Using a dedicated static IP address is considered best practice when ensuring remote access for the workforce via VPN (Virtual Private Network). How to get a static IP address? What is IP whitelisting? What are the typical use cases? Let's break this topic down.
A static IP address, also known as a fixed IP address, is an identification number assigned to a host. It remains the same in time and is indefinitely reserved for that particular service. The static IP doesn't change even after turning the device off and switching it back on. Typically, static IP is used within an internal network (LAN) for services where it is undesirable to have their IP change dynamically to ensure continuous availability (servers usually).
Hence the main difference between a static and dynamic IP address. A dynamic IP address is assigned to a host (server, PC, laptop, mobile device, etc.) by a DHCP service (Dynamic Host Configuration Protocol). It only lasts for the duration of the leased period, which is usually 24 hours, although this is down to custom configuration.
On the other hand, a static IP address remains the same for as long as the user needs it. It does not reset with the device being switched off and on but remains permanently reserved for that particular service. Learn more about the usage and differences between static IP vs dynamic IP addresses in this blog.
There are two main ways how to obtain a static IP address:
There are several reasons why to use static IP when operating a network. The most common ones include network access restriction and remote access to services.
One of the most common use cases is restricting network access to your internet-facing services by using a firewall, where only whitelisted IP addresses are allowed to connect to the service. Only with static IP can you define a firewall rule valid indefinitely.
When using a dynamic IP address, the firewall rule would become obsolete anytime the IP address changes. As a result, a whitelist update would be necessary (which implies extensive manual work in large networks).
Another common use case is when you host some service inside your local network and need to access it without geographical limitations. Your ISP has a range of IP addresses. Without a static IP, you use one of their shared IP addresses that don’t uniquely represent your network.
Having a static IP address therefore allows you to connect from any remote location (local firewall rules apply), knowing the IP address is always the same and resting assured the connection remains available.
Data stored in the public cloud is protected by the provider along with the rest of their cloud infrastructure, but the business subscribing to the cloud hosting services is still responsible for the protection of their data during transit.
IP whitelisting is an effective method of establishing a trusted connection between the cloud and another key element of the company infrastructure, such as a VPN server. Doing this makes the cloud resources quicker and easier to access, as well as more secure, since access would only be allowed from the trusted IP address.
Imagine you host services inside your local network, data center, or even in the cloud and need your employees to access them from anywhere. It is possible to make the system available publicly, but it would make it vulnerable to network attacks (man-in-the-middle attacks, DoS and DDoS attacks, eavesdropping typically, data breach).
Therefore, it is reasonable to make your resources available only to known IP addresses (so-called IP whitelisting - see the box above) as part of security controls.
Without a VPN with static IP, your users connect with one of ISP’s shared IP addresses that don’t belong into your trusted IP range and don’t uniquely identify them as one of your internal employees.
With a static IP address whitelisted by the server (e.g., your CRM application server), users’ IP addresses always remain the same. This is why users can connect from everywhere(local firewall rules apply) securely. Static IP is essentially a unique online ID of the user used for secure remote system access.
VPN creates a secure encrypted tunnel connection from a device to a VPN server based in the selected country (see business cloud VPN for more). The user device is assigned an actual static IP address, and all their data is routed via an encrypted tunnel. This is the way to ensure users always have the same static IP wherever they connect from. The IP address is fixed and dedicated to the user or a group of users, so only they can use it for accessing remote systems.