The different ways to securely connect your business across multiple locations

30 Jun 2026, by Micron21

The way that organisations work has changed dramatically over the past few years.  Where once the norm was for everyone to work out of a single office, more and more businesses now find themselves needing to operate across multiple premises.  For some, this means a smaller team spread across a few coworking spaces around the city.  For others, it's the result of embracing a hybrid working arrangement, with staff splitting their time between home and the office.  And for many, it's simply a matter of growth – expanding into new sites, new states, or even new countries as the business gets bigger.

Whatever the reason, the common thread is that the people, systems, and data that make up your organisation are no longer all sitting in the one place.  And once that happens, those locations need to be able to talk to one another – sharing files, accessing centralised systems, and communicating back and forth as if everyone were still under the one roof.  The trouble is, the moment that communication leaves the four walls of a single office, it becomes something that needs to be carefully protected.

There are multiple different approaches you can take to secure that communication, each with their own benefits and trade-offs, which is exactly what we'll be covering in this month's blog.

Why securing your communication is important

When people think about cybersecurity, they often focus on protecting the systems themselves – locking down servers, patching software, and putting firewalls in place.  And whilst all of this is absolutely essential, it's only one half of the equation.  Just as important as the security of your systems, is the security of the communication between your computers and those systems.

To understand why, consider this.  You could have all the security in the world deployed on your systems – the strongest passwords, the latest patches, and the most sophisticated firewalls – but if the connection between your staff and those systems is left open for anyone in the middle to view, then all of that protection counts for very little.  Those "middle-men" are able to simply watch the communication as it flows past, scoop up whatever credentials are being sent, and then waltz right in through the front door using those very same details.

It's a bit like withdrawing money from an ATM with someone looking over your shoulder.  If they're able to see you enter your PIN, then that PIN does absolutely nothing to protect your account – no matter how clever or hard to guess it might be.  In fact, the situation with your systems is arguably even worse.  With the ATM, the person looking over your shoulder would still need your physical card to actually get your money.  But with the kind of interception we're talking about here, all an attacker needs is the credentials they've managed to steal in transit, and from there on they can potentially gain access to everything!

What is a man-in-the-middle attack?

The type of attack described above is known as a "man-in-the-middle" attack.  At a high level, man-in-the-middle attacks are where a malicious actor positions themselves between you and the system you're communicating with, allowing them to secretly view – or even modify – the information as it travels back and forth.  Crucially, this all happens without your knowledge, so to you everything appears to be working completely normally, even as your data is being intercepted!

Securing your communications is, in effect, all about preventing these sorts of attacks from being possible in the first place.

The good news is that things have improved dramatically compared to how they were during the years gone by.  One of the biggest improvements has been the rise of SSL (and its successor, TLS) becoming the default across all modern web browsers.  SSL – which stands for Secure Sockets Layer – is the technology responsible for the little padlock you see in your browser's address bar, encrypting the connection between your device and the website you're visiting so that it can't be read by anyone in the middle.

For much of the early life of the web, encrypted connections were the exception rather than the rule.  They were generally reserved for things like online banking and checkout pages, whilst the vast majority of everyday browsing happened in the clear, over unencrypted "HTTP" connections.  That began to change in earnest over the last decade, as browser makers, certificate authorities, and projects offering free certificates worked together to push the entire web toward encryption by default.  Browsers started actively flagging unencrypted sites as "Not Secure", search engines began favouring secure sites in their rankings, and the friction and cost involved in obtaining a certificate dropped away almost entirely.  The result is that today, an encrypted connection is the expectation rather than the exception – and a site without one looks distinctly out of place.

However,simply relying on SSL is not all you should be doing.  Whilst SSL does an excellent job of protecting the connection to an individual website or service, it doesn't protect everything flowing between your locations, and it doesn't address the underlying network that those communications travel over.  Hence, to properly protect the traffic between your sites, you should also be looking to send that communication over secure networking channels – as this ensures that no rogue or malicious actor sitting on the network in between ever has the opportunity to intercept things in the first place.

The different methods and technologies that can be used to secure your communications

So, with all of this in mind, what are the actual options available to you when it comes to securely connecting your locations?  Below we'll walk through three of the most common approaches  - Dark fibre connections;  Ethernet Access (EA) and Ethernet over NBN (EoNBN) services; and VPN services - explaining along the way where each solution shines and where it can fall short.

Dark Fibre connection

In terms of security, at the very top end of solutions, sits dark fibre connections.  Dark fibre refers to a dedicated, physical fibre-optic connection running directly between two of your locations, used exclusively by your organisation.  The "dark" in the name comes from the fact that the fibre carries no light – and therefore no data – until you light it up with your own equipment.

Because it's a dedicated physical link that only you have access to, dark fibre is about as secure as it gets.  It allows you to rest easy knowing that the communication between your two locations is genuinely private, with only your organisation – and anyone you choose to trust with the management of your infrastructure – ever having access to those systems and the data flowing between them.

It does, however, come with some significant caveats.  Firstly, dark fibre is a one-to-one solution, connecting one location to another.  This makes it a wonderful option for joining, say, a head office to a nearby data centre, but a wholly impractical and far too expensive one if you have lots of staff working across many different locations.  Secondly, because you're lighting the fibre yourself, it requires you to manage the networking infrastructure on each end of the connection – which is something not every organisation is equipped to do.  And finally, a single dark fibre run has no built-in redundancy, meaning that if that physical path is ever disrupted, your connection goes down with it, unless you've separately invested in a second, diverse path.

It's not all caveats though – beyond the security benefits, dark fibre also offers some genuinely impressive performance advantages.  Because the connection is dedicated entirely to you, you're not sharing bandwidth or contending with anyone else's traffic.  This translates into extremely high speeds, consistently low latency, and the ability to scale the capacity of the link as your needs grow, all without the variability you'd experience on a shared connection.

Ethernet Access (EA) and Ethernet over NBN (EoNBN) services

Sitting one step further along from dark fibre is the Ethernet Access (EA) and Ethernet over NBN (EoNBN) type of solutions.  The easiest way to think about these is as a kind of "virtual fibre" running between your locations.  You still get a private, point-to-point connection between your sites, but rather than running and lighting your own physical fibre, the connection is delivered to you as a managed service over a provider's network.

The big advantage of this approach is that it offloads the management of the underlying networking infrastructure away from you and onto your provider.  You no longer need to worry about lighting fibre or maintaining the equipment at each end of the link – because this is all handled for you.  On top of that, these services typically come with built-in redundancy, so should a fault occur somewhere along the path, traffic can be automatically rerouted to keep your connection up and running.

The trade-off, much like with dark fibre, is that this is still fundamentally a one-to-one solution.  It's excellent for reliably joining a fixed set of premises together, but it remains impractical for connecting large numbers of remote or mobile staff back into a centralised location – both from a pricing perspective and from an implementation one.  Provisioning a dedicated point-to-point link to every employee's home simply isn't realistic!

VPN services

Which brings us to the third option – the Virtual Private Network, or VPN.  Unlike the two solutions mentioned above, a VPN is the only one of the three that's specifically designed to work over the open internet.

When we say "the open internet", we're referring to the vast, shared, public network that connects devices all around the world – the same network you use every day to browse websites, send emails, and stream videos.  It's "open" in the sense that it isn't a private path reserved for you - as your traffic shares the same infrastructure as everyone else's, passing through equipment owned and operated by countless different parties along the way.

This characteristic comes with an obvious disadvantage.  Because your traffic is travelling across this shared, public network, you don't get the same inherent security or the same guarantees around protected communication that a dedicated line like dark fibre or an EA/EoNBN service would provide.  There's no private physical path keeping everyone else out.

But it also comes with a very significant advantage – flexibility.  With a VPN, any staff member, from any network, anywhere, is able to securely connect in and access your systems regardless of whichever internet connection they happen to be on at the time. Whether they're working from home, from a café, from a hotel on the other side of the country, or from a coworking space - they can establish that secure connection back to your central systems.  For organisations with a hybrid workforce or staff scattered across many locations, that flexibility is invaluable, and it's something the dedicated point-to-point options simply can't offer at scale.

So how does a VPN provide security if it's running across the open internet?  The answer is cryptography.  Rather than relying on the physical protection offered by a private, dedicated line, a VPN protects your communication using encryption.  It creates an encrypted "tunnel" between the staff member's device and your network, scrambling the data so that even though it's travelling across the public internet, anyone who manages to intercept it sees nothing but unreadable gibberish.  In other words, where dark fibre keeps attackers out by giving them no physical path to your data, a VPN assumes the path is shared and instead makes the data itself useless to anyone without the keys to unlock it.

One thing we'd strongly note is that with any VPN solution, we always recommend pairing it with multi-factor authentication (MFA).  Whilst the encryption protects your data in transit, MFA protects the access to the VPN itself, by requiring a second proof of identity – such as a code from an app or a hardware token – on top of the usual username and password.

The reason we stress this so heavily is that a lack of MFA has proven to be one of the single biggest vulnerabilities behind many of the largest cyberattacks in recent memory.  You don't have to look far for a sobering example either.  The 2022 breach of Medibank – one of Australia's largest private health insurers – ultimately stemmed from this very issue.  In that incident, attackers obtained the login credentials of a third-party IT contractor and used them to authenticate to Medibank's corporate VPN. 

The reason they were able to do so with nothing more than a stolen username and password was that, at the time, their VPN didn't require multi-factor authentication.  From there, the attackers were able to move through the network and exfiltrate the personal information of around 9.7 million current and former customers, which was later leaked on the dark web.  Had MFA been enforced on that VPN, those stolen credentials alone would very likely not have been enough to get in.

For those interested in reading more about why MFA is so important and how it works, we've covered the topic in detail in our Why Multi-Factor Authentication (MFA) is Essential for Your Business Security article.

Summary

As we've covered, securing the communication that flows between your locations is every bit as important as securing the systems at either end.  All the protection in the world deployed on your servers means very little if the connection to them is left open for someone in the middle to read – because at that point, an attacker doesn't need to break in, they can simply walk in using the credentials they've watched go past.

When it comes to protecting that communication, there are a few main approaches to choose from, each with their own strengths and weaknesses:

• Dark fibre offers the highest level of security through a dedicated physical connection that's used by you alone, along with excellent speed and low latency.  However, it's a one-to-one solution that can become very expensive across many sites, requires you to manage the infrastructure at each end, and has no built-in redundancy on its own.
• Ethernet Access (EA) and Ethernet over NBN (EoNBN) services provide a kind of "virtual fibre" – a private point-to-point connection that offloads the management of the infrastructure onto your provider and comes with built-in redundancy.  Like dark fibre though, it remains a one-to-one solution, making it impractical for connecting large numbers of remote staff.
• VPNs are the only option designed to work across the open internet, using encryption rather than physical isolation to keep your data secure.  This makes VPNs incredibly flexible, allowing staff to connect securely from anywhere, but it does mean you forgo the inherent guarantees of a dedicated line.  For this reason, we always strongly advise pairing any VPN with multi-factor authentication.

Choosing the right approach – or more often than not, the right combination of approaches – comes down to the specifics of your organisation: how many locations you have, how your staff work, what level of performance and security you need, and what budget you have to work with.

This is exactly where we can help.  We're able to provide and fully manage any of the solutions discussed above. Just as importantly, we can offer honest advice on which solution (or mix of solutions) would work best for your particular situation.  Whether you need a dedicated link between two sites, a flexible VPN setup for a distributed team, or something in between, we can design, implement, and look after it for you.

Have any questions about securing communication between your locations?

If you have any questions about how to securely connect your offices and staff – or about improving your organisation's cybersecurity posture more generally – let us know! 

We're more than happy to have a chat about your setup and help you work out the best way forward.

You can call us on 1300 769 972 (Option #1) or reach us via email at sales@micron21.com