Assuming my employees only access cloud resources provided by big cloud providers do I need any type of VPN? Any real data is already encrypted end to end with TLS. The question is do I care if someone packet sniffing on a network can find DNS records and other metadata from company laptop traffic that TLS doesn't encrypt for obvious reasons?