The venerable VPN, which has for decades provided remote workers with a secure tunnel into the enterprise network, is facing extinction as enterprises migrate to a more agile, granular security framework called zero trust, which is better adapted to today’s world of digital business.
VPNs are part of a security strategy based on the notion of a network perimeter; trusted employees are on the inside and untrusted employees are on the outside. But that model no longer works in a modern business environment where mobile employees access the network from a variety of inside or outside locations, and where corporate assets reside not behind the walls of an enterprise data center, but in multi-cloud environments.
Gartner predicts that by 2023, 60% of enterprises will phase out most of their VPNs in favor of zero trust network access, which can take the form of a gateway or broker that authenticates both device and user before allowing role-based, context-aware access.
There are a variety of flaws associated with the perimeter approach to security. It doesn’t address insider attacks. It doesn’t do a good job accounting for contractors, third parties and supply-chain partners. If an attacker steals someone’s VPN credentials, the attacker can access the network and roam freely. Plus, VPNs over time have become complex and difficult to manage. “There’s a lot of pain around VPNs,” says Matt Sullivan, senior security architect at Workiva, an enterprise software company based in Ames, Iowa. “They’re clunky, outdated, there’s a lot to manage, and they’re a little dangerous, frankly.”
At an even more fundamental level, anyone looking at the state of enterprise security today understands that whatever we’re doing now isn’t working. “The perimeter-based model of security categorically has failed,” says Forrester principal analyst Chase Cunningham. “And not from a lack of effort or a lack of investment, but just because it’s built on a house of cards. If one thing fails, everything becomes a victim. Everyone I talk to believes that.”