TLDR: VPNs are passe. It's time to upgrade to a Zero-Trust Network (if you haven’t already) If you are an employee who works remotely, I am sure you have been in this situation. You are trying to access a corporate cloud resource from home, but you can't get past the company's VPN. The experience is horrible- it's slow, hard to connect, and once you're finally in, you can't access half the things you need without back-and-forth Slack messages to the IT help desk. On the other hand, if you are an IT professional who manages remote workers, your users are constantly complaining about the VPN, and you are struggling to keep up with requests to add new apps and services to the corporate firewall. You are running around like a chicken with your head cut off, whitelisting IP addresses to maintaining complex subnet assignments and VLAN segments. You are starting to feel like your job is nothing but granting access to different parts of the network- like a medieval castle guard. If this sounds familiar, then you are not alone. In the age of remote work, access management has become one of the most important- and difficult- tasks for IT professionals. Access Control in the Age of Remote Work The problem is that most Access Management solutions were designed for a world where everyone worked in the office. They relied on things like IP addresses and site-to-site VPNs to control access. But in the age of remote work, those solutions just don't cut it anymore. Today, network security and access control are hard. Users are accessing corporate resources from all over the world. It's hard to keep track of all the different devices, apps, and users on your network. It's hard to know what they're doing and where they're going it. And it's especially hard to ensure they're not doing anything that they shouldn't be doing. But it doesn't have to be this way. There is a new class of solutions that are designed for the age of remote work. These identity-first networking solutions use user and device identities to control access rather than IP addresses. Problems With VPNs VPNs were designed for a different era- an era when network security was based on the perimeter. But in the age of remote work, the perimeter has all but disappeared. The first step in moving to an Identity-First solution is understanding the limitations of your current VPN: : VPNs rely on IP addresses to control access. But when users are working remotely, they often don't have a static IP address. This makes it hard to grant them access to the resources they need. Incompatible with remote work : VPNs provide access to entire networks, increasing the blast radius of incursions. Even worse, by publicly exposing an access point into your network, VPN s may give attackers the ability to identify systems and users on your network. Security issues The biggest complaint with VPNs is the poor user experience. Users have to log in, wait for the connection to be established, and then hope they can actually access what they need. In a battle between user experience and security, security will lose every single time. If you make your users jump through hoops to access resources they need for their jobs, they will find (often creative) workarounds to access the data they need. Poor user experience: . As the number of users and devices grows, so does the complexity of managing the VPN. VPNs are difficult to scale : When you have hundreds or even thousands of users connecting to your network through a VPN, it can be difficult to audit and review who is accessing what. Difficulty in audit and reviewing access With a VPN, it's all or nothing. Users have access to the entire network, which makes it difficult to limit their access to only what they need. Lack of granular control: The bottom line is that VPNs are no longer enough to keep your network secure. It's time to move to an identity-first solution. Identity-First Networking vs. Traditional Network Security Identity and Context-Based Access The biggest problem with the traditional network security model supported by a VPN is that it relies on a static perimeter. There is a clear distinction between "internal" and "external" users. Internal users are trusted because they have been physically verified (e.g., they are inside the building), while external users are considered untrusted and are subject to more stringent security measures. With the rise of remote work, the proliferation of mobile devices, and the increasing use of cloud-based applications, the network perimeter has become increasingly porous. It's no longer possible to rely on the network perimeter as a security boundary. In a Zero-Trust Network, there is no concept of "internal" network traffic. All users are treated equally, regardless of location. Access is based on user identity and context, not on an IP address. This makes it much more difficult for attackers to gain access to resources since they would need to have a valid user account and be able to pass both identity and context evaluation. Granular control over resource access While a VPN creates a secure tunnel between two points, it does not provide granular control over who has access to what resources. A Zero-Trust Network, on the other hand, uses identity and context to make real-time decisions about whether to allow or deny access to a resource. Zero-trust principles One of the biggest issues with VPN is that it is incompatible with Zero-Trust. Access is a security model that requires all users, regardless of location, to authenticate before accessing any resources. The model is based on the following principles: Every request to a private resource is authenticated and authorized based on real-time contextual information (user identity, location, device, risk, etc.). Verify before you trust: There is no such thing as an internal network or an external network. All traffic is treated equally and requires verification. Never trust, always verify: Users are identified, and their actions are logged so that you can audit and review them later. Tie users to their actions: Users are only given the bare minimum permissions they need to do their job. No more, no less. Enforce least privilege: Benefits of Zero-Trust Networking There are many benefits to implementing Zero-Trust Networking, including the following: By implementing multiple layers of security, you can make it more difficult for attackers to penetrate your network. Increased security: Zero-Trust Networking can help you meet compliance requirements, such as those set forth by the GDPR and HIPAA. Improved compliance: Zero-Trust Networking provides a better user experience than traditional VPNs, which can be slow and cumbersome. Enhanced user experience: Zero-Trust Networking simplifies network management by eliminating the need to maintain separate "internal" and "external" networks. Simplified network management: Zero-Trust Networking is the future of network security. It provides a more robust and comprehensive security posture than traditional network security models, and it's easier to manage and maintain. It's time to rethink your access control strategy and move to an Identity-First model that will allow you to take advantage of the cloud, improve your users' experience, and increase your organization's security posture.

The writer is smart, but don't just like, take their word for it. #DoYourOwnResearch

Slack

Why We Are Not Likely to Transition to IPv6 Any Time Soon

Guess Who? Access Management Struggles in the Age of Remote Work

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

AI Is Coming for Content Writing. Here Is Why It's a Good Thing

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

AI Is Coming for Content Writing. Here Is Why It's a Good Thing

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps