Digital private networks play a vital role in providing access—and enhancing anonymity—to end-users in higher education. However, as VPN adoption is increasingly growing to meet remote learning requirements, colleges and universities must resolve common misconceptions that users may have regarding VPN adoption, implementation, and use.
The post-secondary school is back in session. But for many students, the learning environment has changed significantly. As reported in the Harvard Business Review, "online learning became a default in 2020." As the pandemic drives schools to raise IT budgets, higher education is increasingly evolving distance learning frameworks that can scale upon demand.
This poses a vast end-user security problem for campus IT teams. As the number of connected devices and access requests is growing, students and staff become the weakest links. Many campuses have implemented VPN solutions to resolve potential security concerns, but common user misunderstandings regarding VPNs remain a security stumbling block. They are taking a look at five of the most prevalent—and problematic—VPN myths.
Myth 1: VPNs Collect No Data
Since VPN tunnels are designed to protect information users can often believe that VPNs do not collect data. It's not true.
"Since they operate on an IP layer, they collect IP addresses, dates, times and duration of connections," says Tilley. "Some may also collect the number of bytes sent and received through the connection."
In the meantime, advanced VPN agents can also capture and exchange client data—such as operating system versions, anti-virus status, and patch and software information.
Myth 2: VPNs Are ‘Fire and Forget’
VPNs can encrypt traffic and blur user behavior but bear in mind that there are possible infrastructure costs.
"Full-tunnel VPN connections place all remote host traffic on the organizational network," Tilley says. "This can lead to performance issues, compliance issues such as DCMA notifications when home users mix personal and organizational browsing with increased licensing costs."
"If the VPN has policies that interrogate its clients before connecting, such as requiring Windows 10 or having the latest anti-virus signatures, the organization must be prepared to keep up with constant changes and denials of connection due to clients not meeting the bar," he says.
Myth 3: Virtual Private Networks Are Impenetrable
In other words, VPNs can only function as a single layer of higher education security frameworks. In addition to robust passwords and authentication controls, Tilley suggests that schools pair VPNs with more advanced options, such as software-defined perimeter solutions, to optimize security.
To secure remote learning initiatives on a scale, higher education IT departments must unravel common misconceptions that end users can have about how VPNs function.