In a world of hybrid working, Australian businesses need to find ways of securing the growing number of distributed devices, assets and employees. Many rely on Virtual Private Networks (VPN) to maintain access controls while they manage the transition from traditional to disappearing network perimeters.
VPNs were created almost three decades ago, back in 1996. With visions of creating a secure connection between a user's device and the web, VPN had a simple but promising proposal. However, recent research has shown that VPNs aren't as secure as they could be. It may be time to consider an alternative, in this case, Zero Trust Network Access, or ZTNA.
Why do VPNs no longer meet the security needs of today?
The use of VPNs has increased drastically in recent decades, but the cyber threat landscape has also evolved. The security challenges facing VPNs now outweigh the benefits, especially for organizations that use such services on a daily basis. There are five main ways that VPNs fall short and why they are no longer enough to protect networks:
1. VPNs do not enforce corporate device security and compliance requirements
All devices are susceptible to malware and can be infected when outside the corporate perimeter and expose the network to potential attacks when accessing company data. There needs to be an understanding that when employees and partners access a resource, their devices need to have their security assessed before they log in. This matters because one compromised device can wreak havoc on your network and data.
2. VPNs do not support "attribute"-based access
Role-based access is an important tool for security teams, but it doesn't provide enough coverage to assure trust. VPNs don't support attribute-based access and so cannot provide critical information on a user's identity or a device's security state or location to ensure secure access and resource protection.
3. VPNs are not fast enough
VPNs don't enable continuous connectivity, creating connections that aren't stable and might slow the productivity of employees. Some VPNs experience continuous disconnects, which force application-layer timeouts, causing delays and costing organizations money and time.
4. Switching between multiple VPNs is complicated
When using a traditional VPN, you have to switch between VPN configurations to access multi-site environments. However, connecting to multiple infrastructure sites without switching access profiles, which most VPNs do not support, is more productive and efficient.
5. VPNs do not protect your device
Most importantly, VPNs don't protect from web-based attacks such as credential theft, phishing, drive-by downloads, or malvertising, which are the most significant cybersecurity threats for enterprises. An employee or partner with a compromised device can still use a VPN to access the corporate network without raising the alarm.
As data now suggests the average working Australian spends more than a quarter ( 27% or more) of their working hours at home, how can organizations better secure their data and ensure that their devices are protected in this new digital landscape? This brings us to Zero Trust Network Access (ZTNA).
What are the benefits of using ZTNA?
ZTNA is a philosophy derived from Secure Access Service Edge (SASE). The goal of SASE is to provide a multi-faceted suite of tools to protect organizations' IT landscapes in today's hybrid, multi-cloud world in which users and devices can be almost anywhere.
More importantly, ZTNA is a model based on enablement rather than restriction. This means it allows for better remote access, improved performance, increased security, and strengthened security.
So, what makes ZTNA more beneficial than a traditional VPN?
- ZTNA reduces the likelihood of a breach by thoroughly identifying and validating users before giving them access to a network.
- It provides a record of access attempts, which can be useful for compliance and audit needs.
- It delivers time savings thanks to automation and removes the need for IT tickets or approval from management for network access.
- The level of granularity with which you can manage permissions is only possible with a solution like ZTNA and cannot be replicated with a VPN.
- ZTNA connects users directly to applications without the need to send them through a central location within an organization's network, meaning latency is reduced.
These benefits highlight the multi-faceted nature of ZTNA and why it should be the solution of choice over traditional VPNs.
The time to deploy ZTNA is now
VPNs may have been the solution for its time, but they no longer meet the needs of what they are trying to achieve. ZTNA operates on a more flexible, more structured and more protected model, and it is the solution organizations need for the ever-evolving environment of today.
Organizations should consider deploying ZTNA solutions to simplify compliance and secure third-party access to their systems, providing Zero Trust Access to all their apps and data from any device and location.
An alternative would be directly implementing a SASE platform that enables businesses to easily control access to data from any device, anytime, anywhere. This also allows security inspection and policy enforcement in the cloud, at the branch, or on the device.