Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.
VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.
"The key is that the VPN function – woven into the app itself – is a way to create more secure app connectivity and functionality without impacting device performance or battery life," Hochmuth said.
VPN functions are being built into mobile security products such as Symantec's mobile endpoint protection, which invoke on-the-fly VPNs to protect users when threats are detected on open wireless connections, Hochmuth said.
"Enterprises are deploying micro-VPN or per-app VPN capabilities to protect sensitive data on corporate apps without having to tunnel/encrypt all data, which is cumbersome and affects performance," Hochmuth added.
ProtonMail, an end-to-end encrypted email service born out of the European Organization for Nuclear Research (CERN) in 2014, is sold by Proton Technologies AG. The company claims to be the only VPN with no bandwidth limits, data caps or "privacy invading ads." Proton also claims to not install adware on a device or sell user data to third parties – it has a strict no-logs policy. Instead, the free VPN service is supported by paid plans.
And, as long as privacy is protected by a strong, industry-approved encryption algorithm – as Proton's is – "that’s as good as it gets," according to John Girard, vice president and distinguished analyst in Gartner's Endpoint and Mobile Security practice. It also means mobile VPNs can be as good as any other VPN implementation.
"But clearly, when I use a web app, I am connecting to an app, not necessarily to a full network with all of the capabilities (and risks) that network connectivity entails,” Girard said. "Think about that. The more we move to using cloud apps, it is very much the case that I really do not need to be on a network. I need virtual privacy, and I get that from TLS [Transport Layer Security – the successor to SSL] without requiring a layer three bridge onto a LAN somewhere."
There are, however, no simple answers when it comes to VPN security. Girard said he has seen VPNs incorrectly set up where a certification validation failure causes the encryption to be removed. VPNs with simple static passwords that are used for everyone and never changed also pose a security loophole. And VPNs that use obsolete encryption that’s easy to break are obviously unsafe.
"I think the biggest problems are related to malware that is on an endpoint device and that is using a split tunnel to send information outside of the VPN," Girard said. "That can and does happen and is a reason why we still need anti-malware defenses.
Things get more complicated when companies decide to run closed tunnels for better defense against that last example. When you are dealing with personal systems, closed tunnels are show stoppers because the users get cut off from every other data service."
Proton's VPN routes users through encrypted tunnels, and the VPN app for iOS supports advanced security features, such as Secure Core, which passes mobile user traffic through multiple servers (325 servers are available) to defend against bad actors attempting to trace mobile IP addresses, and Tor via VPN. The new app also uses the latest Internet Key Exchange (IKEv2) protocol, which provides for higher speeds and stability on a VPN network.
For individual users, ProtonVPN Basic ranges in price from free to US$24 a month, with higher-priced plans offering advanced security features and higher speeds.
There is a separate plan for corporate users, including a ProtonMail Professional plan and a ProtonVPN Plus plan.
"The corporate plan can be customized to meet the enterprise's needs," a ProtonMail spokesperson said. "The pricing model will be modified according to how many users and VPN connections the company elects to set up."
For example, a small company that requires five email accounts and VPN security for 10 devices, would be billed $448.80 annually. The exact pricing depends on the number of users and number of devices that need VPN protection.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.