Hardware VPNs get a bad reputation for being “old fashioned” and less sexy than their software VPN counterparts. But in many cases, simpler and utilitarian solutions are often the best ones in the long run.
Think about duct tape or WD-40. Both have been around for a while and are not generally considered exciting or sexy, but both are also very effective at what they do and useful for solving a variety of problems -- which is probably why just about everyone keeps them around.
Hardware VPNs are similarly useful. Read below to learn more about the reasons your organization should consider a hardware-based VPN. And don’t miss the final section, which breaks down the key items that are most important to each type and size of organization to see how available VPN hardware for business products can serve your needs.
Faster to deploy
In many cases, hardware VPNs are faster to deploy than software VPNs.
Many organizations have the misconception that a hardware solution will take longer because of the procurement cycles for the physical devices that must be provided to employees.
However, in practice, we see that this is simply not the case.
Procurement cycles take time when organizations choose to budget for, buy, and implement any VPN hardware solution -- even for software, you have to procure the licenses, install software on end-user devices (which you still have to procure physically in most cases), and then train your employees on using the software VPN.
In general, comparing the high-level categories of hardware and software VPNs for deployment time, you’ll find them to be similar.
But, certain hardware solutions, like Archon’s GoSilent hardware VPN are purpose-built and meant for incredibly quick deployments.
This case study breaks down, in detail, how a customer was able to deploy such a hardware-based VPN solution for their entire team quickly to enable remote access in the face of COVID-19 shutdowns.
Particularly when combined with VDI solutions, a hardware VPN deployment offers the quickest path to get an entire team up and running securely.
🔎 Related Articles: Hardware VPN Buyers Guide
Less set-up time and effort required by IT
Another key consideration in the deployment of an organization-wide secure remote access solution is the amount of effort required by your IT team to get that solution off the ground.
In this case, hardware solutions shine.
Because many hardware solutions are plug and play, rather than requiring a hefty amount of time to install across many user devices, they make set-up simpler.
Most of the time that your IT team will need to spend will be in setting up the centralized servers that remote VPN hardware clients will be communicating with.
In the case of Archon’s GoSilent Server, this is as simple as setting up one virtual server for every 300 VPN clients in the field and it can be done in a matter of hours.
Quicker to scale
By the same token, hardware VPN solutions are often easier to scale as well. There is another, similar misconception that software VPNs are simpler in this case. However, again in practice, we see otherwise.
In each case, adding new users requires the provisioning of either another hardware VPN client or software VPN license. The effort that follows is where the key differences are found.
In the case of Archon's GoSilent Cube VPN router, employees are able to self-provision the Cubes in minutes, on their own, and without the need to install or configure any software, in the comfort of their homes.
With a software-based VPN, the setup process typically requires returning or procuring a new employer-furnished device, waiting for the IT team to install the VPN client, and then providing the provisioned device to the employee.
🔎 Related Article: How to Secure BYOD Devices: Avoiding BYOD Security Problems with VPNs
Simple enough for even non-technical employees
The beauty of a hardware VPN is that, if you select the right one, there is nothing to install, nothing that requires training, and nothing that requires maintaining updates on the end-user device itself.
As such, there are significantly reduced risks of misconfigurations and thus fewer instances of user error. Because there is nothing to configure on most hardware VPNs, there is nothing to misconfigure.
Again, in the case of the GoSilent Cube, it is as simple as plugging the Cube into the end-user device (or connecting the two over the GoSilent Cube's LAN).
With software, there are usually a multitude of settings that can be set incorrectly, and far more training a user will need in order to make sure they are using everything correctly.
Less long-term maintenance required by IT
With hardware solutions for VPN management, centralized maintenance and management are much less involved.
IT departments generally love how much less is required of them to keep a hardware-based solution up and running effectively.
There are no constant patches and updates to keep track of. For the most part, once the initial installation and setup of the server-side software are complete (usually in as little as 10 minutes), there isn’t much they have to worry about.
No software compatibility concerns
Because no software is required on the end-user devices, there is no concern about which versions of applications or operating systems are running on those devices.
With a software-based solution, there are a whole host of those types of requirements to ensure the VPN can work correctly in the environment -- and that poses particular challenges, especially in cases where employees are using their own devices.
Additionally, if you select the right hardware solution, even the server-side set-up can be environment-agnostic.
For instance, GoSilent’s server-side software is built to run on a virtual machine, meaning it is agnostic of your existing central network environment, operating systems, or applications.
Hardware VPNs offer firewalling and isolation. End-user devices connected through hardware VPN clients never actually touch the networks they connect to, and the VPN router acts as a firewall between the device it is connected to and the outside world.
No other devices on the same remote access network as that end-user device can even see that the device itself exists.
Hardware VPNs also create a smaller attack surface because the end-user device is completely obfuscated by the firewall from the network, meaning that the applications and operating systems that are running on that device no longer offer an attack surface.
Typically, operating systems -- like Windows for instance -- will have a large number of potential entry points because the software is doing so much. This means more opportunities for attack.
Hardware VPNs alleviate this entire attack surface.
Hardware VPNs provide a lower risk of “VPN hijacking.” Software-based VPNs make it much easier for VPN credentials to be stolen and used at a future date -- think something like your credit card number being stolen and then used to purchase items in the future.
Similarly, with software-based solutions, it becomes easier to steal VPN login credentials and save them for future use.
Hardware solutions help to protect against that because, again, the end-user device is completely obfuscated from the network.
Greater control over traffic and split tunneling
A hardware-based VPN can be configured to only allow traffic to flow to a single endpoint, meaning, once connected to an end-user device, it can ensure that any and all traffic can only go to the central network.
Software-based solutions don’t offer the same degree of control, and it is more difficult to ensure that traffic isn’t going somewhere it shouldn’t.
The possibility of split tunneling is a big risk. Split tunneling happens when a remote VPN user accesses the internet through public or unsecured network at the same time that they are allowed to access the corporate network through the VPN. When this happens, traffic is flowing over both tunnels simultaneously.
Some hardware-based VPNs allow you to control this.
For instance, the GoSilent Cube by default only allows traffic to flow to a single endpoint (this may be different for other hardware VPN providers). Meaning, once connected to an end-user device, it ensures that any and all traffic can only go to the central network through the VPN tunnel and traffic can go nowhere else.
Allows for BYOD
Typically, BYOD has been avoided by organizations that take security very seriously, ranging from large enterprises to government agencies and everything in between, because of their inability to manage and control operating systems, software patches and updates, and device usage.
The COVID-19 crisis has forced many of these organizations, including government agencies, to take a fresh look at BYOD, and the options available to bolster the security of data when it is shared with employees using personal devices.
Because of the firewall capabilities of hardware VPN router devices, they are a much better solution for BYOD than software options.
Combining Virtual Desktop Infrastructure (VDI) with a secure hardware VPN is a particularly effective solution because it can allow your staff to securely connect to your internal network from their own devices without the need to procure large volumes of employer-furnished devices.
🔎 Related Articles: How to Secure BYOD Devices: Avoiding BYOD Security Problems with VPNs
Protects multiple devices at once
Most hardware VPN routers will allow you to protect multiple end-user devices with a single VPN router. By contrast, with software VPNs, each device would need to have a separate VPN client installed.
For example, it is possible to use Archon's GoSilent Cube as a Wi-Fi hotspot and protect multiple end-user devices (like a mobile phone, laptop, and tablet) all at the same time.
This means less set-up and maintenance overall, and less concern about updating and patching.
Portable for travel
There's a common misconception that hardware VPNs either can’t be portable or are too cumbersome and inconvenient for users who are traveling.
In large part, if you look at the entire universe of hardware VPNs, this is true. Most are large and bulky, making portability nearly impossible.
But, there are certain hardware VPNs that are purpose-built for portability.
There aren’t many solutions that can provide the performance of an “enterprise-grade” solution that are also small enough to be portable and generally, there is a big tradeoff between security and usability.
As far as we are aware, Archon's GoSilent Cube is the only product on the market that offers the performance it does at a size small enough to fit in the palm of your hand.
The majority of hardware VPNs that have the same performance and throughput are at least 4-6 times the size, require 2-3 times the amount of power, and weigh 2-3 times as much as a GoSilent.
Hardware VPNs offer benefits to businesses of all types and sizes
While the above list of benefits applies to all businesses that may be considering a VPN solution, there are a few additional features or benefits that may be specific to the size or function of your organization.
Government Agencies and Government Contractors
In many cases, hardware VPN solutions offer greater levels of security and centralized control than software VPNs.
Certain government agencies or the contractors they do business with may need to implement a solution that is NIAP Approved, CSfC Certified, FIPS compliant, and/or uses CNSA grade encryption.
GoSilent Cube is an example of a hardware VPN that satisfies all of these requirements.
As an enterprise organization, you’ll be looking to find the perfect balance between ease of use for your employees (or partners), budget, and centralized management efforts for your IT team.
🔎 Related: Hardware VPN vs. Software VPN
As a small business, you may not have an IT team at all, so you’ll want a solution that is truly plug and play to ensure you don’t have to spend time managing it.
The most important factors you’ll need to consider will be solution cost and ease of consistent use by your team.