Using a dedicated static IP address is considered best practice when enabling remote access for the workforce via VPN (Virtual Private Network). In this article, we will look at how to get a static IP address, what IP whitelisting is, and what the typical use cases are.
There are two main ways how to obtain a static IP address:
A shared static IP address is a single address used by several entities, i.e. tenants or organizations, which is convenient for the purposes of home users as shared IP addresses are often free.
However, a shared IP address is ill suited for security measures like IP whitelisting.
On the other hand, a dedicated IP address is completely private to one user or a group of users and is not shared with anyone outside your organization.
For this reason, it can be used for a variety of purposes ranging from routing to securing remote access.
There are several reasons why to use static IP when operating a network. The most common ones include network access restriction and remote access to services.
One of the most common use cases is restricting network access to your internet-facing services by using a firewall, where only whitelisted IP addresses are allowed to connect to the service.
Only with static IP can you define a firewall rule valid indefinitely.
When using a dynamic IP address, the firewall rule would become obsolete anytime the IP address changes. As a result, a whitelist update would be necessary (which implies extensive manual work in large networks).
Another common use case is when you host some service inside your local network and need to access it without geographical limitations.
Your ISP has a range of IP addresses. Without a static IP, you use one of their shared IP addresses that don’t uniquely represent your network.
Having a static IP address therefore allows you to connect from any remote location (local firewall rules apply), knowing the IP address is always the same and resting assured the connection remains available. This ensures the privacy of communications and helps to comply with regulations that require strict access control (ie. NIS2).
Data stored in the public cloud is protected by the provider along with the rest of their cloud infrastructure, but the business subscribing to the cloud hosting services is still responsible for the protection of their data during transit.
IP whitelisting is an effective method of establishing a trusted connection between the cloud and another key element of the company infrastructure, such as a VPN server.
Whitelisting makes the cloud resources perform quicker, easier to access, and more secure—since access would only be allowed from the trusted IP address.
Imagine you host services inside your local network, data center, or even in the cloud and need your employees to access them from anywhere.
It is possible to make the system available publicly, but it would make it vulnerable to network attacks (e.g. man-in-the-middle attacks, DoS and DDoS attacks, eavesdropping, data breach).
Therefore, it is reasonable to make your resources available only to known IP addresses (so-called IP whitelisting - see the box above) as part of security controls.
Without a static IP VPN, your users connect with one of your ISP’s shared IP addresses that don’t belong to your trusted IP range and don’t uniquely identify them as one of your internal employees.
With static IPs whitelisted by the server, like your CRM application server, users’ IP addresses always remain the same.
This is why users can connect from everywhere (local firewall rules apply) securely. Static IP is essentially a unique online ID of the user used for secure remote system access.
VPN creates a secure encrypted tunnel connection from a device to a VPN server based in the selected country (see business cloud VPN or Types of VPN blog to learn more).
A VPN service establishes a secure encrypted tunnel connection from a device to a VPN server based in the selected country.
The user device is assigned an actual static IP address, and all their data is routed via an encrypted tunnel.
This is the way to ensure users always have the same static IP wherever they connect from.
The IP address is fixed and dedicated to the user or a group of users, so only they can use it for accessing remote systems. This can be of critical importance in scenarios like port forwarding, where IP whitelisting remedies what would normally be a critical vulnerability.
Business Cloud VPN typically delivers: