Does a reputable VPN service for business use exist?
I have been traveling a lot and am looking to be able to use public wifi hotspots at hotels, coffee shops, and coworking spaces. I would use a mobile hotspot device or even my phone's hotspot feature, but the connection quality really seems hit or miss depending on location. I considered running my own VPN server, but I don't want to have to worry about misconfiguration or other security problems. I really just want a trusted solution from a trusted company that gives me the ability to conduct serious work and send/receive sensitive business data over a variety of connections in a secure way.
It seems virtually all of the VPN companies are questionable in some way. And most of them appear to be operating outside of my country's legal jurisdiction (the U.S.) which feels uncomfortable for a business use case. Are there any reputable brands which cater to the business user who isn't trying to route traffic all over the world and just wants security and relatively decent privacy for boring business purposes? Every business implementation of a VPN I have seen in my career were self hosted by the business so they could document and audit all of the controls and firmware versions. I do not foresee many businesses trusting 3rd party VPN solutions, though I am sure some do. third party data processor legal controls Do you have an existing relationship with network gear providers such as Cisco, PaloAlto, Fortinet, etc? [Edit] Or if your business is very small and just starting out perhaps you could set up an isolated zone with Linux or BSD VPN nodes and use something like Wireguard, Tinc, Strongswan, OpenVPN, whichever suits your needs. Then create firewall rules in your company to permit the VPN nodes to reach the required services. Thank you. No, this is for a small business, so there aren't any enterprise equipment relationships. In that case another option may be setting up a couple of VM's or physical servers in an edge zone of your network and use an open source VPN. The latest popular solution is Wireguard. There are some github repos that have examples of how to set that up for mobile roaming devices. The downside of these solutions is that they trust keys bound to a device vs having per-person authentication but one could always have additional controls just past the VPN. Another thing I have seen people pushing here lately is tailscale, though I am not a fan of cloud solutions for remote access. As the company grows that would have to be factored into 3rd party controls and I am personally too lazy and like to keep audits short and sweet. A smaller and more old school solution is to have a hardened SSH bastion and do port forwarding through it. This is very unpopular among developers though and that machine must be kept up to date and ideally have mandatory access controls such as SELinux or Apparmor enforcing policies. > Another thing I have seen people pushing here lately is tailscale Came here to mention Tailscale. OP said: 'And most of them appear to be operating outside of my country's legal jurisdiction (the U.S.)' Tailscale is Canadian though, so is that within OP's scope? usually the way people do this is just running a vpn onprem on company equipment alternatively cloudflare zero trust Thank you. I've been reading about cloudflare zero trust with some interest, but it seems like there are some shortcomings of the solution for my use-case. For example, cloudflare states they don't mask the ip you are coming from when connecting to external sites and services (unless I misunderstood somehow), which would put me in the position of having to whitelist an entire coworking space or coffee shop when I need to tell an external service how to allow my computer to connect. > trusted solution from a trusted company that gives me the ability to conduct serious work and send/receive sensitive business data over a variety of connections in a secure way > which would put me in the position of having to whitelist an entire coworking space or coffee shop when I need to tell an external service how to allow my computer to connect Zscaler. Not b2c. Does exactly what you are trying to do, including private connections to third parties (and services "behind VPN" onprem). Not blacklisted/banned from major random sites for spam, etc. This is not how any of our VPN or VPN like products behave today. There was a time when this was true for our consumer WARP app