Have VPNs reached the end of the tunnel
Photo credit Engin Akyurt

Have VPNs reached the end of the tunnel

When the pandemic forced organisations to adopt a work-from-anywhere strategy, many leveraged virtual private networks (VPNs) to ensure employees could remotely access corporate networks and that these remote connections were secure. Given the ease of use and affordability, VPNs quickly became massively popular again.

No alt text provided for this image

What is a VPN?

A VPN is a virtual network built on top of existing physical networks. Its privacy function stems from the encrypted tunnel it creates for data, which ensures your device and the server share a secure connection so only you can see what you are doing on the internet.

Effectively, this means remote workers can access company resources that are inaccessible on the public network. In addition, they can use public networks like Wi-Fi hotspots without worrying about someone prying into their business. The data you send and receive across shared and public networks can only be decoded with a key that only your computer and the VPN knows, so not even your information service provider (ISP) can access this information. It would be as if your device were directly connected to a private network, hence the name – virtual private network.

Are VPNs enough?

The short answer is no. VPNs are a stopgap measure at best.

While they were convenient and provided critical functions in a time of need, the fact of the matter is that legacy VPNs struggle to meet today’s business needs. They no longer provide the performance, levels of security and access control that modern digital organisations require to maintain a hybrid workforce.

Broken access control has risen to the topmost spot among OWASP’s 2021 list of ten most prevalent vulnerabilities that are most likely to affect enterprises in the coming years—no doubt due in part to the widespread adoption of VPNs. Like all traditional IP networks, legacy VPNs are fully connective by default, in that they often assume that all authenticated users need access to everything on the network, so that’s what they provide. This means the solution is inherently fraught with access control vulnerabilities. Any user with network access can access classified data and processes well beyond their scope. If a malicious or unauthorised user connects to your network via a VPN, the entire network is consequently vulnerable to malware and data breaches.

The nature of legacy VPN technology also makes it a prime target for exploitation. With all traffic and user data being essentially funneled through just a handful of centralised devices whose servers may be located anywhere, and accessed by anyone, there are multiple single points of failure which severely compromise the security of the virtual private network.

“Previously we were using a VPN, which required our team to create a separate set of users, which was very hard to manage. So at the time, credential and authentication management was our biggest issue,”

Perimeter 81 Case Study: How a Leading Healthcare Technology Provider Achieved Secure AWS Access and HITRUST Compliance

In addition, with solutions that fail to scale to meet the demand, poor user experience tends to be the consensus.

“A lot of time, when you work with a large famous-name vendor, you’re just a number and can get lost in the system.”

Perimeter 81 Case Study: Brack Capital Migrates 100 Users to WFH in Two Days With Cloud VPN

In the particular case of a mass remote workforce that relies on VPNs to access network systems, poor VPN performance halts productivity entirely. These days, organisations demand immediate, uninterrupted access for their users, no matter where they are located. As a result, business owners are looking for a new, modern, approach to better support the needs of their distributed enterprises.

The Shift to Cloud-Based Delivery Models

?“Meredith no longer needs to pay $6000 AUS a year for their VPN licenses or hardware and setup costs. Omar also works less than an hour a month on servicing Meredith’s remote users — down from 10 hours or more a month.”

Perimeter 81 Case Study: No More Lost Sleep Over Ransomware Attacks at Meredith

With organisations reducing their dependence on VPNs for secure access, many are turning to software-defined networking to gain better control over the performance, cost, and management of their networks.

Zero Trust Network Access (ZTNA), in particular, has seen tremendous growth. In fact, it is the fastest-growing segment in network security, driven by the increasing demand for zero trust protection for remote workers. While VPNs connect any given user with one network, ZTNA gives different users differentiated access (according to clearly defined access control policies) after verifying their identity.

Gartner predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services.

However, it ought to be noted that ZTNA is not, by itself, sufficient for organisations to apply secure remote access. They require a larger converged network security solution, of which ZTNA is a part.

Converged network security platforms bring together cloud native security technologies like SWG (secure web gateway), Firewall-as-a-Service (FWaaS), and ZTNA to connect users wherever they are. This provides secure access through which all types of data can flow seamlessly without being compromised along its journey from point A to point B across different endpoints such as laptops, desktops, and mobile.

As business needs and requirements change, legacy VPNs struggle to keep up. Fortunately, we are not without options. Perhaps it is time to usher in this new era of easily scalable, cloud-native converged security solutions that protect company resources, and serve the connectivity needs of employees no matter where they are located.

If you'd like to learn more about how ZTNA and cloud-based network security can secure your organization,?book a demo?with Perimeter 81 today.

Rajesh Laskary

Founder & CEO | Artan Consulting, Singapore | CISO | Author "Cybersecurity Superbook"| 55+ Cybersecurity Certs | Author of 4 Books

1 年

Great insight Dr Magda Chelly (as always)! Can I say VPN is a trusted tunnel? ZTNA might not be a perfect solution, but at the moment and in the near future, at least seems to be among one of the best one available (esp. in a increasingly remote environment).

Douglas E.

Dark by Design ZeroTrust Principal Executioner.

1 年

Dr Magda Chelly?Strongly agree. A properly mature VPN with SSL inspection and trained staff is more secure then new bleeding edge toys. VPN can push MDM and other security policies to help lock down shadow IT and BYOD. VPN can have QOS to help call quality and video.?

回复
Tallen Harmsen

Helping businesses strengthen their cyber risk posture, safeguard sensitive data, and reduce third-party risk.

1 年

VPNs will live on as there functions are wrapped up in service offerings that are rebranded as VPN alternatives.

Evgeniy Kharam

Author | Cybersecurity Architect | Evangelist | Consultant | Advisor | Podcaster | Moderator | Visionary | Speaker | Awarded Dad | Outdoor Enthusiast

1 年

Thank you for the great article, as an architect i would like to add something, , we still have vpn tunnels between offices, to IaaS and even to SASE providers, so remote VPN is definitely very close to the end of tunnel, site to site is still kicking.

Dan Watson, CISSP

GRC Consultant at Fintech Confidential

1 年

SASE it is what is next

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了