2021 marks the 25th anniversary of the virtual private network or VPN. One of the most prevalent technology solutions used to provide a private connection between an end-user and the applications or resources they need access to, VPNs have served the business world well. In fact, they’ve been an essential part of most organizations’ IT infrastructure, making it safer for remote employees to access business resources over the oh-so-public Internet. Unfortunately, “safer” does not necessarily mean “secure”, and over these past 25 years, our IT landscape has changed almost as much as the threat landscape, and that good ‘ole VPN just isn’t enough to protect an organization today.
A Little History
Twenty-five years ago, most business apps and resources were housed in a data center built and maintained by the IT department, and there were far fewer remote employees who needed access to these corporate resources; VPNs were sufficient for the need. When it came to securing the business, the general rule of thumb was “trust, but verify”, which meant generally giving your employees, contractors, and partners the benefit of the doubt; the bar was fairly low for establishing trust.
The Threat Landscape
Flash forward to 2021, and the scenario is so much different now: the Internet, cloud computing, and the explosion of smart devices have disbursed the data center, essentially enabling corporate resources—and workers—to live and work from anywhere. The changes in how we work and where our business systems reside have been like a gold rush for threat actors, who have also benefitted from the technical advancements of the past quarter-century. Not only does the Internet provide cybercriminals with a larger playground, but it facilitates the way they can communicate and collaborate with each other: the darknet, for instance, is the perfect place for sharing or selling tools, tips, and technologies for wreaking havoc.
Today’s digital business environment—where everything and everyone can be anywhere, using anything to access the apps and resources needed to be productive—had already necessitated a change in our approach to security. And then along came the pandemic, sending almost everyone home to work. “Trust but verify”, like the VPN, doesn’t cut it anymore.
The Zero Trust Approach
The idea of a “Zero Trust” approach to security started taking sharp focus in 2010, and it suggests that no user—even if it’s someone allowed on an organization’s network—should be trusted and allowed access without proper authentication. This means an employee, contractor or partner can’t just pop onto the VPN for access; they now have to validate themselves using single sign-on (SSO) and multi-factor authentication (MFA) before making that trip through the private tunnel to an application. Organizations implementing this Zero Trust approach are seeing great improvements in their security posture, with the added benefit of more easily meeting compliance mandates.
The Zero Trust Security Model
The Zero Trust security model has inspired a new generation of access solutions that have built on the traditional VPN to provide layers of added security using technologies such as SSO and MFA, and other identity and device authentication tools that continuously validate users. These Zero Trust network access, or ZTNA, solutions not only provide the added benefits of security controls, if done right, they are also simpler to use and administer than VPNs ever were. (Check out our last blog for more on this.)
Here’s the thing:
- The remote workforce will remain very large, even after it’s safe to go back to the office.
- The threat landscape has changed dramatically, and threat actors will continue to serve up daunting security challenges to organizations of all sizes.
- VPNs are complex, costly, and too insecure for today’s business environment. Not to mention, they don’t scale well to handle such a large remote workforce.
- Small- to mid-size enterprises (SME) often lack the personnel and budgets to support a zero trust approach to security.
Zentry Trusted Access
It’s this last point that has inspired the creation of Zentry Security and our best-of-breed ZTNA product, Zentry Trusted Access. Every organization, no matter how large or small, should be protected by Zero Trust security.
Zentry Trusted Access has been designed from the ground up to support the needs of the SME. For end-users, it’s simple to use and does not require complex or time-consuming login protocols, so it doesn’t get in the way of productivity. For IT teams and admins, it’s easy to implement and includes many of the security controls required for the protection that comes with a zero trust approach.
Technology keeps evolving in both wonderful and scary ways. Now that so much of our business is conducted online, securing access to business resources has become the most important part of an organization’s security strategy. Zentry wants to make sure that secure access and zero trust security is within reach for every organization out there in the wild, wild web.