Through split tunneling, administrators can set up policies that define which types of traffic will be routed through the VPN gateway and directly access the Internet. In this article we discuss principles of split tunneling, what to consider before implementing it and how your business can benefit from this networking configuration.
Every business has all kinds of sensitive data and files such as CRM records, intellectual property documents, banking information, and financial records that are considered sensitive and must be protected from prying eyes.
Risk of eavesdropping is not virtual and even intensifies with the growing adoption of remote work that adds another complexity to business security. Especially for small and medium enterprises which lack budget and also human resources. In 2021 alone, over 50% of SMBs with less than 500 employees experienced a cyberattack.
If you want to avoid these risks and keep your business safe, the best possible solution is to use a virtual private network (VPN), preferably cloud based, to create an encrypted tunnel between your devices and your corporate network.
Split tunneling is a VPN feature used to achieve data security within your business while still giving your employees some freedom. Let's break down some key questions that may arise in regards with this topic.
Table of contents
Key Terms
- Encryption: This is when data and information are translated or converted into code. This code is unreadable to the outside world and impossible to decrypt unless you are an authorized user.
- Local area network (LAN): A network of computers in a specific area, such as an office building.
- LAN devices: These are devices that are connected to your local area network. An example of a LAN device or local device is a network printer.
- Full tunnel: A full tunnel means using your VPN for all your traffic rather than using split tunneling.
- Phishing attacks: Hackers can attack your business by sending your employees links or attachments to download, which contain malware that can infect your business network.
Quick intro to VPN
Before we explain what VPN split tunneling is, it is important to understand what a VPN is and how it works.
A VPN is a technology that creates a secure tunnel between a device and a corporate network. When data passes through this tunnel, it is encrypted. This means that all your traffic is scrambled and cannot be seen or accessed by the public.
👉 You can think of a secure VPN tunnel as a hidden tunnel between two houses. When you use this tunnel to travel between these two places, you become invisible to the outside world.
Who uses a VPN?
VPNs typically have two usages: personal and business.
➡️ A personal VPN would, for example, be used by someone wanting to access websites that are restricted in their country or act anonymously on the Internet.
➡️ A business VPN is tailored to the specific needs of organizations that want to protect their corporate networks.
What does this mean for your business?
If you want your business resources to stay safe and protected, a VPN can help—especially if you have employees working remotely.
You need a way to ensure your employees can remotely access your business systems safely, even if they are on a public Internet connection.
A business VPN like GoodAccess protects your company, as your employees can access your corporate network from any location safely.
It also makes your private business information invisible to the public and helps you avoid hacking attacks.
If you want to get a deeper understanding of VPN technology, check out this blog that discusses cloud VPN.
What is VPN split tunneling?
Split tunneling is a VPN feature that allows admins to route the traffic via two different tunnels. One part of the traffic is sent through the encrypted VPN tunnel and another part is sent directly to the public Internet through your local ISP connection..
For example, when a remote user needs to access company resources through the VPN while browsing the Internet for personal use, the traffic is split to access both resources simultaneously.
Split tunneling can improve network performance, reduce the strain on the VPN servers. It could also save costs on VPN service in case it charges you based on the amount of data transmitted through their servers.
On the other hand, it is important to note that split tunneling can potentially compromise the security of the VPN connection, as it exposes some network traffic to the Internet without encryption.
Typically, the default setting on a VPN client would be to route all traffic through a secure tunnel. You would need to configure your VPN to enable split tunneling.
👉 With split tunneling, the secure tunnel analogy we used earlier would be a brick-and-mortar underground tunnel that no one can see inside. Your second tunnel would be above ground and made of glass, allowing people to see your data as it passes through. Hackers may be able to steal data from the second tunnel.
Why use VPN split tunneling?
Many VPN services tend to use a lot of bandwidth since the VPN server handles all the traffic routing and traffic encryption for each user. This can slow down overall network performance.
Thus, businesses that want to conserve bandwidth and improve local Internet speeds while using a VPN can choose to enable split tunneling. It keeps business resources like software (CRM, financial system, etc.), and your local network safe while simultaneously allowing employees to freely access personal internet resources.
⭐️ With a cloud business VPN like GoodAccess, your bandwidth and Internet connectivity will never be slowed down because our global network provides better connectivity and scalability than local data centers.
👉 In our analogy, because your VPN tunnel would be the underground tunnel, it would take longer for you to reach your destination via the tunnel. With split tunneling, you can also choose to use the glass tunnel above ground which would allow you to reach your destination faster.
Using VPN split tunneling means you can allow your team access to your LAN through your open network tunnel, while still keeping your other VPN connections to your applications and sensitive data private.
Your employees may need to connect to multiple resources simultaneously, like a foreign network and an on-site server. Using a full tunnel only would mean your team must connect and disconnect from your VPN constantly.
By using VPN split tunneling, your employees can access more than one network at the same time while still maintaining your privacy.
What Are the Different Types of VPN Split Tunneling?
There are three different ways to implement VPN split tunneling.
URL-based split tunneling
With URL-based split tunneling, an administrator can define a list of specific URLs or domains (ie. domain of your CRM such as Salesforce) that should be routed through the VPN, while all other traffic is sent directly through the user's local internet connection.
Note that the list of URLs for split tunneling must be carefully configure as well as maintained to ensure that business sensitive traffic is routed through the VPN to maintain security and compliance
App-based split tunneling
This type of split tunneling works similarly to URL-based split tunneling. It allows you to choose which apps or software you want to route through your secure VPN tunnel and which ones should route through your open network instead.
If you have banking apps or CRMs that store a lot of customer data, you would want to use app-based split tunneling to ensure that connections to these apps remain private via your VPN tunnel.
At the same time, however, there may be other apps you’d want to allow your staff to use through your second public tunnel.
Inverse split tunneling
As described above, in typical split tunneling configuration only selected traffic is sent through the VPN, while the rest is sent directly to the internet.
Inverse split tunneling is the exact opposite to this network configuration: specific traffic is excluded from the VPN, while all other traffic is sent through the VPN.
This is useful in use cases where certain applications or services require direct internet access, such as video conferencing, online gaming, or content streaming, while the rest of the traffic needs to be protected by the VPN for security reasons
The Pros and Cons of Split Tunneling for Your Business
Before you choose to enable split tunneling on your VPN service, you may want to consider the various pros and cons of doing so.
✅ Pro: Using VPN split tunneling can conserve your bandwidth and improve your Internet speed and experience if you use a traditional VPN.
✅ Pro: Your employees will have a secure connection to your network that encrypts your sensitive files and data while still being able to access Internet resources freely.
❌ Con: By allowing some of your traffic to pass through your second public network, you are leaving some aspects of your business vulnerable to hackers.
❌ Con: If you do not correctly set up and configure your VPN split tunneling, you could open yourself up to cyberattacks.
❌ Con: Not all VPNs support split tunneling, and some of them only allow split tunneling on certain operating systems.
Are there security risks when using a VPN split tunnel?
Before you choose to use VPN split tunneling within your business, you must understand that there are security risks involved.
Public and unsecured networks
If you have remote employees, it is possible that they will access your business resources via a network that is not secure, such as Wi-Fi at a café, airport, or hotel.
Unless they are connected to a VPN full tunnel, connecting to your business through an unsecured network puts your company at risk.
Hackers can easily infiltrate a public network that is not secured and steal the data that is being transmitted over these networks.
Transmitting sensitive data
Of course, using VPN split tunneling is far more secure than not using a VPN at all. However, it is not wise to rely solely on split tunneling as a security measure within your business.
This is especially true if you have a lot of sensitive data that you need to keep secure by means of encryption.
Other security concerns
There are some other risks involved in VPN split tunneling, which include:
- Losing visibility of what your employees are doing while they are accessing your business network and the Internet. This could include visiting prohibited websites on company time or falling victim to phishing attacks.
- There is a risk that your employees may bypass permissions that you have set up to only allow them access to certain parts of your business. For example, you would not want freelancers to access your financial records.
- If it is not set up correctly, there is the potential that your split tunneling will not be effective and cause security issues.
Wrapping up on VPN split tunneling
VPN split tunneling is particularly useful for organizations who seek ways to optimize network performance while ensuring your sensitive digital resources are safe and secure.
However, split tunneling might increase the risk of cyberattacks, and you would need to be careful about how you configure your split tunneling.
So if your primary concern is keeping all your Internet traffic and sensitive data secure and preventing unauthorized access to your network, then it may be best not to opt for split tunneling features.
With GoodAccess, you can use split tunneling feature to enable accessing your critical systems via the secure gateway and route non-essential traffic directly to optimize latency. Whether you choose to use split tunneling or not is completely up to you.
Try GoodAccess for free to test out all our features yourself.
Frequently Asked Questions (FAQs)
How does VPN split tunneling work?
Many VPN providers, including GoodAccess, offer a split tunneling feature. This enables companies to have both an encrypted VPN connection and a public connection running concurrently.
Split tunneling is useful if you use a traditional VPN that typically slows down Internet speeds and bandwidth performance.
This VPN feature allows your employees seamless access to your local area network as well as other networks, without having to disconnect and reconnect to your VPN.
What does VPN split tunneling do?
Split tunneling works by dividing your network traffic into two tunnels. The first is a secure tunnel where all the data that passes through it is encrypted and completely safe. The second is a public network allowing employees to access the Internet freely without routing the traffic through the VPN gateway.
What is dynamic split tunneling?
Dynamic split tunneling is when the domain name system (DNS) is used by administrators to choose which Internet traffic should be included or excluded from the VPN split tunnel.
For example, you could exclude all Internet traffic from domains like Facebook or Twitter if you do not want your staff to access social media from their work devices.
You can also exclude blacklisted domains from your split tunnel to protect your business while your employees work online.
Should I select split tunneling for my remote network?
There is no right or wrong answer when it comes to choosing split tunneling for your business. If you have a VPN that can offer split tunneling, it may be worth looking into this solution, especially if your current VPN connection affects network performance for your employees.
To determine if split tunneling is best for your business, you need to consider how much of your team’s activity you want to be encrypted and to what extent you want to allow your employees to browse the Internet freely.