Share this article on:
Mark Lukie from Barracuda Networks casts doubt over the dependability of VPNs in today’s digital environment.
Virtual private networks (VPNs) have been a mainstay of corporate IT infrastructures for years. Designed to deliver secure remote access to centralised applications and data, they’ve become a go-to tool for on-the-move staff.
However, it’s becoming increasingly clear that VPNs are no longer able to meet the security requirements of today’s digitally dependent businesses. Many VPNs fail to deliver the levels of security they promise, which means systems can be vulnerable to cyber attacks.
There are six key reasons why 2021 should be the year you dump your VPN and find a more effective way to achieve secure remote access. These reasons are:
VPNs don’t enforce corporate device security and compliance requirements:
While they are designed to create a secure tunnel between a remote user and centralised IT resources, VPNs can’t protect a user’s device from infection by malware. This means a compromised laptop or smartphone can then expose the organisation’s network to potential attacks. It’s important to be able to assess the security status of every device before it logs on to the network, and this is beyond the capability of a VPN.
VPNs expose the corporate network:
As well as providing access to specific resources within an IT infrastructure, VPNs may also grant access to the entire corporate network. If this is the case, it is difficult to have visibility into which individuals have access, and to what resources. It’s possible that a company could unknowingly give the keys to its digital kingdom to an unintended individual, creating significant breach risks.
VPNs don’t support attribute-based access:
Role-based access is an important tool for security teams, but it does not provide sufficient coverage to assure trust. VPNs don't support attribute-based access, nor do they provide critical information on a user's identity or a device's security state or location. For this reason, they can’t ensure secure access and resource protection.
VPNs lack speed:
Because of the way in which they are designed, VPNs don't enable continuous connectivity. This means they often create connections that are not stable and can hinder employee productivity. VPNs also suffer from continuous disconnects, which force application-layer timeouts causing employees to waste time waiting for VPN reconnects and app reloads.
Switching between multiple VPNs is challenging:
When using a traditional VPN, users are often forced to switch between different configurations to access multi-site environments. This can cause user frustration and become a time-consuming hassle for remote workers.
VPNs do not protect user devices:
They might create a secure tunnel between remote devices and corporate networks, however VPNs cannot protect against web-based attacks such as credential theft, phishing, drive-by downloads, or malvertising, which are the most significant cyber security threats for enterprises. Also, an employee or partner with a compromised device can still use a VPN to access the corporate network without raising an alarm.
The zero-trust alternative
For these reasons, it’s important for organisations to consider alternative access methods for their remote workers. A better approach, and one that is being adopted at an increasing rate, is the strategy of zero trust. Indeed, according to research firm Gartner, by 2022, 80 per cent of new digital business applications opened up to ecosystem partners will be accessed using Zero Trust Network Access (ZTNA).
Zero trust removes the concept of a network boundary and instead requires the use of strict identity management. Unless the identity of a user can be confirmed, they are not allowed access to any resources.
This strategy is a much more effective way of delivering secure, high-performance access to remote users. It enables them to access applications and data in the same way they do when in the office.
Consider how a zero-trust strategy could deliver benefits to your organisation in 2021.
Mark Lukie is the sales engineer manager, APAC at Barracuda Networks.