Categories
Articles

Why zero-trust models should replace legacy VPNs – TechTarget

putilov_denis – stock.adobe.com
Companies have been using VPNs for over two decades. The tool allows employees, contractors and other parties to access an organization’s internal data, assets and applications. Unfortunately, VPNs are ill equipped to adapt to changes in technology and security needs. They no longer keep company resources safe and secure, which is their primary function. Alternatively, organizations that use zero-trust models are better equipped at handling security risks.
Traditional VPNs connect remote end users to private company resources by backhauling traffic to data centers and applications. Once traffic is brought to a central location, traditional security measures are applied. Microsoft invented VPNs in 1996, making the tool nearly as old as the internet itself. With the increase in cyber attacks, the limitations of VPNs have become more visible.
VPNs grant immense trust to authenticated users, allowing users to access information and resources they do not need. Also, VPNs often suffer performance problems from routing traffic through centralized data centers. Bandwidth-intensive cloud applications are also quite costly. Lastly, and most concerning, VPNs are ill equipped to defend against many security threats. For instance, if an infected user or an attacker with stolen credentials connects to your internal network through a VPN, there is a risk that viruses, ransomware and data breaches spread throughout the network. VPNs were ideal before the cloud when the legacy security model was a set perimeter based on a castle-and-moat architecture.
Zero trust is simple: There is no such thing as a trusted user. Instead, when users are authenticated, they are placed within a security bubble, or software-defined perimeter. Here, users only get access to authorized resources rather than everything. Even if the user’s computer is compromised by a remote agent, the user is unable to directly access other users or resources. In addition, URLs are obfuscated, and sensitive data is hidden from view.
In a zero-trust model, each user is always monitored, using identity-aware proxies — technologies that can scrutinize user behavior patterns and detect erratic behavior in real time. The zero-trust model enables more security checks. It generates logs that are not possible with traditional VPNs, such as recording the user’s location and application use histories.
It is too easy for companies to reach for traditional VPNs. The technology is historically reliable, easy to implement and familiar to users. However, due to the serious security flaws, an alternative tool is needed to meet today’s needs.
When legacy VPNs were first adopted, cloud-based applications and many current scaling problems were nonexistent. Outside contracting, cloud expansion and remote work exceed the original system’s capabilities. When you add outliers — like a pandemic — VPNs show their age. Additionally, networks cannot be segregated with legacy VPNs in the same way they can with zero-trust architectures. It is important to note that these two technologies are not necessarily exclusive. VPNs can be re-architected to work within a zero-trust architecture, which may please administrators who find this system familiar.
Part of the issue with legacy VPNs is the nature of trust itself. In the traditional VPN model, users are restricted using access lists by lines of code. Large access lists are notoriously hard to manage and have the potential for error. Additionally, users are placed in an internal VPN subnet, which potentially gives them access to the internal network. Traditional VPNs also require an inbound connection to your network, which is a threat if your VPN credentials are stolen. For example, VPN credentials were stolen during the Colonial Pipeline attack.
To protect data and resources, many companies may turn to zero trust. However, there are drawbacks for well-established companies to consider when embracing zero-trust protocols. Companies that use older legacy applications may have trouble implementing them on zero-trust networks. Other companies that have made significant investments in architecture might find additional expenses less appealing. Other issues involve data control, what that implicitly means for liability and whether it can be safely allowed outside the traditional security perimeter.
Despite concerns, zero-trust models have many strengths. While it does not guarantee safety, zero trust improves breach detection and can shut down connections faster than a traditional VPN. It also compartmentalizes resources, which helps to mitigate damage that might occur. Zero trust makes companies better equipped to handle today’s emergencies and minimizes the impact of tomorrow’s challenges. Since zero trust is implemented with cloud-based computing in mind, it also enables greater scalability and reduces the capital investment requirements needed for implementation.
For these reasons, newer and more agile companies have generally been the first successful implementers of zero trust. Although, companies such as Coca-Cola, Google and WestJet Airlines, have also embraced zero-trust principles.
Zero trust mitigates security risks by removing trust and reducing inbound connections to protect data, assets and applications. Too often, companies merely react to security threats following an attack. By then, attackers may have accessed business-critical assets and data. Implementing zero-trust models enabling organizations to re-architect their systems and discover efficiencies they previously missed when using older, traditional VPN structures.
About the author
Pranav Kumar is a senior technical account manager with Zscaler. He has worked in security for 16 years with experience in pre-sales, post-sales, designing, transition and transformation of security projects. For further information, please email [email protected]

The ProxyShell advisory includes a call to patch, as well as details on which Exchange servers are vulnerable. In short: Those …
CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft …
Two critical updates from Cisco, remote code execution flaws in F5’s Big-IP, and a half-dozen VMware security holes are among the…
Microsoft’s Azure Government Top Secret offers more than 60 cloud services to U.S. spy agencies, the Department of Defense and …
As cloud adoption surges in popularity, it’s important that your cloud team is well equipped to handle their next project. …
To fully realize the benefits of cloud, you’re going to need to create a structure that puts the right people in the right places…
Think you’re ready for the AWS Certified Solutions Architect certification exam? Test your knowledge with these 12 questions, and…
Amazon said its van monitoring system is designed solely for driver safety. But many industry experts have concerns regarding the…
Amazon would like to strengthen its global footprint, but the e-commerce giant faces roadblocks and challenges today that did not…
This year’s VMworld conference runs virtually from Oct. 5 through Oct. 7. Read the latest news and announcements about and from …
It is critical to develop a foundation of Hyper-V knowledge for successful management. These three FAQs can broaden your Hyper-V …
Read the updated rules, criteria and categories for the Best of VMworld 2021 Awards to find out what the requirements are for …
VMware introduced NFS and SMB file shares with the vSAN file service. This service lets VMs access any stored data in the vSAN …
Hot and cold migrations move VMs differently throughout VMware infrastructure. A hot migration doesn’t require downtime, while a …
You can create linked and full clones with VMware Workstation’s new VM clone wizard, but you should first understand their use …
Boots becomes member of the BCS, the Chartered Institute for IT, as CIO Rich Corbridge accelerates drive for the ‘…
Second-quarter 2021 edition of mobile device tracker shows more than 150% year-on-year growth, with mobile device trade-in …
The discipline of predictive analytics is likely to increase in importance as it is complemented by artificial intelligence. NHS …
All Rights Reserved, Copyright 2011 – 2021, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source

Leave a Reply

Your email address will not be published. Required fields are marked *