Virtual Private Network (VPN) & Mobile Network Access
Virtual private networks (VPN) have evolved in usage since just a few years ago. The capability to provide an extra level of encryption and tunnelling it effectively enabled an end user to access work related content and systems securely. It is also a great way to set up a virtual network of dedicated devices and machines for enterprises or to resell telecom services.
The capability has evolved and been positioned by VPN companies to wider user community as an extra layer of data privacy – to prevent data access (cellular or Wi-Fi) from being compromised by communication service providers or other external parties. This feeds into the general trend of wanting our data exchange and communication to be more secure and untraceable.
However, it should also be noted that a common use case is to gain access to functions and services which may be unavailable in a user’s region, e.g. a European user wanting US based streaming content from the US version of a service, rather than waiting for it to “come over here”. Alternately, in some jurisdictions using VPN capability to access voice chat services which may be barred by the local regulator. Geo-restricted services are one example, and another is where different services have different tariffs/ratings for data usage locally, which in effect is a form of fraud.
A recent survey update from Forbes[1] showed that 40% of users opt for a VPN on their smartphones with 25% using it more than once a day. The primary reason was online privacy (39%), with 24% accessing geo-restricted entertainment content. This is reflective of wider indexes on the use of VPN[2][3]. There is variability by age and geography with 18-24-year-olds being the largest group to understand the technology and how to use it. In the Forbes survey, 51% cite that strong encryption protocols are a buying criteria.
The challenge for the CSP is that where the level of encoding and encryption in radio and internet access have increased security (and privacy) they are losing their reputation as being the safe and secure transports for data. In effect, the perception of lack of privacy is becoming pervasive. For CSP, this is further compounded by local and lawful regulation that may mean that content destination be checked to comply with rules on apps, content for underage users or local policies on chat, streaming etc. It is, in this case, a condition of being a licensed CSP in any geographic region.
It also should be tested as to what level of security is provided – securing a tunnel between device and internet does not secure the data that may be exposed at either end of that tunnel, e.g. it will not prevent cookies being installed or app data being exchanged with app/large content provider. There are additional device-based capabilities for this. What is being exchanged between app/browser on device and content provider is often (90%+) secure by encryption protocols such as TLS 1.3 which means that the VPN is an extra level (possibly redundant) of security for most access.
The VPN market has expanded with many more players entering. Established players and media[4] have cited possible risks from bad VPN vendors indicating that their systems may be a source of threat. Enterprise VPN vendors, targeting SASE (secure access at the service edge) have published numerous articles in what to look for in ‘Good’ VPN capabilities. It is unlikely that, even with a good grasp of technology, a wider user community is keeping pace with such detailed advice.
The market for VPN is increasing because of privacy and the freedom to access wider content, potentially bypassing local laws or billing. CSPs should consider how they can combat the perception that their data access is not secure or safe. Otherwise, it becomes another reason for the end user to consider that data access is a dumb pipe valued on price per GB only.
References:
[1] https://www.forbes.com/uk/advisor/business/vpn-statistics/
[2] https://www.independent.co.uk/advisor/vpn/vpn-statistics
[3] https://www.gwi.com/reports/vpn-usage-around-the-world
[4] Tech Radar – Avoiding Bad VPN.
Find out more about Enea’s portfolio:
Providing the tools to classify accelerate and manage mobile data @ Traffic Management
Service Provider Wi-Fi – providing a secure Wi-Fi Environment