When organizations were forced to shift to remote work during the pandemic, they needed a quick-fix solution that would enable their remote employees to securely access work resources. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app security use cases.
While VPNs can provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workforce wanted to work from home. They also place too much trust in the device and the user. But now, as work from anywhere continues, it is important to rethink how to provide access for your entire organization securely.
What are the challenges of a remote-first workforce?
When they first debuted twenty years ago, VPNs were the de-facto method for connecting remote workers to an organization’s data center when laptops became common. Back then, computers still used modems and services like iPass for connectivity. A VPN ran over the top of services like iPass to create a “private network” and keep the transmission secure.
But since then, the technological landscape has changed dramatically. In several ways, they were built to solve yesterday’s problems.
Now, the widespread adoption of cloud applications means the way we store and access work data is completely different. On any given day, I’ll connect to an internal development system, access documents on Google Workspace, send Slack messages to coworkers, and use Zoom to attend meetings. I can perform all of these equally easily on my smartphone and my laptop.
Many Lookout customers may have a similar experience that also includes accessing applications on AWS or Azure, such as SAP S/4HANA. As we work remotely, we’ve become accustomed to seamlessly accessing what we need wherever it is and working from any device of our choosing.
Another significant challenge brought on by this new environment is that organizations do not have the required visibility into their complex IT environments. Unlike back in the day, when you’d only be using work-issued devices on company-managed networks, employees are accessing work resources using devices, networks, and software that your IT team has no control over or may even be unaware of. This has significantly increased the attack surface of your organization.
Why are VPNs inadequate for the modern work environment?
One of the biggest issues with VPNs is that they provide full network access to whoever and whatever is connected. And it’s not just the device connected, everything that’s on that device’s network is also given access. So whether it’s a piece of malware or a compromised account, there’s nothing to stop them from moving laterally across your infrastructure and causing harm.
VPNs also have a bad track record when it comes to user experience. When direct access to the cloud is available everywhere, expecting your employees to first sign into a VPN to go to these cloud applications puts a road bump into their workflows. Think of it like forcing someone to travel from Boston to New York City via Los Angeles — inefficient. If you’ve ever experienced slow page loading times or snail-paced downloads while on a VPN, then it is likely due to your traffic being forced to take an inefficient route.
What’s the alternative?
To address these new problems and for the reasons discussed above, VPNs don’t cut it when it comes to giving your remote workers secure access to what they need. Secure access technologies like zero trust network access (ZTNA) or cloud access security brokers (CASB) pick up where VPNs leave off.
These secure access service edge (SASE) technologies give granular access to only the applications and data that your workers need while continuously monitoring user and device behavior to dynamically adjust access based on risk. This means that the risk of lateral movement is dramatically reduced, the connectivity between the user and the app is efficient, and the security of the connection goes well beyond encrypting traffic between two points.
ZTNA provides a seamless connection to your apps without putting your data at risk
After all these years of connecting your workers to your organization, they deserve their praise where it’s due. But the problems they were made to address back then are no longer relevant. Your organization is now facing the challenge of enabling your workers with the freedom and flexibility to work with applications in the cloud from anywhere while safeguarding your data. Moving away from technology like VPNs to next-generation alternatives like ZTNA is a good start.
To learn more about replacing your VPN with ZTNA, visit the Lookout Secure Private Access page or check out the episode of the Security Soapbox podcast where Hank Schless and I talk about how VPNs have been extended beyond their original use case.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization
KuppingerCole Leadership Compass for ZTNA (Free Report)
Zero Trust Network Access (ZTNA) is based on the assumption that any network is always hostile, and thus, any IT system, application, or user is constantly exposed to potential external and internal threats.