IT administrators have been hearing the death knell of the VPN for a few years now. We’ve all seen headlines like “The VPN is dead.” It’s become such a common theme that you’d be forgiven for thinking that we must already be in a post-VPN world. The truth is far more nuanced and important to understand.
Unless you’ve been living under a rock, you know just how quickly our businesses have had to adapt to the reality of Covid-19. Offices are closed, and travel and personal contact may be restricted, but many businesses are still able to operate thanks to the availability of communication and collaboration tools.
This overnight explosion of remote work has put enormous pressure on public networks around the world, causing immense growing pains for video collaboration companies like Zoom, while prompting giants like Netflix to lower the resolution of their content.
The goalposts have moved
Organizations have been shifting to the cloud for a long time. It started gradually, with low-hanging fruit like email and other simple tools. Today, there’s a vast number of online services. Even if it’s just for the sake of disaster recovery, most larger companies today have moved a significant amount of their infrastructure into the cloud, such as letting Microsoft or Amazon run their data centre. In other cases, organizations consume the infrastructure as a service, as is typical with Palo Alto and others.
Taking a longer-term view, mobility is fundamentally changing the way organizations choose and deploy this infrastructure. Cloud services don’t need low-level IP connectivity; we already have ubiquitous access through the cloud and through public interfaces.
With this, the old-school requirements for on-premise domain connectivity and SQL databases have changed where data needs to reside, often leaving very little need for corporations to personally house the data they own.
Sure, there will always be a subset of customers who will require more robust authentication and ownership of their data rather than letting it happen over public interfaces. For those rare cases, a private network rather than a public one will always be necessary.
In general, however, we’re quickly moving away from the walled gardens of the Windows domain, where everything outside wasn’t trusted but everything inside the ‘wall’ was given unfettered access to data. As the traditional perimeter has crumbled, that walled model has also come under intense pressure. The biggest change is the introduction of identity-based tools that form the basis of trust and access.
Under the zero-trust network access (ZTNA) model, we can improve security by establishing very specific parameters related to variables such as the device, its location, the user, the time of day, the kind of data being accessed, and so on.
Only if and when multiple criteria are met would the user be granted access. The best analogy is to say that we are found guilty until we’re proven innocent.
The addition of this ‘trust’ layer is important for a modern workforce because any interface with any interaction is going to be done in the public domain, either over public Wi-Fi or a cellular network. It’s critical that these interactions be authenticated before any data is transferred.
The same but very different
Great. So, is ZTNA right around the corner? Not exactly. For starters, ZTNA is still a relatively new concept. Vendors are naturally making a lot of noise about it, but we have yet to see real-world solutions that live up to the hype.
The reality is, we’re still living in a VPN world. I’m not talking about the crusty old legacy VPNs from 20 years ago, before Wi-Fi and cellular communications became the norm. What I am talking about is a new wave of modern VPNs with contextual smarts to recognize and stop potentially bad actors from getting into a corporate network.
Speaking on behalf of IT admins, we absolutely should try to give end-users the tools they need to get their jobs done efficiently. Admittedly, there’s always going to be some friction between the freedom that users want and the control that IT needs.
The answer is a modern VPN that allows the IT administrator to peer into client behaviour all the way at the edge of the network, enforcing appropriate policies in a granular way. Again, it all boils down to context. Is the user trying to access corporate data?
If so, where are they, what device are they using and where are they sending that data? These are just a few questions that need to be satisfied before trust is given.
Is the VPN dead? Yes, the legacy ‘remote access’ VPN was a one-trick pony. It served its purpose well but just isn’t up to the task anymore. In its place, we have a new, modern, mobile VPN, built from the ground up to provide a much better user experience while keeping us safer and giving IT the power to monitor and control risky behaviour. Before we reach the nirvana of a ZTNA world, the mobile VPN is the next best thing.
Thank Richard Hicks Netmotion