What’s a Next Generation VPN with Zero-Trust Access?

As technologies and workplaces have completely metamorphosized, some shortcomings of VPNs have been revealed when it comes to using them as a remote access solution.

One of the biggest issues relates to security. Specifically, VPNs make a large attack surface vulnerable because any user that logs in gains access to the entire internal enterprise network—and so, potentially, does malware.

A related management challenge is that in attempting to prevent this, IT administrators end up with headaches both from having to define rules for each user, and then syncing them companywide.

Why have these areas emerged as problematic with VPNs today when they weren’t before? There’s a simple answer: remote access to servers or applications used to be a rarity, and now it’s the norm. At the same time, the remote access functionality of traditional VPNs has failed to keep pace with the evolution in technology.

The VPN Transformation

The value in VPNs lies in their ability to offer access to enterprise data and applications—any resources residing in the private data center or IT infrastructure—from any location. Remote users gain network security via traffic being backhauled to the data center. From there, external security products can be leveraged for enhanced data protection. VPNs also add value by their ability to facilitate site-to-site connection of remote data centers with the enterprise network.

Given the limitations of traditional VPN that are mentioned above, these plusses are no longer enough on their own in the current cloud-centric environment. Today’s hybrid-cloud reality requires the entry of next-generation VPN solutions to more effectively deliver remote access to cloud resources.

Whether we’re talking about in public Software-as-a-Service solutions, or Infrastructure as a Service and Platform as a Service (PaaS) providers (think Azure and AWS), cloud-optimized VPNs are needed in the mix for secure connectivity, site-to-site, between the data center and clouds.

This is where the technology has transformed by necessity, and a new type of solution called the Software Defined Perimeter (SDP) has joined the fray, since it is expressly designed for our current era that’s characterized by mobile working and cloud applications. SDPs have a big advantage over the VPNs of old: rather than using a data center as the perimeter, SDPs approach the perimeter as a solution that goes wherever the user device does.

Levels of Good

There’s no question that SDP solutions—even those that hone in only on remote access—up-level the game. Yet some SDP systems are more comprehensive than others when it comes to addressing all of the business requirements mentioned above. Ideally, you want the ability for central management of all of your VPN requirements, as well as upgrading them. By targeting this in a solution, an enterprise can keep its operational costs down.

Another key feature of the more powerful SDP systems is what’s known as “zero-trust” network access. This means unlike with the overly permissive access of traditional VPN solutions, trusted zones don’t exist. Instead, users must be granted permission to access only the applications that they need to conduct the enterprises’ business. Everything except these IT-administrator-designated connections stays invisible, securing network resources.

This level of granularity isn’t overkill; it’s required today for reliable data protection, because cloud migration and employee mobility make securing the perimeter increasingly challenging. Research shows that the majority of employees—70%—now work remotely at least sometimes, and they frequently do their off-site work from locations that are far from secure such as airports and hotel lobbies.

The fact is that for all of its benefits, traditional VPN still grants virtual workers too much access, regardless of if they’re third parties such as contractors, partners, or customers, or if they’re your own employees. None of these groups should have access to areas of the network that they don’t need to complete their specified work. A zero-trust approach is what ensures that network resources are not exposed unnecessarily, leaving them vulnerable.

Working in Tandem

Here’s the thing—while VPNs are a legacy technology, they’re not going away any time soon, nor should they. SDP solutions have become an integral part of the puzzle, but the VPN is still critical to the enterprise on many levels—from supporting mobile workers and third-party partners, to cloud migration, to delivering security products like network access control. VPNs have more issues to address than they used to, but they can’t simply be replaced.

What’s the answer? While VPNs remain a vital player in the enterprise infrastructure, SDP serves as a next-generation VPN, if you will. SDP is infinitely scalable since it’s a cloud-native platform, and it brings the ability to leverage its benefits across multiple applications. It reduces both complexity and management overhead.

By offering “need to know” access through its zero-trust approach, the result is the heightened security that today’s enterprises need to overcome the common problems that occur when relying only on traditional VPNs.

What’s Hot on Infosecurity Magazine?