Beyond VPN: A Modern Approach to Remote Access

Long considered the standard in the industry, it appears the Virtual Private Network (VPN) is on death’s doorstep after nearly two decades. 

While the cybersecurity industry is making great strides with digital transformation, the VPN continues to hold enterprises back. For a time, the VPN was the best way for enterprises to allow secure access from outside their perimeter to their internal resources and data.  But along with this digital transformation, comes an increasingly mobile and remote workforce that is reliant upon IaaS apps being hosted in the public cloud.

All of this contributes to a dissolving perimeter, where workers are working off of enterprise networks in the cloud. VPN’s just can’t keep up, either causing friction for remote workers or being wholly ineffective at actually establishing a private secure connection.

These signs all point to the imminent death of VPN. But if the VPN is dead, what is going to take its place? 

We’ll get to that in due time, but first let’s touch on some of the specifics of why the VPN is dying.

Why Are VPNs Being Replaced?

The biggest hit to current VPN deployments is coming from the increasingly evident shift away from the dissolving security perimeter, rendering VPNs ineffective.

Many VPNs exist as appliances within an enterprise’s on-prem security stack, backhauling traffic to allow secure access to the network whether employees are on-prem or not. As the traditional perimeter slowly dissolves into the cloud, and the security stack follows suit, there’s no sense in paying for the upkeep of a costly VPN appliance. 

This backhauling also causes more headaches for remote workers trying to access enterprise apps hosted in the public cloud. Instead of having direct cloud access they’re routed back through the corporate security stack only to head back out into the cloud. From here it should be obvious that the VPN emerges as a clunky, costly appliance that only hinders a workforce that is becoming more mobile and geographically dispersed. 

Considering that the VPN itself is a direct, immediately trusted connection to an enterprise’s network, it can be a most sought out asset to a malicious actor, making it a liability in the wrong hands. If a malicious actor or insider gains access to the VPN credentials, and circumvents security controls that may exist, it positions access to any sensitive data on your network that isn’t otherwise locked down.

So, not only is the VPN a clunky and increasingly outdated solution in a digitally transforming world, but it also isn’t providing the secure network access the modern workforce requires. With the VPN clearly on its way out the time is now to name the worthy successor to the VPN’s throne.

What’s Replacing the VPN?

The clear heir to the VPN’s throne is Zero Trust Network Access (ZTNA) and here’s why.

First, as a framework, Zero Trust is much more secure, offering direct, and managed  connections that only allow users to see the data for which they are authorized. This is due to granular micro-segmentation via an encrypted pathway. This is like getting access to a single safe deposit box versus access to the entirety of a library. Users only see what they are authorized to see, and nothing that they aren’t.

Second, ZTNA is much more easily deployed in the cloud. This not only transitions your security off-premise and into the cloud, but also allows for inline visibility so remote and mobile users aren’t forcibly backhauled through your enterprise data center. This allows much easier access to the applications and custom applications your workforce is already using on the public cloud and significantly reduces the friction to your workforce, enabling the freedoms to work anywhere they please without compromising security

While ZTNA may immediately look like a more expensive option than staying with your traditional VPN, it doesn’t require the capital expenditure associated with upkeep on an appliance. Factoring in time, effort, and resources required to maintain and operate traditional VPN, you’ll see savings by implementing ZTNA. 

When you take all of these factors into account, it’s clear that ZTNA is here to eat the VPN’s lunch, and the only humane thing to do is to make the switch and put your VPN out to pasture. The VPN had a good run, but ZTNA is here to offer a less costly, less clunky, and more secure experience for everyone involved.