VPNs for a Zero Trust Application Centric Enterprise

VPNs have been around for a long time and were created to allow remote workers secure access to the corporate network. The network served as the gateway to resources they needed access to – servers, databases, and more. Since the “tunnel” (or connection) was encrypted any malicious attempts to sniff traffic at the remote network could be thwarted. This notion of granting broad network access started to fall apart when “the network” was no longer a monolith.

The modern network consists of the traditional network, distributed cloud resources and public cloud resources based anywhere in the world. Thus, the VPN is no longer effective as the solution that works across all organizational digital resources. With the explosive growth in a remote workforce and now, an increasingly hybrid workforce, providing secure remote access is key. The solution must be easy to use, protect data and provides an alternative to VPNs.

We Might Have 0 Trust In VPNs

The challenge with granting broad network access, that VPNs are designed to provide, is that users could get access they do not need or should not have. In fact, such access might violate policy and compliance mandates. Broad network access goes against the guideline – provide access only to resources that users need. This is often referred to as the principle of least privilege access.

To summarize, VPNs have the following limitations

1.    Broad access is insecure and incompatible with modern networks

2.    VPNs do not provide data security, protect against data breaches, and are susceptible to evolving methods of data exfiltration

3.    VPNs have become a blind spot in maintaining good security posture

4.    Traditional network security and monitoring tools do not provide the visibility needed

5.    VPNs do not deliver on the best customer experience

Restoring Integrity with Zero Trust

For the application centric and data centric enterprise, there needs to be a Zero Trust VPN replacement. The alternative must address challenges posed by VPNs and provide the basic secure reliable connectivity that VPNs were designed to provide. Here are the key characteristics of a VPN replacement:

1.    Provide secure access to applications plus data that adheres to policy and compliance mandates. Applications serve as the gateway to data, so it is critical that only authorized user access applications and data.

2.    Provide granular visibility and continuously monitor access into all data and applications. With this granular visibility comes the ability to provide a real time response to observed or imputed unauthorized access.

3.    Real time detection and data loss prevention with anomaly detection and user behavior analysis. Alerts should be used to block malicious activity in real time or notify the appropriate systems or people to act.

4.    Prevent malicious traffic from invading organizational resources. A Zero Trust approach ensures that threats from an infected endpoint do not migrate to the cloud, be used to escalate privilege, or spread laterally.

5.    Improve performance and reduce latency. Remote access solutions must support traditional data center and cloud-first applications, reduce latency, increase performance, and contain bandwidth needs. 

6.    Avoid gaps in split-tunneling. A Zero Trust VPN replacement must avoid bypassing essential controls and provide complete visibility into user activity.

What does this have to do with Zero Trust?

A solution that provides data security and adheres to the goals above is often referred to as a Zero Trust solution. It explicitly examines each transaction, without an assumption of trust for the user or the device. It ensures visibility into every aspect of the interaction. It stops malicious and questionable activity immediately, and integrates with your existing application and security infrastructure.

It would be a Zero Trust VPN replacement. At Appaegis we have built a Zero Trust solution that fulfills the need for this and other use cases. You can read more about this by downloading our white paper on this topic.

VPNs are never going to go away completely. There will be situations where they fulfill a specific need. However, for cloud-first application centric organizations that need precision access, granular visibility and data security a Zero Trust approach is critical.

You can read more about the Appaegis approach here

Back to Blog

Related Articles

Appaegis Zero Trust SSH with Vault on the HashiCorp Cloud Platform

All organizations today rely on a mix of internal applications, cloud native applications, and SaaS...

Data Security in a Zero Trust World

General Electric, Facebook, Equifax, U.S. Marshals, Microsoft, MGM, GoDaddy, Amtrak…and the list...

Recap from Black Hat 2021: Data Security Takes Center Stage

It has been a long time since I have been to an in person event. It felt good to be back exchanging...