Death Of The VPN: A Security Eulogy
BVS 8-30-22 RIP VPN 1996-2022

Death Of The VPN: A Security Eulogy

Trust can be a hard thing to come by in this world but in the world of cybersecurity, trust is virtually non-existent, or at least it should be. VPNs got us all from crawling to walking in the early days of the internet, but security needs have outpaced VPNs’ abilities to deliver true security and privacy for users and organizations so we now look to more advanced solutions to keep us cybersafe.

Back in 1996, a Microsoft, Ascend and 3Com developed the peer-to-peer tunneling protocol or PPTP. PPTP was created in order to ensure a more secure and private connection between the user and the internet. As the internet rapidly expanded, so did viruses, malware and a plethora of attacks targeting end users and even their networks. It became clear that not only a more secure method of connection was in order but also a more convenient one too. In the early 2000s, internet users were becoming increasingly on-the-go and required the ability to connect remotely to a private network over a public connection.

This called for a standard that not only maintained privacy through encryption but also prevented malware all while affording users the ability to connect to their sensitive data from anywhere in the world. VPNs or Virtual Private Networks were born out of necessity for businesses to keep their data safe while employees accessed these private networks.

Unlike the original PPTP protocol, VPN allows many users and devices simultaneous access to private networks across a very public internet. This is accomplished using a three-layered approach involving tunneling, authentication and encryption. This was sufficient for its time, but the internet has exploded in use since the early 2000s and not just by business users.

Billions of internet users including consumers, journalists and gamers regularly connect using VPNs but the same convenience that allows them to connect from anywhere using any device also carries risks that stem from traffic that VPNs were never designed to handle. The rise of cloud computing among all internet users has revealed cracks in the surface of these networks that VPNs worked so hard to conceal and remediate.

Many free VPNs collect vast amounts data on their users that they then turn around and sell to advertisers. And while encrypted VPN data cannot be read by your internet service provider, they can determine that you are using a VPN and even the nature of the encrypted data since it all passes through their pipes. This can become an issue for users who are bound by agreements restricting internet use outside their own country for something as harmless as streaming a show on Netflix to something as serious as reporting human rights violations from within China.

The final nail in the coffin of VPN came in early 2020. The COVID-19 pandemic changed so many things about our daily lives especially remote working. Seemingly overnight, the remote workforce went from roughly 6% to over one-third of workers. Flexible remote work opportunities exploded during the pandemic so much so that many bosses and companies have resigned to the fact that many of these workers will never be stepping foot into their employers’ offices again. Many other companies have adopted hybrid-remote policies in an attempt to keep an eye on employees while also affording them work-from-home independence. Unfortunately, all of these approaches collectively expand an ever-increasing attack surface that VPNs were not designed to handle.

No alt text provided for this image

Zero Trust Network Access or ZTNA isn’t a new concept, but security providers have been quick to adopt it due to urgent needs both during and post-pandemic. The essential difference between ZTNA solutions and VPNs is that ZTNA models utilize a “never trust, always verify” approach to each user before granting access. If we liken users and data to a two-way spigot extending off a giant network barrel, ZTNA offers unlimited spigots (one for each user) while VPN offers just one giant spigot for everyone. Zero Trust, as implied by the name, not only requires robust authentication but also segments users with granular access to specific apps. This limits their exposure to the network and minimizes risks to all users and networks.?ZTNA is implemented with the?security designed around users ?so when employees are connected both your network and your employees are protected.

And since ZTNA is a cloud-based solution, it scales globally all while implementing posture checks before connecting devices, privatizing user access with multi-factor authentication and allows user and network management all from a single platform. Due to the physicality of VPN firewalls, similar scalability is more expensive, more time consuming and decidedly less secure.

ZTNA providers allow any organization a flexible, 360-degree view of all access and security. See all the benefits of?ZTNA vs On-Premises?Firewall VPN?for the Remote Workspace ?so you can keep your organization cybersafe.

This blog was sponsored by?Perimeter 81

#Perimeter81 ??#ZTNA ?#ZeroTrust ?#NetworkSecurity ?#VPN ?#RemoteWork ?

Amit Bareket Sagi Gidali ?Gily Netzer Jordan Snapper? Ohad Mandelbaum ?Rocio Zapata Sasson ??

Natasha Fiaz

Information Security Officer

1 年

Vert well explained

回复
Kumar Manoj

Senior Security Architect @ Orange Cyberdefense

1 年

Scott Schober , Sound good and intresting, The Zero Trust approach relies on various existing technologies and governance processes to accomplish its mission of securing the enterprise IT environment. It calls for enterprises to leverage micro-segmentation and granular perimeter enforcement based on users, their locations, and other data to determine whether to trust a user, machine, or application seeking access to a particular part of the enterprise. Importantly, the key capabilities of ZTA can be summarized as follows: identity-based schema, resource secure access, continuous trust evaluation, and adaptive access control. These capabilities, map to a set of interacting core architectural components that are highly adaptable to various business scenarios.?

回复
Daniel Hill

Technical Product Manager -#In-Person

2 年

Hi Scott Schober, you have got me thinking here. At work, I mostly use Citrix for access to a remote desktop session, and when traveling I remotely control my home desktop. Do you think those are safer alternatives? Would love to hear your thoughts.

Robert Koblovsky

Seasoned High Tech Professional

2 年

Excellent Blog. Thanks

Tracey Pilkey, CISSP

Business Development, Cyber Security & AI Consultant

2 年

ZTNA is still VPN just with an additional layer for protection and approach. The foundations are still built on VPN technology. Its not dead its just had a few "enhancements" to add that extra layer of security. Agree?

要查看或添加评论,请登录

社区洞察

其他会员也浏览了