When companies were forced to transition to remote work during the pandemic, they needed a quick solution that gave their employees secure access to work resources. For many, this solution came in the form of VPN (Virtual Private Network), but these were not originally designed for the use of BYOD (Bring Your Own Device) and cloud apps.
Lookout, a provider of endpoint and cloud security, now sees the end of VPNs. While VPNs can provide remote access, it may come as a surprise that they fall short when it comes to security. That's because VPNs are designed for when only a small portion of the workforce wants to work from home. VPNs also place too much trust in the device and the user. Now that remote working has become mainstream, it's important to rethink how companies can provide the entire workforce with secure access to the resources they need.
Location-independent work
When VPNs were first deployed 20 years ago, they were the de facto method for connecting remote workers, who increasingly used laptops, to a company's data center. Back then, computers still relied on modems and services like iPass to connect and then use a VPN to create a “private network” and secure the transmission.
Since then, however, the technological landscape has changed significantly. In many ways, VPNs were designed to solve yesterday's problems. The widespread adoption of cloud applications means that the way companies store and access work data has completely changed. On any given day, a user connects to an internal development system, accesses documents in Google Workspace, sends Slack messages to colleagues, and uses Zoom to join meetings. He can do all of this just as easily on his smartphone as on his laptop.
Similar scenarios are commonplace in many companies, including access to applications such as SAP S/4HANA on AWS or Azure. As many employees work remotely, they have become accustomed to seamlessly accessing what they need, no matter where the application is running, and working on any device of their choice. Another major challenge presented by this new environment is that organizations do not have the necessary visibility into their complex IT environments. Previously, only company-issued devices were used on company-managed networks. Today, however, employees access work resources using devices, networks, and software that the IT team has no control over or may even be unaware of. This has significantly increased the attack surface for companies.
VPN inadequate for modern work environments
One of the biggest problems with VPNs is that they grant full network access to anyone connected to them. And this applies not only to the connected device, but also to everything that is on that device's network. Whether it's malware or a compromised account, there's nothing stopping it from moving laterally through the infrastructure and causing damage.
VPNs also have a poor track record when it comes to ease of use. When direct access to the cloud is available everywhere, employees must first log into a VPN to access these cloud applications, complicating their workflows. It would be the same as forcing someone to travel from Boston to Los Angeles to New York City, which is inefficient. If you're experiencing slow page load times or sluggish downloads while using a VPN, it's likely because traffic is being forced to take an inefficient route.
ZTNA as an alternative
“To solve these new problems, for the reasons outlined above, VPNs are not enough to provide remote employees with secure access to the information they need,” said Sascha Spangenberg, Global MSSP Solutions Architect at Lookout. “Secure access technologies such as Zero Trust Network Access (ZTNA) or Cloud Access Security Brokers (CASB) pick up where VPNs leave off. These Secure Access Service Edge (SASE) technologies enable granular access to only the applications and data employees need, while continuously monitoring user and device behavior to dynamically adjust access based on risk.”
This means that the risk of sideways movement is dramatically reduced, the connection between the user and the application is efficient, and the security of the connection goes far beyond encrypting traffic between two points. The problems that VPNs were designed to address back then are no longer relevant today. Companies are now faced with the challenge of giving their employees the freedom and flexibility to work from anywhere with applications in the cloud while protecting their data. Moving away from technologies like VPNs toward next-generation alternatives like ZTNA is a good start, Lookout believes.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.
Matching articles on the topic