Recently, there has been speculation that VPNs might be reaching the end of their natural lifecycle.
Some people have even suggested they might die out entirely in less than two years. The argument claims that issues surrounding data logging, ISP restrictions, encryption, and geo-blocking are all eroding consumer confidence the product.
But VPNs were never designed to be either privacy or geo tools in the first place, they’ve just morphed into those roles over time.
So, what does the future hold for VPNs? Are there any technologies that the VPN providers can embrace to keep their product relevant? What can they do to ensure customers retain their subscriptions?
Join us as we peer into the crystal ball. Here’s a look at the future of VPNs.
VPNs Are Adapting to Mobile
Like all web-based businesses, VPN providers are quickly wising up to the fact that the online world is becoming increasingly mobile-centric.
Of course, most VPN companies are more than happy to tout the availability of their service on mobile. Both the Android and iOS operating systems provide a way for you to enter your VPN credentials and use your network.
That’s all well-and-good, but behind the scenes, mobile VPNs are a different beast. The technology required to operate a mobile VPN is very different to that required for a desktop VPN.
When used on mobile, the VPN needs to reduce the amount of memory it uses, process data over shorter timeframes, and use data compression techniques to improve performance and increase throughput.
As such, we’re going to see more and more companies adopting the FIPS 140-2 standard. The standard—which was published by the National Institute of Standards and Technology—demands that VPNs must offer secure and persistent wireless access using a mobile-optimized TLS protocol.
Four mobile VPN technologies are adhering to the FIPS 140-2 standard. They are IPsec VPNs, SSL VPNs, IKEv2 VPNs, and MobileIP VPN, though SSL and IPSec were designed for desktop use.
We’ll probably see more and more VPN companies adopting one of the four technologies over the coming years. Even more likely, we’ll see a new VPN protocol arise that’s specifically designed for mobile usage and which eradicates the flaws of the current crop of protocols.
The Rise of Network Access Control
Although most people think of VPNs as a way to access Netflix US and prevent ad companies from tracking them around the web, they’re also an essential tool for businesses.
VPNs allow employees to log into a company’s network and access the data within it. This enables them to perform business-critical tasks while working from home or when on the road.
But the practice also introduces an element of risk. How can the company be confident that the device you’re using to log into the network is safe? Is it virus free? Is it running the latest version of the operating system? And is it free of apps that could steal the company’s data? Ultimately, VPNs are one of the most vulnerable access points in a business’s entire network.
And that’s where Network Access Control (NAC) comes into play. In broad terms, a robust NAC system will not grant access to any device unless it meets predefined criteria. The criteria could be anything from anti-virus protection to system settings.
The increased usage of “Bring Your Own Device” (BYOD) policies and the shift towards mobile gadgets have made NAC policies harder to implement.
As such, many experts speculate that VPN providers will start offering NAC solutions as standard. A VPN could assess the device and establish if it was in the correct state to connect before a user even enters their credentials.
It would also allow an employee to try and log into the business network from any public computer, even if it wasn’t verified by the company’s IT department. On paper, this should remove obstacles that hinder employees from doing their jobs and thus help to increase their productivity.
Cloud Storage as Standard
Many companies are starting to use cloud-based solutions instead of VPNs. For a start-up or SME, which might not have a dedicated IT specialist, the cloud offers a more straightforward way of sharing and accessing the company’s business-critical data.
I see free VPN services as the next big battleground for Google, Amazon, Microsoft and Apple. Free VPN will become the new "free cloud storage". And it will allow Big Data to gather a lot of consumer metrics.
— Xerø (@Ecksearoh) January 20, 2018
Google, Microsoft, and even Amazon are now targeting the enterprise sector in a big way. Businesses are loving it; the agility offered by cloud solutions combined with the pay-as-you-grow nature of the subscription plans is enticing for cash-poor corporations.
VPN providers are slowly starting to respond. Some have started to offer integrated public cloud services that run in tandem with the VPN itself. The providers’ aim is to offer a secure, single service solution for both cloud storage and a VPN.
Also referred to as AI-based routing, smart routing is set to become more common over the next few years.
The VPN will be intelligent enough to route each individual request to the VPN server closest to the destination server. For example, if you visit a site based in Brazil, your traffic will be sent to one of the VPN’s servers in Rio. If you then visit a website hosted in France in another tab, your traffic will be routed to a server in Paris.
Smart routing has three main benefits. Firstly, your traffic will remain inside the VPN network for as long as possible. Secondly, you’ll experience the lowest possible latencies. Thirdly (and perhaps most impressively), it means every single website you visit will see a different IP address. It would make it much harder for companies to track you around the web.
Recent years have seen many websites and services deny access to traffic that’s originating from a VPN. The most notable are Netflix and BBC iPlayer.
Similarly, some ISPs have also been caught blocking traffic from VPNs. ISPs are aware that many people use VPNs to download torrents and other illegal content, and so decide to take a blanket approach. There are even reports of college dorms and apartment blocks restricting access.
In all these situations, the solution is to obfuscate the VPN protocol. The aim is to change the characteristics of network traffic so that sites cannot identify it as originating from a VPN.
There are already workarounds for achieving this goal. For example, it’s possible to use a command line proxy tool called Shapeshifter Dispatcher. It uses pluggable transports to bypass Deep Packet Inspection filtering. However, the tool is complicated to set up and not suitable for beginners.
Luckily, protocol obfuscation technology will become more common in consumer VPNs. It will remove the need for sophisticated third-party tools and help to return VPNs to the status they had a few years ago.
Service Fragmentation Among VPN Providers
It wasn’t so long ago that commercial VPNs were all much of a muchness. They promised stronger privacy and a way to circumnavigate geographic restrictions, but not much else.
But we can already see the market starting to fragment. The sector’s biggest names—such as ExpressVPN and Private Internet Access—are trying to offer a generic VPN solution that covers almost any use case you can think of on any platform. At the same time, many free services are trying to find a niche for themselves by offering something the big players don’t.
This trend is expected to continue. With the growth of censorship in countries like China, Russia, and Iran, it’s predicted that an increasing number of small VPN providers will pop up in a bid to capture the highly censored markets.