Site-to-Site VPN: How It Works and Do You Need One?
What Is a Site-to-Site VPN Technology?
Site-to-site VPN is a type of VPN that keeps data encrypted between two locations without needing credentials or client apps on devices using it.
Site-to-site VPNs are important tools for many organizations worldwide, and because of the unprecedented situation we find ourselves in, businesses are looking to what kind of security protections their company needs.
The VPN services market is expected to reach $54 billion in 2024
There Are Different Types of VPN?
Yes, and they each serve distinct purposes designed to be implemented based on a company’s needs.
VPNs can be split up into three categories:
- Remote access VPNs: Typically consumer-grade VPNs, and what individuals will be accustomed to. Examples include NordVPN and ExpressVPN
- Intranet-based site-to-site: Multiple connected LANs that collectively make up a wide area network (WAN); useful for securely pooling resources across a company with more than one office
- Extranet-based site-to-site: Commonly used between companies that are partners, allowing them to share specified information externally while still maintaining security and allowing internal networks to be used only by internal workers
Today, we’ll be looking at site-to-site VPNs, and the benefits they can bring to SMBs going forward.
What It Looks Like
Site-to-site VPNs are intended to connect entire networks, usually from different locations. They work by routing traffic between two site-to-site VPN tunnels.
For example, an organization which has offices in Los Angeles, Chicago, and New York can utilize a site-to-site VPN to connect all the offices together and secure site-to-site connectivity between all of them.
This, in effect, creates one whole network (WAN), where users can exchange data and information with each other from completely different places—all encrypted and secured by the VPN.
For users, there is virtually no difference in their daily working functions.
Since site-to-site VPNs encrypt data at a gateway, users don’t have to have any of the VPN software installed on their computer—so long as they’re connected to the “site” (the network), their data is protected.
This is in contrast to a remote access VPN.
If you use a VPN at home, a remote access VPN is almost certainly what it is.
It requires you to launch the application (client), sign in, and keep it running for as long as you want to use it.
So, with a site-to-site VPN, you’re sparing staff in the IT department the chore of having to individually install software on every device that needs protection.
An extranet site-to-site works in much the same way in that employees won’t “see” the VPN or have to run any applications—just with the difference being only certain information is shared between the sites.
How It Works
When you normally use the internet with a regular connection, wired or wireless, through a router, you’re out in the open.
Imagine a vast ocean of other data, users, and networks which can all interact with each other.
This isn’t a problem in itself, but there are protections that are severely lacking.
VPNs started out as a way for businesses to protect themselves and continue to do so today.
It works by creating a “tunnel” between two networks.
With a site-to-site VPN, these tunnels go from one location to another, and the only people who can see the data being transferred are users logged onto the network.
The VPN uses gateways at each location, which encrypt all traffic that passes through.
All traffic (data) has to be encrypted at the gateway, which is solely responsible for protecting the data and sending it through the tunnel to the other side.
When inbound traffic is received, it is decrypted and data packets are sent on to the target host—such as an employee receiving sensitive information about clients.
Because of this process of encryption and decryption, hackers and other cybercriminals are shut out and any other potential bad actors in the “ocean” cannot take advantage because the data is impenetrable and the tunnel inaccessible.
Benefits of Site-to-Site VPN
With traditional methods of VPN quickly being eschewed in favor of more common remote access VPN technology, what are the benefits of site-to-site VPNs?
Watertight Internal Network
When a business utilizes a site-to-site VPN across its operations, they can expect a far more secure footing as far as their data is concerned.
Business leaders are concerned about the rise of cyberattacks, and a newfound inclination from hackers to target SMBs should worry them.
Using a VPN will give them peace of mind, safe in the knowledge that data can be transferred between disparate locations without being fearful of a breach.
Because users don’t have to have client apps installed on any of their devices, using a site-to-site offers ease-of-use opportunities for businesses.
Employees simply have to be logged on to the work network as they normally would and the gateway takes care of the rest.
One of the biggest benefits of implementing a site-to-site VPN for an organization is its scalability.
If you open a new branch or office, it’s easy to add them to the WAN—you won’t have to individually get each device under network up and running.
Does Your Business Need One?
This depends on a number of factors, but usually will come down to the following considerations, namely:
- Size of the business
- Number of locations/offices
- Sensitivity of data being shared
If your business is small, functioning in one office with little data sharing outside of your premises, then it’s unlikely that a site-to-site VPN will be necessary.
If, however, you’re a growing company that has ambitions to grow into a larger organization in multiple locations, or perhaps already operating in multiple locations, then a site-to-site VPN would be a sensible investment for now and for the future.
As far as data is concerned, it’s worth considering how important safeguarding that data is.
For businesses operating in some industries, like healthcare or finance, data protection is absolutely crucial, and not looking after customer records in the most secure manner can be dangerous.
This goes for many businesses of other verticals, too, many of which handle significant amounts of customer data and can face hefty fines or worse if they don’t have the right security measures in place.
In 2020, it’s simply asking for trouble to be sharing unencrypted sensitive data outside of a secured network, so if this applies, then it’s worth getting a site-to-site VPN to ensure the safety of your customers details—and the security of your organization.
Why a Site-to-Site Might Not Be Best In 2021
While site-to-site VPNs have been good ways for businesses to secure traffic, recent years—and 2020 most of all—have shifted working circumstances to the point where this kind of setup doesn’t make a whole lot of sense to most modern businesses.
As SMBs continue in large numbers to relocate their data and applications to the cloud, and workers spend more and more time operating outside of office networks (remote working), the process of routing traffic through an onsite data center makes little sense.
Because of this, many companies are shifting away from site-to-site VPNs entirely.
Drawbacks of site-to-site VPN
With a site-to-site VPN, data is designed to only be encrypted between two points and the VPN tunnel itself doesn’t offer any security features like access control or content regulation.
Because of this, organizations often implement a spoke-hub process for dealing with VPN connections, meaning that all data passes through a central location (usually the company’s HQ) where it can be inspected and sent on its way, as it were.
The issue with this technique is that it creates a more substantial load on your servers, meaning slower network speeds.
Visibility and management
Each site-to-site VPN tunnel is independent from one another, making management and visibility of these data transfers difficult. Where IT departments are doing their best to centralize data and reduce network latency, a site-to-site VPN can have the opposite effect.
In addition, it means that each VPN must be set up, configured, monitored, and managed individually—often a complex and costly endeavor for most SMBs.
Remote Access VPN Might Be Right for Your Business
If your primary concern right now is protecting data handled by remote workers, then you might want to invest in a VPN that is remote access-based.
As we briefly mentioned, a remote access VPN works in much the same way as a site-to-site VPN, only—as the name implies—it can be logged into from anywhere and any device that has an internet connection.
Difference between site-to-site and remote access VPN: With a site-to-site VPN, an encrypted tunnel using IPsec is created to establish a VPN between two servers in order to traffic data. With remote access VPN, an SSL VPN is typically used to form connections between the office network and individual endpoints.
Secure access service edge (SASE) is a platform that is geared towards companies that house a lot of their data in the cloud, and combines remote access VPNs with the security features that you would expert from a corporate firewall, like threat hunting and detection, next-gen antivirus, and more.
If you’re concerned about company data being handled remotely, then investing in a SASE system is likely the best option for dealing with a remote workforce for now and the future—it’ll allow you to have all the benefits of your office network security but through the cloud instead.
While site-to-site VPNs are best suited to businesses which operate with multiple offices, remote access VPN is best suited to organizations which have remote workers, and a combination of the two is ideal for a company that has both.
MSPs provide the tools and expertise to help SMBs achieve their cybersecurity goals, including implementing VPNs. To find out more about business cloud technology and which solutions are right for keeping your business competitive and in good shape for the future, download our eBook, “Which Cloud Option Is Right For Your Business?”