Twingate Review 2024 - Is it Safer for Businesses than a VPN?

Twingate is a relatively new VPN alternative that uses a zero-trust model, and keeps your business and personal traffic separate. It’s not a VPN, and I quickly learned that Twingate is an entirely different tool. It allows you to set up secured proxy access to your organization's online resources, invisible to the rest of the internet.

The access is centrally managed, based on user-identity authentication via SSO and 2FA. This presents a more secure means of remotely accessing business infrastructure than your standard IP-based access. You can easily enable granular access for your employees throughout the world, and it offers similar levels of encryption and protection from hackers that you expect from a VPN.

However, it seems that by adopting this model you may be missing out on things that you may expect from a typical business VPN. From kill switches to the ability to bypass geoblocks, you may struggle to accomplish tasks you easily manage with a VPN. Currently there’s no port-access either to easily add temporary access when needed.

I had a good look at Twingate’s features to see if it’s a good substitute for a business VPN — it may not suit all companies.

Try Twingate Risk-Free Now!

Speeds — Segregates Personal High-Speed Traffic

Twingate could be faster overall than traditional business VPNs, as it uses split-tunnelling to segregate your personal and business traffic. This means that only items specifically designated as a business resource will go through Twingate. So, anything that doesn’t need to be access controlled by your corporation is not routed. This refers to streaming, video calling, and even gaming — if it’s not part of your corporation, it won’t be routed. This means your speeds won’t be affected by Twingate.

Thanks to split-tunnelling, you don’t need to disconnect to improve speeds

With a regular VPN, you’d first need to connect to a location next to the local network you need to access. If you’re in a different part of the world, it would take a long time for your information to be encrypted and transmitted. Twingate eliminates the need to connect to a faraway server, and disconnect for some activities. Just don’t expect the added benefit of accessing geo-blocked content like certain streaming sites, or torrenting, for example — this isn’t designed for that.

It’s impossible to gather a speed-test result from traditional sites like Ookla while actually accessing a business resource through Twingate, because Ookla itself won’t be designated as your business resource. Normally, encryption will lower speeds a little bit, but you’re unlikely to be significantly affected by this unless you’re downloading huge amounts of data.

Server Network — Centrally Managed User Access

Twingate doesn’t have a traditional VPN network. Instead, it allows you to access your business resources through a proxy connection. This could be files, servers, or a gateway, for example.

The twingate setup is more complicated than a traditional VPN

It works with 4 main components. The Twingate app detects the requirement for business resource access and forwards the request to the controller, where the user’s permissions are verified. This is then forwarded to the connector which ensures the connection is genuine (resolving the DNS request), and enables TLS encrypted access to the business resource via the relay.

If the files you’re trying to access are a defined business resource, the controller will grant you access to it. However, if you’re trying to access a website that’s normally available, you’ll be able to access it without going through the relay.

Your IP address changes only when you access business resources on the connector, as Twingate establishes a proxy connection to it. This means you could be anywhere in the world, but still appear to be sitting in the office whenever you need secure access to business material.

If this sounds overly complicated and you’d rather explore more familiar VPN setups, have a look at these top business providers.

Security — Differs From a Business VPN

Twingate operates on a zero-trust network, and uses application-level filters for user-identity-based authentication — not network-level. This means that whenever you access a resource, you’ll only be given access to that file, not the entire network. In case of a security breach, only that specific resource would be compromised.

The system administrator gives granular permissions, so that only specific groups of people or individuals can access a certain resource. This is a very helpful management tool, as one app allows you to control the entire network. It’s significantly more straightforward than trying to achieve this with a traditional VPN.

Authentication is achieved using SSO methods like Okta and Google. Not only is this a well-protected account but it allows for second factor authentication. Twingate uses native 2FA functionality so you can make use of this extra layer of safety even if your SSO doesn’t natively have it.

Your business resources are invisible with no internet-facing gateway, with the obvious exception of those who have access to the network. Split tunneling always ensures defined business traffic passes through Twingate, regardless of where you are — on hotel WiFi, a cafe, or at home.

I contacted Twingate to confirm the type of encryption used. While data is being transferred, it is secured via SSL/TLS. When the data is at rest, it is protected by Google cloud services featuring AES-256 encryption, with symmetric keys. Data keys are encrypted using a regularly changed master key, stored in a secure keystore.

You might miss certain features associated with standard business VPNs, like a kill-switch to ensure that everything goes through an encrypted tunnel without exception. With Twingate, it’s down to the business to decide what does. There might be a business need to routinely change IP addresses to certain locations, too.

Privacy — Collects Data but Separates Personal Traffic

Twingate does collect some of your information. Mostly this is standard information needed to set up your account, or for diagnostic purposes. Some of it is voluntary but the ways that Twingate might use it is spelled out clearly in the privacy policy.

You can find the privacy policy easily and it spells out what happens to your data

With its many integrations, it's important to note that Twingate will collect data from the third-party applications that you use in conjunction with it. However, it is not capable of reading data that is not routed through it, meaning it won't record your personal activities, like video calls or instant messages, which are not going through its network.

However, it is based in the US which is a member of the 5 Eyes Alliance. Although Twingate says it will fight any demands for your data, this does mean that your data could potentially be claimed by any member countries. If this is a concern, take a look at these standard VPNs with solid privacy policies.

Does Twingate Work in China? Yes

Twingate support confirmed that it will work in China. This is good news if you have employees located there that need to access essential business resources. It will be as if they’re in the office as usual.

Simultaneous Device Connections — Unlimited Depending on Plan

The basic plan allows up to 5 simultaneous device connections. This is per user, and allows up to 50 users. The business plan lets you increase the number of users to 150 though the device limit stays at 5.

However, if you need more than this you can choose the bespoke enterprise account which allows unlimited device connections (as well as unlimited users).

Device Compatibility — Works with all Major Platforms

Twingate works with all the most popular platforms, including Windows, Mac, Android, iOS, Linux, and Chrome OS.