With the rise of remote work, companies have faced several logistical challenges. Chief among those is how to allow remote workers to access company resources safely and with a lowered risk of infiltration by malicious actors looking to steal valuable data or disrupt day-to-day business operations. In this NordLayer review, we look at one way companies can use to secure their data.
One solution many companies, both large and small, have turned to is the utilization of virtual private networks (VPNs). They can route remote workers’ traffic through easier-to-monitor pathways, giving businesses greater safety and control over their sensitive data when used in concert with dedicated endpoint management solutions.
However, VPNs come with a few caveats and hitches that make them potentially unideal for large-scale operations. Chief among them is that VPNs were never designed as cybersecurity products. For example, although many providers tout a VPN’s ability to protect users’ traffic while using public WiFi, attack methods like Tunnel Vision can still leave users vulnerable.
Additionally, VPNs face difficulties during set-up and scaling for more than a handful of users and devices. If not configured properly, a business’s network can still be put at risk, and even when configured the right way, you might still encounter congestion and device performance issues, particularly when remote workers use a VPN for heavy-bandwidth activities like Zoom calls or downloading large files.
Cloud-based network security products like NordLayer aim to bridge the gap between VPNs and proper cybersecurity solutions, giving businesses an added layer of security alongside the strict, controlled access required to implement a zero-trust security framework.
Table of Contents
Featured Partners: Zero Trust Software
What You Need to Know About NordLayer
NordLayer is a business VPN and network access tool that will appeal to businesses looking for a solution with an easy-to-use interface that can help them implement a zero-trust framework for access control. | ||
Overall Rating: 2.5/5 • Core Features: 4/5 • Usability: 3.5/5 • Customer Support: 3/5 • Trustworthiness: 2/5 • Pricing: 2/5 | Pros | Cons |
✔️ Easy to use ✔️ Large number of features ✔️ Options for both small businesses and enterprises | ❌ Pricing might be a bit steep for smaller teams or if you want more features ❌ Fairly limited number of server locations ❌ Company’s servers have been breached in the past ❌ 14-day money-back guarantee is pretty small |
Who Should Use NordLayer?
NordLayer is a feature-rich, business-focused VPN and network access solution from the company behind two of the most popular VPNs in the consumer VPN market, NordVPN and Surfshark.
Consider NordLayer if your business meets one or more of the following criteria:
- Enterprises seeking to adopt a zero trust framework: Nord claims NordLayer is built with a zero trust strategy in mind, making it a good choice if you’re trying to implement zero trust in your own company.
- Teams looking for an easy-to-use business VPN: Whatever else you can say about it, NordLayer offers, on the user side at least, an intuitive UI setup. However, I wasn’t able to test the back-end features meant to be used by an IT security manager.
- Businesses that want many features on one platform: From its business VPN to access management to a firewall, NordLayer comes packed to the gills with enticing features. Getting all these features in one place for your business can make your IT manager’s life much easier.
Who Shouldn’t Use NordLayer?
NordLayer looks great on paper, but no product is flawless. Its steep prices and data breach history could make it a less-than-appealing option, depending on your company’s needs.
I wouldn’t recommend NordLayer if:
- You’re a small business on a strict budget: A business VPN can feel like something your small business needs to protect sensitive company data. However, business VPNs do not come cheap, and NordLayer is no exception, especially if you want more features than what the lowest tier offers.
- You care about how a company responds to data breaches: In 2018, NordLayer’s consumer-grade cousin NordVPN, along with TorGuard VPN and Viking VPN, was hacked by an 8chan user. The user did not come away with any sensitive information, and the breach only affected Nord’s single server. However, the company did not inform users of the breach until six months after they initially learned of it.
- You’re looking for a service with a generous free trial period: Business VPNs can be expensive and difficult to fit into your company’s pre-existing IT infrastructure. As such, you might prefer a service with a free trial or a generous money-back guarantee period. NordLayer’s 14-day money-back guarantee probably won’t give you the time you need to know if the product is right for your business or not, unfortunately.
NordLayer Pricing
NordLayer has three subscription tiers, with a fourth tier for enterprises that lets you choose which features you want a la carte. The three main tiers each have a 5-user minimum, while the Enterprise Offer requires you to have at least 50 users. The lowest-tiered plan, Lite, starts at $8 per user per month, while the Enterprise Offer starts at $7 per user per month. All subscriptions come backed by a 14-day money-back guarantee.
Lite | Core | Premium | Enterprise Offer | |
---|---|---|---|---|
Annual Billing Price | $8/user/month (5-user minimum) | $11/user/month (5-user minimum) | $14/user/month (5-user minimum) | Starts at $7/user/month (50-user minimum) |
Number of Devices per License | 6 | 6 | 6 | 6 |
Key Features | Session duration controls, multi-factor authentication, SSO, and 24/7 live and email support | Everything in Lite plus dedicated servers with fixed IP (for an extra $40/month), IP-based split-tunneling, DNS filtering, biometric login options, and server usage analytics | Everything in Core plus a browser extension, URL-based split tunneling (through a browser extension), and endpoint-to-endpoint file sharing | Everything in Lite plus customizable features from Core and Premium |
These prices are fairly standard for business VPNs, meaning it can get pricey for smaller businesses. The money-back guarantee does not give customers enough time to determine if the product fits their business. I’d prefer if NordLayer took a page out of its cousin NordVPN’s playbook and adopted a 30-day money-back guarantee to give companies more time to test the service before committing.
3 Key Features of NordLayer
Business VPN
NordLayer is, first and foremost, a VPN. While I couldn’t dig into the administrative side of the app, the user side of NordLayer is very similar to its sister product, NordVPN. As a VPN, Nord is fine. It’s easy enough to install and use, though its zero-trust framework gives users a couple of hurdles to jump over before finally connecting. The administrator has to confirm your final connection. I’d recommend sticking to the NordLynx protocol when using the service, as it easily outpaces the other supported VPN protocols within NordLayer for device performance.
Fixed IP on Dedicated Servers
While I personally wouldn’t recommend using fixed IPs with a VPN in most cases, some companies have found it useful to restrict user access to sensitive information to specific IP addresses in lieu of or in addition to traditional login credentials. As part of its Core, Premium, and Custom plans, NordLayer offers fixed IP on dedicated servers in the following locations, according to their webpage on the subject:
- Australia (Sydney)
- Austria (Vienna)
- Belgium (Brussels)
- Brazil (São Paulo)
- Canada (Vancouver, Montreal, Toronto)
- Colombia (Bogota)
- Cyprus
- Czech Republic (Prague)
- Denmark (Copenhagen)
- Estonia (Tallinn)
- Finland (Helsinki)
- France (Paris)
- Germany (Frankfurt)
- Greece (Athens)
- Hungary (Budapest)
- Ireland (Dublin)
- Italy (Milan)
- Japan (Tokyo)
- Latvia (Riga)
- Lithuania (Vilnius)
- Malaysia (Kuala Lumpur)
- Netherlands (Amsterdam)
- Norway (Oslo)
- Poland (Warsaw)
- Portugal (Lisbon)
- Romania (Bucharest)
- RSA (Johannesburg)
- Singapore (Singapore)
- South Korea (Seoul)
- Spain (Madrid)
- Sweden (Stockholm)
- Switzerland (Zurich)
- UK (London, Manchester)
- US (Boston, Seattle, Chicago, Los Angeles, New York, Dallas, Atlanta, Houston)
Built With Zero Trust in Mind
Zero trust network access (ZTNA) is a strategy that protects networks from threats. It emphasizes continuous verification of all users when accessing company resources, lowering the risk of harm a malicious actor can cause by granting all users only the bare minimum permissions needed to do their jobs. It also involves collecting evidence such as logs or behavioral data to track and monitor access to any sensitive resources.
This approach, while effective, can sometimes be difficult to manage, as it can require getting multiple different network security solutions with very different design philosophies to work together as a cohesive unit.
NordLayer’s wide range of access control and monitoring features make it a decent option for companies looking to implement or streamline their zero-trust strategy.
Should You Trust NordLayer?
Whether you’re an enterprise with 2,000 employees or a self-employed freelancer, trust should be a key decision factor when discussing any company you’re considering buying from. This is especially true for companies that sell cybersecurity products, as you often trust them with your data and digital safety.
In the case of a VPN provider like Nord, you’re trusting them with your Internet traffic and the access tunnels to your business’s sensitive data and resources instead of trusting your internet service provider.
In terms of trustworthiness, Nord scores low for me. The 2018 data breach, while seemingly minor in terms of impact on users, casts a shadow on the company for me. Waiting six months to inform users of the breach, and only after it was talked about on Twitter, is simply unacceptable from any company claiming to be good stewards of their users’ data.
I don’t think it’s unfair if you look at the situation and say, “Well, that was 6 years ago. They’ve had time to fix that issue, improve their security infrastructure, and take steps to improve how they communicate with users.”
However, I don’t believe companies, especially cybersecurity companies, deserve second chances when making mistakes like how Nord Security handled its data breach. Why should we potentially put our data at risk by giving a company a second chance when there are plenty of providers out there who haven’t been breached or who responded to their own breaches better than Nord did?
NordLayer Alternatives
NordLayer is just one of many VPN solutions out there for businesses to choose from. Here are a few more providers worth taking a look at.
ProtonVPN
I would probably recommend ProtonVPN’s business-focused options over NordLayer’s. On top of being cheaper, Proton, while not the most trustworthy VPN provider on the market, is more trustworthy than Nord while packing most of the same features. Outside of Proton’s custom-priced Enterprise subscription, NordLayer does have more dedicated server locations.
Mullvad VPN
While not the best choice for enterprise-level clients, small businesses and self-employed freelancers might find Mullvad an affordable and easy-to-use VPN. It’s one of the most trusted VPNs on the market as well, thanks in part to its unique account system, which means the company never has to store sensitive information like an email address or phone number. In terms of features, NordLayer has Mullvad beat, but if you just need a VPN to function like a VPN, I would go with Mullvad every time.
Perimeter 81
Perimeter 81 is more of a SASE solution than a business VPN, but its VPN component is solid. Its number of countries with server locations is lower than NordLayer’s, but I think the actual security features on display are more impressive, like the threat emulation add-on. The sheer quantity of add-ons Perimeter 81 has means it’ll probably be more expensive than NordLayer, however.
How I Evaluated NordLayer
Ultimately, VPNs as a product are about trust, which is why I assigned the highest weight to the Trustworthiness score instead of Core Features. You don’t need too many bells and whistles to make a viable VPN, and many VPNs share a lot of the same features. This homogenization of the market means it often matters more what a company does with your data or how it’s responded to past data breaches than what shiny features it has out of the box.
Evaluation Criteria
- Core Features (20%): Here, I search for the basic features every VPN needs to be a VPN. This includes split-tunneling, multi-factor authentication, and mobile app support.
- Score: 4/5
- Usability (15%): This section looks at how easy a product is to use and how accessible its technical documentation is, as well as how easy it is to report bugs and the like.
- Score: 3.5/5
- Customer Support (10%): For customer support, I highlight the various customer support options available to users, particularly the presence of real human customer support agents in lieu of chatbots.
- Score: 3/5
- Trustworthiness (40%): When you use a VPN, you effectively trust that provider with your Internet traffic in lieu of trusting your internet service provider. So, I always try to look for how a company has treated its user data in the past. This can include data breach history or if the company has been caught selling user data in the past, among other transgressions.
- Score: 2/5
- Pricing (15%): Finally, I look at a VPN’s various pricing plans and compare these plans to competitors. I also consider the availability of a free trial or a generous money-back guarantee policy.
- Score: 2/5
Bottom Line: NordLayer Is an Easy-to-Use Business VPN With Some Nice Security Features
While I have concerns with how Nord Security has handled past breaches and how they’ve informed users, I understand that many potential customers will be more forgiving of something that happened six years ago. Ignoring the 2018 breach, NordLayer is a fine choice for a business VPN. While expensive, the sheer number of features and easy-to-use interface make it a solid enough choice for businesses looking to enhance their cybersecurity strategy.