Business VPNs allow remote employees or offices to connect securely to an internal network.
A virtual private network (VPN) is an Internet security service that creates an encrypted connection between user devices and one or more servers. VPNs can securely connect a user to a company's internal network or to the public Internet.
Businesses typically use a VPN to give remote employees access to internal applications and data, or to create a single shared network between multiple office locations. In both cases, the ultimate goal is to prevent web traffic — particularly traffic containing proprietary data — from being exposed on the open Internet.
Why are VPNs necessary to accomplish this? Take remote employees as an example. When employees work on-premises, they can connect their computer and mobile device directly to the business’s internal network. However, if an employee works remotely, their connection to that internal network must take place over the public Internet, potentially exposing their traffic to on-path attacks and other methods of snooping on sensitive data. Encrypting that traffic with a business VPN or another security service keeps it safer from prying eyes.
There are two categories of business VPN: remote access VPNs and site-to-site VPNs.
A remote access VPN creates a connection between individual users and a remote network — typically the business’s internal network. Remote access VPNs use two key components:
When the user wishes to access the business’s network, they activate their VPN client, which establishes an encrypted ‘tunnel’ to the NAS. This encrypted tunnel allows the user to access the internal network without their traffic being exposed — a significant security advantage for remote workers.
Site-to-site VPNs create a single virtual network that is shared across multiple office locations, each of which can have multiple individual users. In this model, the VPN client is hosted on each office's local network, rather than on individual users’ devices. In this way, users in each office location are able to access the shared network without using a VPN client individually. But if they leave the office, they lose this access.
Business VPNs and consumer-oriented VPNs work similarly, in that both create an encrypted connection with a remote network. The primary difference lies in why they are used.
A business VPN lets users and teams connect their company’s internal network. By contrast, a commercial VPN connects the user to a remote server, or set of servers, which interact with the public Internet on the user’s behalf.
When a VPN is used as intended — and uses up-to-date cryptographic protocols — it can effectively encrypt traffic between remote employees or teams and their company’s internal network. In addition, VPNs are cheaper and easier to manage than legacy solutions like buying a secure ‘leased line’ from an ISP or manually ‘allowlisting’ individual IP addresses that belong to remote workers.
However, VPNs also have limitations. Several are summarized below — to learn more, read these articles about VPN security and VPN speed.
Cloudflare Access, part of the Cloudflare for Teams offering, is an identity and access management (IAM) product that can help speed up and secure remote teams by replacing a VPN with Cloudflare’s global network. Instead of placing internal tools on a private network, teams can:
What's a VPN?
What is IAM?
Secure Web Gateway