NordVPN is looking to upgrade the security of its services by announcing the addition of a colocated server farm in its infrastructure. That would be a Finland-based server network that is fully owned, maintained, and managed by NordVPN.
This means the VPN company has total control over that infrastructure, configuring it for speed and security. These servers are diskless and keep no user logs, but NordVPN will still encourage its bug bounty program participants to try and discover any cybersecurity issues on its colocated servers.
This is just the beginning of a total infrastructural overhaul that NordVPN is going for, and the company promised to add a lot more servers under its direct ownership before the end of 2020. So, this project will move forward quickly and it isn’t just a crawling experiment that will have to be slowly evaluated. After all, the benefits of owning and operating the servers you use for your VPN service are clear already, so there’s not much to dig into this.
Back in October 2019, NordVPN paid the price of trusting a third-party data center provider who failed to secure its servers properly. Someone gained root access to one of the containers and could have launched NordVPN server clones to steal sensitive user internet traffic data. The company assured the public that this didn’t happen, so hackers intercepted no user data, but user trust damage was an undeniable reality.
This event proved that NordVPN could now blindly trust third-party data centers, and scrutinizing the security of the thousands of the servers they rent from these providers is next to impossible. So the only solution remains to set up and run your own server network, which is an expensive option that we don’t see in many VPN providers today.
Simply put, when a VPN service provider claims they don’t log any user data, it doesn’t mean much if they don’t own the servers. That is because a VPN’s policy doesn’t apply to the owner of the server, but the hypocrisy can serve the business of the company nonetheless. Of course, we’re not saying that all third-party datacenters engage in malicious data interception, but some of them could be.
Apart from the data’s privacy, NordVPN will soon be able to offer more stable and consistent performance, scheduling maintenance and upgrades when it suits them, fixing problems quicker, and balancing their service loads based on concrete knowledge of the true abilities of its server network.