As the Internet of Things (IoT) security landscape continues to evolve, organisations and individuals are increasingly turning to Virtual Private Networks (VPNs) and Access Point Names (APNs) to protect their data.
But while both services provide secure connectivity, they accomplish this in very different ways and offer different solutions to a variety of IoT challenges.
In this post, we will look at the differences and similarities between APN and VPN, and discover how to get the best solution amidst typical APN vs. VPN IoT security choices.
What’s the difference between VPN and APN?
An Access Point Name is a gateway that allows users to connect to the internet through their carrier network. APNs can be public and private and can be used in conjunction with a VPN.
A Virtual Private Network is a technology that offers a private network connection over public or shared networks through encryption. VPNs can use static IP addresses if needed for IoT device management.
Let’s look at the functions and intended uses of APNs and VPNs and their differences in more detail.
What is an APN?
An Access Point Name (APN) is a gateway or a point of entry between a mobile network operator’s network (MNO) and the internet. It is therefore used to allow internet and data connections through a mobile or cellular network and to implement security features.
Devices must therefore be configured with the correct APN as assigned by the MNO or Virtual MNO (MVNO) to enable them to successfully access cellular networks and the internet through their prime carrier network. That is, the provisioning entity.
For example, with a roaming IoT SIM card, this will be the Home Location Register and core network provider and not the local network provider that the device is currently visiting or is connected to.
The APN is used to assign an IP address for the device, establish networks that can be accessed by it and any necessary security features.
An APN can be either public or private. A public APN is the default option provided by MNOs which will typically be different for their major MVNO partners or forms of IoT traffic. For example, based upon region or type of application.
A private APN, on the other hand, is bespoke to an individual customer and enables traffic to be passed through to their enterprise network. This tends to be used for more closed applications, where greater security or assurance is needed. It can require network configuration changes and as a result, potentially incur some associated costs.
What is a VPN?
A Virtual Private Network (VPN) is an encrypted tunnel. VPNs enable data to be encrypted across public networks between two or multiple endpoints; i.e. a company server or cloud services.
It is important to note that a VPN only provides encryption between valid endpoints.
For example, a cloud-based VPN service will provide network encryption between network points, servers or nodes. If the dispersed IoT device is not compatible, then the communications between the device and the first compatible node or endpoint will be unencrypted or at least encrypted using standard GSM encryption methods.
Some devices therefore use end-to-end encryption or edge routers that are preconfigured to a security/VPN specification. For example, this is required for payment terminals and systems and is covered by PCI security standards.
VPNs themselves are available in a range of types, protocols and configurations. For example; Remote Access VPN, Site to Site VPN, Internet Protocol Security (IPSec), Cloud VPN, Mobile VPN, OpenVPN, SSL VPN, PPTP (Point-to-Point Tunneling Protocol) VPN, L2TP (Layer 2 Tunneling Protocol) VPN.
It is important to note that for security purposes, most IoT devices initiate all communications to their pre-configured infrastructure. Clearly, many devices will need to be polled, but this is only executed upon very tight and controlled protocols that minimise the risks of surreptitious IoT device hacking or malicious activity.
Key differences between VPN and APN
While the various forms of APNs and VPNs and their underlying architectures and protocols are used to provide secure connections for IoT devices, they are clearly very different in terms of their intent and implementation.
At a practical level for an end operator of IoT devices, there are several key differences, which include:
1) Device Setup
The first difference between a VPN and an APN is the set-up.
An APN’s configuration settings are provided by your IoT SIM card provider. This, however, will require setup in the device.
The reason for this is that consumer mobile phones are preloaded with consumer APN which can be automatically set up by the phone based upon the single network SIM card and the user/retailer choices on start up. IoT devices, which require multi-network functionality, inter-operator IoT agreements and more complex routing for resilience, require a specific APN to be entered at manufacture or on installation/configuration.
Once set up, however, the APN network connection is seamless and automatic.
VPNs, on the other hand, reside more in the network. That said, any IoT devices or edge routers that need to be configured with a VPN will need those features configured at the manufacture or installation/configuration stages if they are to work ‘out of the box’ and will also require the APN to be configured so that the device can access the internet or in the case of a Private APN, secured enterprise networks.
Network security plays a vital part in any IoT operation, especially when it comes to the transmission of sensitive data or the prevention of malicious third-party hacking of remote IoT devices such as CCTV cameras and payment terminals.
While private APNs can ensure data is routed in specific ways, it cannot ensure the security of data.
Alternatively, VPNs use 128 and 256-bit encryption to offer increased security and privacy for data transmissions. As stated earlier, however, transmissions need to be architected to understand the specific vulnerabilities based on the use case and the criticality of the data. For example, an implementation of a VPN may only encrypt data transmissions for certain sections of its journey.
When utilising IoT devices and edge routers, it is important that they are also considered as endpoints. If they are not, then data is not encrypted and they may be vulnerable on local LAN, ethernet or Wi-Fi networks with poor security. Mobile data is encrypted using GSM encryption, which provides a level of security which can be enhanced with a VPN tunnel infrastructure.
3) Internet connectivity
The benefit of a MNO public APN is simple and easy internet connectivity for IoT devices. Considering that an APN is configured into all smartphones and most IoT devices, establishing a wireless internet connection is an easy task and simply requires an understanding of how to change a device’s APN settings.
VPNs provide a greater level of control and security for the end service provider or user. They require more consideration, however, as the security architecture needs to be mapped out and supported.
For example, EV charge points are key points of infrastructure and require the secure connection of multiple endpoints. This may include payment terminals, ANPR cameras and user details. These are, in effect, multiple endpoints, that will require architecting and scaling into a pre-configured or post-configured solution.
To achieve scalability, charge points should be manufactured with the necessary functionality and enable the installer to set up multiple devices with minimum configuration on site. This will mean a simple pre-configured VPN connection to the multiple network endpoints required for a functional and secure service to be deployed.
In this use-case, including the payment merchant services and billing platforms, the charge point management servers, the vehicle registration/validation service, and so forth.
An APN in this case only allows the devices to connect to the internet via a mobile network. The security and validity of connection (as well as data billing) being held via the SIM Card security credentials and processed via the MNO/MVNO CDR/billing platforms.
4) Account management
Another difference between an APN and a VPN is how each network is managed. With a public/private APN, account management will be handled by your IoT SIM card provider, MVNO or MNO.
With a VPN, it is important to ensure that devices and endpoints are properly configured for ease of use. MVNOs, IoT SIM card and router providers such as Caburn Telecom and CSL Group provide these services so that they work seamlessly with APNs and their cloud or server endpoints.
For example, this is critical for fire and security applications that require secure, encrypted connections for alarm receiving centres or CCTV.
Similarities between APN and VPN
APN and VPN are both designed for scalability. Whereas APNs are more typically used for accessing the internet from mobile networks and are deployed as standard across IoT ordinary devices, VPN tend to be used where security is paramount. For example in payment and security applications, or where user details/credentials are being transmitted.
Both technologies and infrastructures are compatible with IoT devices, which enables IoT devices to remain connected, but with varying levels of security.
APN vs VPN for IoT
Now that we have established the similarities and differences between APN and VPN technologies, we can assess the VPN vs APN debate, which can be fraught with misunderstandings as to their intended uses and functions.
For any IoT device, security, reliable connectivity and confidentiality are all essential aspects for any successful IoT operation.
For simplicity, most IoT devices function well with a ‘public’ APN or ‘private’ APN, provided that the device has basic security functions which ensure that it is not open to malicious intervention. For example, the device initiates all communications, including polling for any firmware updates.
Applications such as CCTV, retail, payment processing, alarms, telecare, EV charge points, and edge routers clearly require higher levels of data security as well as the secure mechanisms to manage the device remotely. In these cases, VPN solutions are key requirements. They are available in a range of configurable architectures and protocols.
To get a clear understanding of what connectivity solution is best for you, there is no better place than Caburn Telecom and CSL.
We are industry leaders in IoT connectivity and can provide you with a range of solutions to match your IoT operation’s needs.
Contact us today to find out more about how IoT can help your business grow. We look forward to hearing from you!