The Death of VPN

In many ways, the COVID-19 pandemic acted as a catalyst – condensing a decade’s worth of change into just a few months. Whether it was online commerce, vaccine technology or reliance on last-mile delivery services, few areas of our collective lives look the same as they did before. But perhaps the most far-reaching and long-lasting impact of the pandemic will be on how we work. Lockdowns and office restrictions resulted in millions of people becoming “remote” employees overnight. That change placed unprecedented demand on the legacy services that enable remote work, hastening the demise of outdated technologies that were just phoning it in and spurring the creation of the next generation of remote working infrastructure.

For decades, Virtual Private Networks (VPN) have been the remote access method of choice for most companies. But, like any technology that predates an iPhone, VPNs were designed and developed to function in a world that simply no longer exists. To use an analogy, a VPN is like a castle: it places guards on the walls and has a moat, only allowing access to those who can pass a test. That test can be a username and password, an evaluation that their device is safe, or even their location. And in their time, castles offered the best security money could buy. But as technology (and with it, the sophistication of attackers) evolved, castles became obsolete.

The same is true for VPNs. While their functionality has evolved over the decades, the paradigm has shifted to the point where the very concept of a castle as a defensive structure (or a VPN as a secure network) is nonsensical. Just as it doesn’t matter how many cannons you place on your castle or how high you build the walls or how deep you dig the moat, it doesn’t matter how much you evolve the VPN: it’s simply not going to cut it.

The reality is that today, companies don’t have just one castle – whether that’s due to multiple offices, outside contractors, offshore developers, cloud-based services, or any one of a thousand other reasons. In today’s world, connecting to a single location and then bouncing around to access the thing you really want is inefficient, insecure and woefully inadequate.

As a result, modern security thought leadership has moved toward ‘Zero Trust Networking’. This method assumes that nothing should be trusted, and everything should be challenged before access is granted.

In Zero trust there isn’t a single perimeter; rather every object and its network connection are challenged before any access is granted, and those challenges are repeated constantly – ensuring that only those devices that are safe and uncompromised are permitted to access your applications.

This enables distributed remote access without a central site – providing the fastest access to data and systems regardless of physical geography. The focus becomes less about network access and more about application access. Zero Trust brings new levels of security, recognizes the cloud and virtualized world, and enables partnerships, contractors, and mobile workforces to have secure, productive experiences.

When people talk about the mobile workforce of the future, the term Secure Access Service Edge (SASE) has come to mean the combination of security, Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), SDWAN, and VPN all rolled into one thing. Put simply, a cloud service that provides granular, secure access for all constituents, without opening doors to the underlying network.

If your organization has a distributed workforce, offshore developers or IoT contractors, but they still use VPN as their primary remote access, we need to talk. Mavenspire offers services to help you mitigate risk and maximize long-term success, including: Vulnerability Discovery, End-to-End Security and SASE.

Related Insights