Nord Security joined AMTSO earlier this year and has quickly become a major driver and contributor to the VPN Working Group. We spoke with Domininkas Virbickas, Head of Development, Threat Protection, NordVPN, about his views on the current VPN testing landscape, the changes he’d like to see in VPN testing, and his vision for the future of VPN technology.
Domininkas, why has Nord Security joined AMTSO?
There were several reasons why Nord Security joined AMTSO. Firstly, while VPN services have become increasingly popular among internet users worldwide, the testing standard remains unclear. The AMTSO community has done a great job developing clear and transparent cybersecurity standards over the years. We aim to bring industry knowledge to develop trustworthy VPN testing standards.
Secondly, the changing landscape of cybersecurity threats requires additional efforts to develop testing standards for tools coping with a wider range of internet security threats. While developing anti-malware solutions was a top priority for decades, now the main threats are shifting to scams and phishing. New tools are being placed on the market, and new testing standards should be developed. We believe that our knowledge could be valuable in this process.
What’s your opinion about today’s VPN testing landscape?
With the rising use of VPNs globally, VPN testing also becomes more popular. Additionally, in the industry’s origins, VPNs were often compared by price and number of servers, but now tests are getting deeper. Unfortunately, without trustworthy standards, they can easily go wrong. For example, speed tests usually do not consider network conditions. Measuring internet speed once with one device does not give a basis to claim that VPN service slows down the speed by a certain percentage. By ignoring ever-changing network conditions, tests mislead consumers. Thus, VPN testing guidelines and standards are needed for both industry and consumers.
What would you like to change in VPN testing processes?
Introducing VPN testing guidelines and standards would be the first step in comparing different services fairly. This should represent consumers’ needs and provide them with objective information while choosing the most suitable VPN service.
What are the most important features and functions testers should assess in their VPN tests, in your opinion?
Traditionally, VPN quality is determined by the following criteria: availability (can always login and use the service), connectivity (speed, connection stability, range of location selection), and content accessibility (possibility to privately and safely access content).
Nowadays, most VPNs aim to perform more functions. For example, NordVPN has the Threat Protection Pro feature, which protects users from scams, phishing, malware, trackers, application vulnerabilities, and other cyber threats. These functions should be assessed, as users should be aware of their reliability.
How do you see the future of VPN technology evolving in the next 5-10 years?
As I mentioned above, VPNs are already turning into all-inclusive privacy and cybersecurity suites that work beyond traditional VPN functions. This transformation will determine the competitiveness of VPN services in the upcoming decade.
Additionally, the post-quantum revolution will also affect VPNs. More than the current encryption will be needed. It should be based on post-quantum cryptography with unique algorithms that enhance encryption to a level that makes the tunnel between the sender and receiver challenging to break even for quantum computers. Quantum-safe VPN is going to be a reality soon. We are now testing our technologies to make it work, and we believe that soon we will have adequately working post-quantum encryption on VPN.
What advice would you give to users when choosing a VPN provider?
It’s hard for me to be objective. But most important to pick a trusted brand as you have to trust a company to encrypt your traffic without storing any logs. I would also look for a vendor which puts effort on innovation. A VPN tunnel enhances privacy and security, but bringing user’s digital protection to the next level requires additional solutions based on advanced technologies.
Thanks so much for these insights!