Proxy servers exist to limit traffic to disreputable websites and enable organizations to track where what their employees are doing. Bypassing these devices in the guise of performance increase and/or traffic reduction may not make sense. Each of these technologies plays a key role in both communication and data protection. Users also may circumvent DNS, intrusion detection and prevention systems, data loss prevention devices and many more. Once the bad actor has access to the same network hosting the company computer, the corporate network is at risk. Specifically, if a hacker compromised an employee’s home network through the split tunnel, they could potentially penetrate the corporate system. Additionally, if an end-user has an insecure network, they risk the corporate systems as well. Information security professionals place defensive technology throughout corporate environments to protect endpoints and prevent users from performing certain tasks, both intentionally and accidentally.Įnvironments utilizing split tunneling allow end-users to bypass certain devices including proxy servers designed to block and track internet usage. While split tunneling offers obvious benefits, risks abound as well. Rather than use an example of a corporate office in California, imaging an AWS data center in Oregon. Note that this all holds true with Cloud deployments as well. With split tunneling enabled, the user simply goes from Virginia to New York over their personal internet service provider (ISP) connection. When that user also wants to access internet resources located in New York, it makes no sense routing their traffic to the corporate data center in California only to go all the way to New York, back to California and then to Virginia. When that user accesses network resources (email, file servers, corporate applications including payroll) at the corporate data center, their connection traverses most of the United States. Visualize a user in Virginia that works for a company in California. Unfortunately, the lack of understanding inherent drawbacks opens these organizations up to new risks. Since many businesses suffer bandwidth constraints, the decision to enable split tunneling becomes an easy one. Users that understand this technology appreciate the privacy and enhanced performance through improved routing paths. These key capabilities, primarily traffic reduction and internal networks, lead most organizations to turn on split tunneling when they set up their virtual private networks. When creating a VPN, network engineers have an option to enable “split-tunneling” which sets a determination of when data traverses the VPN.Įnabling split-tunneling reduces traffic on corporate networks, increases speed through reduced latency for specific tasks and grants privacy to end users. A key facet with using a VPN for remote access involves what and how much data to send down the tunnel. VPNs provide both benefits and drawbacks. Due to the nature of TCP/IP, and inherent lack of security, virtual private networks came about to create secure protocols between remote users and systems. VPN technology began shortly after the internet came into being and still enjoys wide use throughout the world, primarily in government and corporate environments. Implementing split-tunneling, which allows end-users to bypass the VPN for non-related communications, creates numerous additional risks to entities utilizing VPNs. Business requirements must lead technology decisions rather than seeing information technology professionals leading the way. When deploying technology, organizations must understand the unintended consequences of their actions. These risks include threats from outsiders as well as harm caused to other internal security devices. While encryption delivers a critical security component, utilizing VPNs may introduce new risks to networks. Data on the front end (inside the individual’s network) and back end (systems on the destination network) do not include encrypted data unless the application or another network component provides the security. VPNs establish a data tunnel with end-to-end encryption between the source of the VPN and the destination. Virtual Private Networks (VPN) deliver extensive security to individual users as well as corporations and governments.