Twingate is a relatively new VPN alternative that uses a zero-trust model, and keeps your business and personal traffic separate. It’s not a VPN, and I quickly learned that Twingate is an entirely different tool. It allows you to set up secured proxy access to your organization's online resources, invisible to the rest of the internet.
The access is centrally managed, based on user-identity authentication via SSO and 2FA. This presents a more secure means of remotely accessing business infrastructure than your standard IP-based access. You can easily enable granular access for your employees throughout the world, and it offers similar levels of encryption and protection from hackers that you expect from a VPN.
However, it seems that by adopting this model you may be missing out on things that you may expect from a typical business VPN. From kill switches to the ability to bypass geoblocks, you may struggle to accomplish tasks you easily manage with a VPN. Currently there’s no port-access either to easily add temporary access when needed.
I had a good look at Twingate’s features to see if it’s a good substitute for a business VPN — it may not suit all companies.
Try Twingate Risk-Free Now!
Short on Time? Here Are My Key Findings
- Zero-trust network with tight security. Twingate employs robust security measures like AES-256 encryption and SSL/TLS protocols, and is based on a zero-trust model. Employees gain secure access via user-identity-based authentication measures, like SSO and 2FA.
- Collects some data. Mostly used for analytical purposes, and down to the nature of trusting Twingate with your business infrastructure. It’s based in an Eyes Alliance territory, but your personal web traffic is segregated.
- Won’t slow down personal traffic. Twingate uses split-tunneling so you won’t experience any slowdowns on traffic that isn’t designated as a business resource. You could be making a business video call or streaming a video without any encryption-related speed reductions.
- Centrally managed user access. Twingate sends any traffic you have allocated as being linked to a business resource, gateway, or server through its controller. You don’t connect to specific server locations like a traditional VPN.
- Limited hours of customer support. The live chat feature isn’t always available, which could slow you down if your company experiences access issues.
- Up to unlimited device connections. While the basic plan allows 5 simultaneous connections, this can be upgraded to unlimited. The top package can be tailored to fit your business access needs.
- Free trial. Twingate offers a 14-day trial, offering you the chance to test out Twingate’s suitability for your business totally free.
- Works with major platforms. Windows, Mac, Android, iOS, Linux, and Chrome OS. More information below.
- Plans are more suited to larger businesses. If you have a small company, the cost per user may not be as easy to justify.
Twingate Features — 2024 Update
Does VPN keep logs?
Number of servers
Based in country
Speeds — Segregates Personal High-Speed Traffic
Twingate could be faster overall than traditional business VPNs, as it uses split-tunnelling to segregate your personal and business traffic. This means that only items specifically designated as a business resource will go through Twingate. So, anything that doesn’t need to be access controlled by your corporation is not routed. This refers to streaming, video calling, and even gaming — if it’s not part of your corporation, it won’t be routed. This means your speeds won’t be affected by Twingate.
Thanks to split-tunnelling, you don’t need to disconnect to improve speeds
With a regular VPN, you’d first need to connect to a location next to the local network you need to access. If you’re in a different part of the world, it would take a long time for your information to be encrypted and transmitted. Twingate eliminates the need to connect to a faraway server, and disconnect for some activities. Just don’t expect the added benefit of accessing geo-blocked content like certain streaming sites, or torrenting, for example — this isn’t designed for that.
It’s impossible to gather a speed-test result from traditional sites like Ookla while actually accessing a business resource through Twingate, because Ookla itself won’t be designated as your business resource. Normally, encryption will lower speeds a little bit, but you’re unlikely to be significantly affected by this unless you’re downloading huge amounts of data.
Server Network — Centrally Managed User Access
Twingate doesn’t have a traditional VPN network. Instead, it allows you to access your business resources through a proxy connection. This could be files, servers, or a gateway, for example.
The twingate setup is more complicated than a traditional VPN
It works with 4 main components. The Twingate app detects the requirement for business resource access and forwards the request to the controller, where the user’s permissions are verified. This is then forwarded to the connector which ensures the connection is genuine (resolving the DNS request), and enables TLS encrypted access to the business resource via the relay.
If the files you’re trying to access are a defined business resource, the controller will grant you access to it. However, if you’re trying to access a website that’s normally available, you’ll be able to access it without going through the relay.
Your IP address changes only when you access business resources on the connector, as Twingate establishes a proxy connection to it. This means you could be anywhere in the world, but still appear to be sitting in the office whenever you need secure access to business material.
If this sounds overly complicated and you’d rather explore more familiar VPN setups, have a look at these top business providers.
Security — Differs From a Business VPN
Twingate operates on a zero-trust network, and uses application-level filters for user-identity-based authentication — not network-level. This means that whenever you access a resource, you’ll only be given access to that file, not the entire network. In case of a security breach, only that specific resource would be compromised.
The system administrator gives granular permissions, so that only specific groups of people or individuals can access a certain resource. This is a very helpful management tool, as one app allows you to control the entire network. It’s significantly more straightforward than trying to achieve this with a traditional VPN.
Authentication is achieved using SSO methods like Okta and Google. Not only is this a well-protected account but it allows for second factor authentication. Twingate uses native 2FA functionality so you can make use of this extra layer of safety even if your SSO doesn’t natively have it.
Your business resources are invisible with no internet-facing gateway, with the obvious exception of those who have access to the network. Split tunneling always ensures defined business traffic passes through Twingate, regardless of where you are — on hotel WiFi, a cafe, or at home.
I contacted Twingate to confirm the type of encryption used. While data is being transferred, it is secured via SSL/TLS. When the data is at rest, it is protected by Google cloud services featuring AES-256 encryption, with symmetric keys. Data keys are encrypted using a regularly changed master key, stored in a secure keystore.
You might miss certain features associated with standard business VPNs, like a kill-switch to ensure that everything goes through an encrypted tunnel without exception. With Twingate, it’s down to the business to decide what does. There might be a business need to routinely change IP addresses to certain locations, too.
Privacy — Collects Data but Separates Personal Traffic
With its many integrations, it's important to note that Twingate will collect data from the third-party applications that you use in conjunction with it. However, it is not capable of reading data that is not routed through it, meaning it won't record your personal activities, like video calls or instant messages, which are not going through its network.
However, it is based in the US which is a member of the 5 Eyes Alliance. Although Twingate says it will fight any demands for your data, this does mean that your data could potentially be claimed by any member countries. If this is a concern, take a look at these standard VPNs with solid privacy policies.
Does Twingate Work in China? Yes
Twingate support confirmed that it will work in China. This is good news if you have employees located there that need to access essential business resources. It will be as if they’re in the office as usual.
Simultaneous Device Connections — Unlimited Depending on Plan
The basic plan allows up to 5 simultaneous device connections. This is per user, and allows up to 50 users. The business plan lets you increase the number of users to 150 though the device limit stays at 5.
However, if you need more than this you can choose the bespoke enterprise account which allows unlimited device connections (as well as unlimited users).
Device Compatibility — Works with all Major Platforms
Twingate works with all the most popular platforms, including Windows, Mac, Android, iOS, Linux, and Chrome OS.
Installation & Apps
Set-Up & Installation — IT Specialist Knowledge Recommended
Initial set-up requires a few extra steps from the account admin, firstly by choosing a sign-in method: Google, GitHub, Microsoft, or LinkedIn.
Chances are your business will be using one of these sign-in methods already
Next the domain name needs to be established. This will be the name new users log in with when they’re first getting connected to the network.
You can choose any domain name, so long as it’s not already taken
Once you sign up you are immediately redirected to a streamlined dashboard, where you are given the option to try the product, it even offers a calendar to set up a time. I had an automated message from customer support outlining what to do next.
I added my network (Google Cloud), and then set up the connector. The network administrator setting this up should have relatively high-level IT knowledge — the connector is deployed using command lines with Azure, Helm, or Docker. However, there are installation guides and support on hand if you need it.
Some steps may require experienced IT personnel to complete the setup process
Then it’s just a case of adding your resources, and adding any new users via their email address. There is currently no port-level access, but this is all part of the approach of a super-secure zero-trust network. Whenever you access a business resource now, so long as it’s been defined it will be just as easy to access as if you were physically in the office (if you have one).
Twingate’s pricing is perhaps more suited to those with larger businesses. It has two standard plans to choose from as well as a bespoke enterprise plan. The most affordable “Teams” plan is 0/month monthly, and allows up to 50 users to connect 5 simultaneous devices, with 5 remote networks.
A more expensive “Business” plan upgrades the amount of users to 150, allows 10 remote networks, and adds resource-level access control — though the number of devices per user stays the same.
The Enterprise account allows you to fully customize a plan that works for your company’s specific requirements. This can give you access to extra features such as unlimited devices and users, network analytics, secure service accounts, and priority support.
Both the Teams and Business plans allow you to try out Twingate with your business for free, using the 14-day free trial.
Credit cards are typically the only payment method available, though Enterprise account subscribers can request other methods.
If you have a sizable business, you’ll probably find these prices to represent good value for money. Whereas, if you’re a small business with only a few team members, a traditional premium VPN like ExpressVPN might be worth considering.
We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.