[ad_1]
The workplace policy continues to strive for more flexible work, with over 58% of Americans (opens in new tab) reporting in the spring 2022 survey that they had the opportunity to work from home at least one day a week. While this is great news for employee freedom, it also presents increased security challenges for companies.
Remote workers are often required to access sensitive business resources over the Internet, which traditionally ends up being the case virtual private networks (opens in new tab) (VPNs). This outdated model is struggling to meet the demands of a large remote workforce and is increasingly being replaced Zero trust solutions (opens in new tab)such as Perimeter 81 (opens in new tab).
In this article, we look at why your company might want to replace VPNs with a zero-trust model.
Problem with VPN trust model
VPNs have long been used to allow devices on different networks to communicate as if they were on the same network. By using a VPN over the Internet, employees can connect to the company’s intranet and access all resources as if their computer were connected there.
Most importantly, VPNs do not perform any additional security checks after the initial authentication, which is usually just a username and password. Once a remote device is authenticated, it is still trusted indefinitely. This is a security risk.
VPNs usually allow full access to the company’s network for the remote user after they have been verified. With such broad access to all applications and resources running on the network, a compromised remote machine can wreak havoc on a business.
Another problem is that companies are increasingly using cloud-based applications, storage and other resources. You may want to harness the power of massive cloud-based resources Amazon AWS (opens in new tab), Microsoft Azure (opens in new tab)and Google Cloud (opens in new tab)but VPNs only offer perimeter-based security, protecting the local network.
Any solution that tries to combine traditional VPNs with cloud technology will be clunky and difficult to maintain.
Employees often find VPNs frustrating to use. VPNs have limited authorization features, which means creating and managing usernames and passwords for a large workforce can be tedious.
Hundreds of employee network transactions must pass through a VPN, often causing a bottleneck. This can mean apps are slow to respond and file transfers are slow.
The solution: the zero-trust model
Zero Trust is a philosophy where no device or user is automatically trusted, no matter where they are. This affects the way your applications, network infrastructure, and company security policies are written and implemented.
The first noticeable change between using a VPN and Zero Trust is that users connected to a local company’s network are subject to the same security checks as everyone else. Users or devices are no longer automatically trusted simply because they are physically located in a building.
Zero Trust opts out of politics once checked, always trusted and replaces it with never trust, always verify. This means that users and devices are constantly monitored for suspicious behavior that may indicate that the connection is compromised. For example, if the Zero Trust solution detects malware on a remote laptop, access to company assets will be immediately revoked until the problem is resolved.
VPNs cannot offer granular controls over what each user can access online. Zero trust solutions can. Instead of just offering general security at the network level, Zero Trust can be used for more specific protection at the application level.
With Zero Trust, users can be granted or denied access to specific applications. This is challenging to do with a VPN without deploying applications on different networks. Advanced solutions can approve and deny requests to parts of the application based on user credentials. A lower-level employee may be granted access to view selected data, but denied, for example, the ability to modify it.
Zero trust and the cloud
Above we discussed how the increased use of cloud-based resources in business is inconsistent with the perimeter-based security model of VPNs. Zero Trust lays a solid foundation never trust always verify so it doesn’t have the same problem.
With Zero Trust, every request to access company resources goes through a security intermediary application, commonly known as a broker. This broker checks whether the request is valid before submitting the request to the resource.
In particular, that resource does not necessarily have to be on the company’s intranet. Instead, the broker could be the custodian of the cloud application. This means companies can put their resources on cloud servers instead of the company intranet while maintaining a high level of security.
This offers many advantages. It becomes much easier to scale business applications, as you can leverage the enormous power of public and private cloud networks when needed. It can reduce operational costs, as you no longer need as much on-premise hardware and staff to maintain it. And, of course, that means better security for your vital business assets.
It’s also great for your employees, as they can use one authentication and authorization system instead of tracking dozens of logins. Application performance can be dramatically improved, as employees no longer have to send all data back and forth over the often-bottlenecked VPN.
Conclusion
An increasingly remote workforce and greater reliance on cloud-based infrastructure means that the perimeter-based security model of VPNs is completely obsolete.
The Zero Trust architecture offers more robust security and enables finer control over what users can access. With the right implementation of Zero Trust, costs can be reduced, authentication is simpler for employees, and your critical business assets will be secure.
Learn more about Zero trust network access (opens in new tab) (ZTNA), how to secure your network with Zero Trust (opens in new tab)and why The US military is going all-in on Zero Trust (opens in new tab).
[ad_2]
Source link
