of research and technical improvements for his own money. Non-standard product design and undocumented behavior of devices can put the customer in dependence on the supplier of products. That’s is why it is important to test a service before purchasing it.
If the information processed in the information system is subject to compulsory protection by the law (for example, personal data), then it is necessary to use certified protection means that have passed the procedure of conformity assessment by regulators. According to the normative base, any information system is to develop a model of threats and to select the alleged infringer. In other words, you should check encryption type and protection means of a company you are going to deal with.
VPN services with all their security features must integrate well into the existing network and IT infrastructure. A good trend is the use of common infrastructure components (Active Directory, Certification Authority, centralized updating and monitoring systems) for the available equipment. If each manufacturer promotes its unique ideology of building a system with many proprietary products, this will lead to an increase in the complexity and cost of both the implementation of the solution and its technical support. So before buying a license of any VPN, ensure that your platform is supported by that VPN service.