Unless your company is based on Mars and employs only Martians, your workforce undoubtedly includes remote contractors and freelancers plus all kinds of employees who sometimes work from the office and sometimes don’t. In fact, it is estimated that 70% of employees work off-site at least part of the time.
VPNs were introduced nearly 20 years ago, and are still the most widely accepted solution for enabling secure remote access, whether to on-premise enterprise resources or to applications hosted on public cloud networks.
The VPN extends a private network over a public network and enables operators to transmit and receive information across shared or public networks if the computing devices are connected to the network.
According to recent research, a significant rise in the number of cyber-attacks and the surge in demand for cloud-based security solutions is expected to boost the need for more secure remote access solutions over the next several years.
The whole of North America is expected to maintain the highest level of demand from enterprises for secure connectivity solutions. The need is being fed by the increasing cybercrime rates, strong demand for information technology and demand for secure high-end services.
To date, virtual private networks have been the primary choice by network security managers. VPNs, however, were never designed to address today’s more complex networks, volumes of remote users, and high-risk security scenarios. Consequently, more and more security and network administrators are realizing that VPNs are simply inadequate. Here are three reasons why.
#1- Overly Permissive Remote Access
While remote access is important and growing, it is not very secure. According to an IDC brief, more than 40% of security breaches come from authorized users like contractors, vendors and employees.
So what does this have to do with VPNs? VPNs lack security granularity and provide excessive trust. Once a remote user is authenticated by a VPN, s/he is considered “trusted” and is granted access to more of the network than is required, making network resources overly vulnerable and open to attack.
#2- Complex Onboarding and Management of Users and Resources
Managing the onboarding, offboarding, and tracking of enterprise resources and users is complex. To begin with, today’s distributed networks require that remote workers have secure remote access to dozens of different servers on cloud provider instances. This means deploying, configuring and maintaining VPNs for every instance.
While all of these functions can be covered by a VPN, managing all the use cases requires multiple VPN appliances, each with a policy to maintain and synchronize. In addition, there are network security appliances which need to consider VPN users as well. IT teams end up building dashboards to provide a coherent picture of network participants and the access and security policies that govern them.
Another management hurdle is the onboarding of new remote users. Fully onboarding a new remote contractor can take days or even weeks, slowing down a fast-moving business. IT administrators often find themselves investing precious time configuring and troubleshooting VPN clients.
#3- Poor End User Experience Impacting Productivity
Regardless of the network complexity, remote/mobile users expect and require a simple user experience with a seamless connection to applications and servers. Consider, for example, the issue of concurrent access to multiple apps and cloud servers.
It’s not uncommon for a salesperson working remotely to require access to a manufacturing system in the data centre, a supply chain app hosted on AWS, and a CRM system hosted on Azure.
If the end-user experience using a VPN is an annoying stream of connecting and disconnecting to different resources combined with network latency, then user frustration builds up quickly and productivity suffers.
If VPN Doesn’t Cut it…What Does?
Software-defined perimeter (SDP) solutions provide an option that is a secure and manageable alternative to legacy VPNs for remote work, offering reduced risk, application-specific access, efficient management and consistent end-user experience.
The new generation of SDP solutions offers a transparent and simple user experience. Administrators can onboard each network resource to an SDP platform once and manage all policies centrally in the cloud, avoiding the need to configure and sync across different locations.
Fully-cloud based SDP solutions require little setup or maintenance and operations in the data centre or VPC that you are enabling access to. All of the intelligence, as well as security enforcement, is done in the cloud.
For managed employee devices, an agent-based connection enables the user to work normally, while delivering always-on security, for the Internet as well as corporate applications.
Alternatively, for unmanaged personal devices, and for contractors, partners and customers, a browser-based solution that requires no client or agent installation is ideal.
With an SDP solution, end users can also be freed from the need for repeated, multiple VPN connections when they want to access apps located in different locations. One connection provides access to the needed applications, wherever they are.
About the Author
Chen Nisnkorn is a full-stack technology leader with a background in R&D, Sales, SE, and CS focused on building long term relationships with customers ranging from Fortune 500 companies to start-ups. To learn more, download a detailed whitepaper on the subject.