Why should you start to shift from a traditional VPN to ZTNA as your secure access solution?
First of all, you may ask yourself, why should I make this shift? VPNs have always been the way we provide remote access to our network, servers, and applications. They have been around for over 30 years and have been a trusted method for providing remote access.
This may be true, but there’s been a huge increase in the workloads on our Security and IT teams due to COVID-19, and VPNs have made their workloads worse, not better. The shift of the workforce from the office to home has meant that:
- IT staff have had to set up, provision, and ship new laptops or workstations to employees to use at home.
- There’s been a huge increase in VPN traffic, which can cause users to complain about speed and performance.
- Little device checking is done, so the possibility of viruses, malware, or ransomware infecting devices and infiltrating your entire network is always present.
- Usernames and passwords are often stored in the client app and, if compromised or stolen, cyber attackers could gain instant access to ALL of the organization’s network assets.
- Users are not limited to specific network resources, so they could attempt to access anything, authorized or not, with little or no audit trail.
Now add the complexity of managing remote access for the external users who are part of your business ecosystem.
- What resources and apps do your partners, contractors and other third-parties need access to?
- Is getting them to install a VPN client on their machine desirable?
- Is giving them full network access desirable?
- How about adding them as users in your AD, LDAP, or Radius AAA servers so they can be authenticated before being let in — is this desirable?
Most likely that last point would be a ‘no’, but over the past year, we have been accommodating these requests due to the COVID-19 circumstances.
Providing external parties with remote access through a VPN requires diligence when it comes to staying up with security vulnerabilities. The last thing you want is to make it easy for users (both external and internal) to piggyback onto other resources that a VPN might expose, or to copy important confidential documents without anyone’s knowledge—something I like to call the “Snowden Effect”.
There is a better way—a way that can free up some of your security and IT teams’ resources and time. How? By simplifying secure access to your resources—making it easy and fast for both admins and the users they support. This is the Zentry Security way: an HTML5-based, secure clientless zero trust network access (ZTNA) solution that provides secure access to your desktops, applications, and critical IT infrastructure without granting full network access like a traditional VPN would. The only access your users get is to authorized apps and resources, nothing else — and with no L3 access.
Bringing Zen-like Simplicity to Secure Remote Access
Zentry offers a next-generation secure remote access solution—Zentry Trusted Access—based on ‘never trust, always verify’ zero trust principles. It provides clientless, identity-aware, policy-based secure access to applications and resources located on-premises or in the cloud, and eliminates the excessive trust placed on networks and locations by traditional enterprise security models. All-access to applications and resources is fully authenticated, authorized, and encrypted based on user identity and access control policies. As a result, users can access applications and resources from anywhere, on any device, simply using an HTML5 browser. The experience is identical whether they’re local or remote, or whether they’re an employee, contractor, or partner.
How, specifically, is Zentry simpler and more secure than a VPN?
Wouldn’t it be nice to just be able to give your remote users one URL for them to authenticate to gain access to your company’s internal resources?
Well, with the Zentry ZTNA solution you can. Some of the benefits over a VPN include:
- No more needing to provision a new workstation/laptop with a VPN client.
- No need for installing and ensuring that all of the corporate policies, antivirus, and malware detection are up to date and enforced.
- No more troubleshooting an end user’s laptop for why it cannot login.
- All the end-user needs is an HTML5 supported browser on any machine type. Whether they are using a PC, Mac, Unix, tablet, or smartphone, they can have secure remote access to their:
- Desktops via RDP or VNC
- Intranet web pages
- SSH and telnet
- Published apps via RDS
All via a simple user interface – end users just point and click on the resource they wish to connect to.
- An easy to use Web UI for the admin to configure:
- Simple drop-down menu options
- Quickly see who has logged in and what resources they are accessing
- Automated software update feature to keep you current if you desire
- Easy to customize the user portal pages for personalized user experience
- Easy to setup AAA and MFA
Let us work together on your migration to Zero Trust
Use Zentry’s zero trust network access solution as a starting point for zero trust migration. To enable enhanced productivity while protecting your most valuable systems and data, start a project with a selected scope. Prioritize the use case requirements, analyze the workflow and quickly build a new identity-aware, policy-based secure application access solution that allows internal applications to face towards the internet for anytime, anywhere access with consistent security and a streamlined user experience. I look forward to helping you on this journey!
_____________
For more background on VPNs vs. Zentry Trust Access, check out Thank You, VPN – But Times Have Changed. Or check out our post on How To Implement Zero Trust to kick start your Zero Trust journey.
