I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they’ve been extended beyond their original use case of connecting remote laptops to your corporate network. VPN is still the best option for cloud access and remote access in a world that includes cloud apps and personal devices. After my conversation with Hank Schless, I was inspired to put some additional thoughts about VPN on paper.
When most companies had to move to remote work in the last year, it was necessary to find a fast-fix that allowed remote workers to securely access their work resources. VPNs were the answer for many. VPNs are not meant for cloud apps or bring-your-own device (BYOD).
While VPNs can provide remote access, you may be surprised that security is not one of their strengths. VPNs were created for remote access when only a few of your employees wanted to work remotely. They also place too much trust on the device and the user. As work continues from anywhere, it’s important to reconsider how you can provide secure access to your entire company.
What are the challenges of a remote-first workforce?
When VPNs first appeared twenty years ago they were the most popular way to connect remote employees to an organisation’s data centre. This was before laptops and computers became more common. Computers used modems back then and services such as iPass to connect. A VPN ran over top of services like iPass to create a “private network” and keep the transmission secure.
But since then, the technological landscape has changed dramatically. In several ways, they were built to solve yesterday’s problems.
Now, the widespread adoption of cloud applications means the way we store and access work data is completely different. In any given day I will connect to an internal development platform, use Google Workspace to access documents, and send Slack messages. Zoom can also be used to join meetings. I can perform all of these equally easily on my smartphone and my laptop.
Many Lookout customers may have a similar experience that also includes accessing applications on AWS or Azure, such as SAP S/4HANA. We have become used to working remotely and being able to access what we need from wherever we are.
Another significant problem that this environment presents is the lack of visibility by organizations into complex IT environments.
Unlike back in the day, where you’d only be using work-issued devices on company-managed networks, employees are accessing work resources using devices, networks and software that your IT team has no control over or may even be unaware of. Your organization’s attack surface has increased dramatically.
Why are VPNs inadequate for the modern work environment?
One of the biggest issues with VPNs is that they provide full network access to whoever and whatever is connected. It’s not only the connected device that is granted access, but all devices on the network are also allowed. So whether it’s a piece of malware, or a compromised account, there’s nothing to stop them from moving laterally across your infrastructure and causing harm.
VPNs also have a bad track record when it comes to user experience. Direct access to the cloud can be accessed from anywhere, so requiring employees to sign in to a VPN before they are able to use these applications is a roadblock to their workflows. It’s like forcing someone from Boston to New York City to take the Los Angeles route — it is inefficient. If you’ve ever experienced slow page loading times or snail-paced downloads while on a VPN, then it is likely due to your traffic being forced to take an inefficient route.
What’s the alternative?
To address these new problems and for the reasons discussed above, VPNs don’t cut it when it comes to giving your remote workers secure access to what they need. Secure access technologies like Zero Trust network access (ZTNA) or cloud access security broker (CASB) pick up where VPNs leave off.
These secure access service edges (SASEs) technology give you granular access only to the apps and data your employees need. They also monitor user behavior and adjust access according to risk. The risk of lateral movements is greatly reduced and connectivity between users and apps is more efficient. Furthermore, security extends beyond encryption of traffic between points.
ZTNA provides seamless connection to your apps without putting your data at risk
After all these years of connecting your workers to your organization, they deserve their praise where it’s due. But the problems they were made to address back then are no longer relevant. Your organization is now facing the challenge of enabling your workers with the freedom and flexibility to work with applications in the cloud from anywhere while safeguarding your data. It is worth moving away from VPN technology to ZTNA, which offers next-generation options.
Note — This article is written and contributed by Sundaram Lakshmanan, CTO of SASE Products.