Twingate is a relatively new VPN alternative that uses a zero-trust model, and keeps your business and personal traffic separate. It’s not a VPN, and I quickly learned that Twingate is an entirely different tool. It allows you to set up secured proxy access to your organization’s online resources, invisible to the rest of the internet.
The access is centrally managed, based on user-identity authentication via SSO and 2FA. This presents a more secure means of remotely accessing business infrastructure than your standard IP-based access. You can easily enable granular access for your employees throughout the world, and it offers similar levels of encryption and protection from hackers that you expect from a VPN.
However, it seems that by adopting this model you may be missing out on things that you may expect from a typical business VPN. From kill switches to the ability to bypass geoblocks, you may struggle to accomplish tasks you easily manage with a VPN. Currently there’s no port-access either to easily add temporary access when needed.
I had a good look at Twingate’s features to see if it’s a good substitute for a business VPN — it may not suit all companies.
Short on Time? Here Are My Key Findings
- Zero-trust network with tight security. Twingate employs robust security measures like AES-256 encryption and SSL/TLS protocols, and is based on a zero-trust model. Employees gain secure access via user-identity-based authentication measures, like SSO and 2FA.
- Collects some data. Mostly used for analytical purposes, and down to the nature of trusting Twingate with your business infrastructure. It’s based in an Eyes Alliance territory, but your personal web traffic is segregated.
- Won’t slow down personal traffic. Twingate uses split-tunneling so you won’t experience any slowdowns on traffic that isn’t designated as a business resource. You could be making a business video call or streaming a video without any encryption-related speed reductions.
- Centrally managed user access. Twingate sends any traffic you have allocated as being linked to a business resource, gateway, or server through its controller. You don’t connect to specific server locations like a traditional VPN.
- Limited hours of customer support. The live chat feature isn’t always available, which could slow you down if your company experiences access issues.
- Up to unlimited device connections. While the basic plan allows 5 simultaneous connections, this can be upgraded to unlimited. The top package can be tailored to fit your business access needs.
- Free trial. Twingate offers a 14-day trial, offering you the chance to test out Twingate’s suitability for your business totally free.
- Works with major platforms. Windows, Mac, Android, iOS, Linux, and Chrome OS. More information below.
- Plans are more suited to larger businesses. If you have a small company, the cost per user may not be as easy to justify.
Twingate Features — Updated in November 2021
| 💸 Price | $5/month |
| 📆 Money Back Guarantee | 14 |
| 📝 Does VPN keep logs? | No |
| 🖥 Number of servers | 10 |
| 💻 Number of devices per license | 5 |
| 🛡 Kill switch | Yes |
| 🗺 Based in country | United States |
| 🛠 Support | Via Email |
| 📥 Supports torrenting | No |
Speeds — Segregates Personal High-Speed Traffic
Twingate could be faster overall than traditional business VPNs, as it uses split-tunnelling to segregate your personal and business traffic. This means that only items specifically designated as a business resource will go through Twingate. So, anything that doesn’t need to be access controlled by your corporation is not routed. This refers to streaming, video calling, and even gaming — if it’s not part of your corporation, it won’t be routed. This means your speeds won’t be affected by Twingate.
Thanks to split-tunnelling, you don’t need to disconnect to improve speeds
With a regular VPN, you’d first need to connect to a location next to the local network you need to access. If you’re in a different part of the world, it would take a long time for your information to be encrypted and transmitted. Twingate eliminates the need to connect to a faraway server, and disconnect for some activities. Just don’t expect the added benefit of accessing geo-blocked content like certain streaming sites, or torrenting, for example — this isn’t designed for that.
It’s impossible to gather a speed-test result from traditional sites like Ookla while actually accessing a business resource through Twingate, because Ookla itself won’t be designated as your business resource. Normally, encryption will lower speeds a little bit, but you’re unlikely to be significantly affected by this unless you’re downloading huge amounts of data.
Get Started With Twingate Today!
Server Network — Centrally Managed User Access
Twingate doesn’t have a traditional VPN network. Instead, it allows you to access your business resources through a proxy connection. This could be files, servers, or a gateway, for example.
The twingate setup is more complicated than a traditional VPN
It works with 4 main components. The Twingate app detects the requirement for business resource access and forwards the request to the controller, where the user’s permissions are verified. This is then forwarded to the connector which ensures the connection is genuine (resolving the DNS request), and enables TLS encrypted access to the business resource via the relay.
If the files you’re trying to access are a defined business resource, the controller will grant you access to it. However, if you’re trying to access a website that’s normally available, you’ll be able to access it without going through the relay.
Your IP address changes only when you access business resources on the connector, as Twingate establishes a proxy connection to it. This means you could be anywhere in the world, but still appear to be sitting in the office whenever you need secure access to business material.
If this sounds overly complicated and you’d rather explore more familiar VPN setups, have a look at these top business providers.
Security — Differs From a Business VPN
Twingate operates on a zero-trust network, and uses application-level filters for user-identity-based authentication — not network-level. This means that whenever you access a resource, you’ll only be given access to that file, not the entire network. In case of a security breach, only that specific resource would be compromised.
The system administrator gives granular permissions, so that only specific groups of people or individuals can access a certain resource. This is a very helpful management tool, as one app allows you to control the entire network. It’s significantly more straightforward than trying to achieve this with a traditional VPN.
Authentication is achieved using SSO methods like Okta and Google. Not only is this a well-protected account but it allows for second factor authentication. Twingate uses native 2FA functionality so you can make use of this extra layer of safety even if your SSO doesn’t natively have it.
Your business resources are invisible with no internet-facing gateway, with the obvious exception of those who have access to the network. Split tunneling always ensures defined business traffic passes through Twingate, regardless of where you are — on hotel WiFi, a cafe, or at home.
I contacted Twingate to confirm the type of encryption used. While data is being transferred, it is secured via SSL/TLS. When the data is at rest, it is protected by Google cloud services featuring AES-256 encryption, with symmetric keys. Data keys are encrypted using a regularly changed master key, stored in a secure keystore.
You might miss certain features associated with standard business VPNs, like a kill-switch to ensure that everything goes through an encrypted tunnel without exception. With Twingate, it’s down to the business to decide what does. There might be a business need to routinely change IP addresses to certain locations, too.
Privacy — Collects Data but Separates Personal Traffic
Twingate does collect some of your information. Mostly this is standard information needed to set up your account, or for diagnostic purposes. Some of it is voluntary but the ways that Twingate might use it is spelled out clearly in the privacy policy.
You can find the privacy policy easily and it spells out what happens to your data
Considering Twingate’s many integrations, it’s important to mention that it will also receive information from the 3rd party apps you may be using with it. However, it can’t read data that’s not routed through it. This means that it won’t log any of your usual personal traffic, such as video calls and instant messages.
However, it is based in the US which is a member of the 5 Eyes Alliance. Although Twingate says it will fight any demands for your data, this does mean that your data could potentially be claimed by any member countries. If this is a concern, take a look at these standard VPNs with solid privacy policies.
Does Twingate Work in China? Yes
Twingate support confirmed that it will work in China. This is good news if you have employees located there that need to access essential business resources. It will be as if they’re in the office as usual.
Get Started With Twingate Today!
Simultaneous Device Connections — Unlimited Depending on Plan
The basic plan allows up to 5 simultaneous device connections. This is per user, and allows up to 50 users. The business plan lets you increase the number of users to 150 though the device limit stays at 5.
However, if you need more than this you can choose the bespoke enterprise account which allows unlimited device connections (as well as unlimited users).
Device Compatibility — Works with all Major Platforms
Twingate works with all the most popular platforms, including Windows, Mac, Android, iOS, Linux, and Chrome OS.
