Many enterprises still use virtual private networks (VPNs) to provide business partners and other third parties with infrastructure and data access. One reason they select VPNs is under the assumption that this technology creates secure endpoint connections. But how accurate is this assumption in today’s work environment, where the action no longer all takes place in on-premises settings but across multiple/hybrid clouds, sites and domains to a wide range of distributed clients and applications?
VPNs may sound like they’re designed for enterprise-level security because they have “private” as their middle name. But let’s examine this assumption more closely to separate fact from fiction in a world that no longer features just physical servers and virtual machines (VMs), but a mix of on-premises with both public and private Clouds.
Are Virtual “Private” Networks (VPNs) Entering Obsolescence
In yesterday’s non-cloud environment, the type of traditional perimeter enterprise security that VPNs offer – direct-link approaches like opening up firewalls – made sense. But in the new IT reality, each additional IT setting mentioned above in a multi-cloud world boosts your enterprise’s chances of exposing sensitive data or ending up in the headlines as part of the latest security breach.
VPNs have consequently become high-security risks for the enterprise, creating privacy and security vulnerabilities just ripe for hackers to exploit for a number of reasons that include:
- VPNs create an unprotected attack surface. They effectively open up a “slice of the network” to users, instead of just giving each individual access to the apps and info that person needs.
- You can’t reduce attack surfaces with VPNs. Because of a VPN’s network-level segmentation and inability to segment at the application level, networks are less protected.
- More attack surfaces are created by inbound connections. Denial of service attacks are just one example of this.
- VPNs are complex to configure. Remote access with a VPN requires a number of elements that increase risk of security problems, from dedicated routers to access control lists and firewall policies.
VPNs not only make enterprises more vulnerable to lateral attacks (strike one), but they also are more expensive (strike two) and more cumbersome (strike three) to maintain.
SDPs: Solving Security for the Modern Enterprise
If VPNs are effectively “out” with the three strikes above, what can enterprises do to redress the challenges that have arisen from expanding the data ecosystem across remote environments? A more effective security answer lies in a Software-Defined Perimeter (SDP) approach, which achieves “zero-trust” security in hybrid and multi-cloud environments.
SDP provides security through “micro-perimeters,” which are micro-tunnels that allow administrators to segment by application rather than by network. The biggest advantage of this is that it significantly decreases the threat of lateral network attacks that are so common with VPNs. By setting strong limits on how remote users can access the network – allowing each third party access only to the exact information and applications needed – SDP avoids having to use high-maintenance access control lists and firewall policies.
SDP technology also allows a degree of “invisibility,” if you will since gateways can communicate via the user datagram protocol (UDP). Since this approach requires just one UDP message channel between gateways, no ports are left open, which handily eliminates the possibility of surfaces being left exposed to attacks.
Some SDP solutions also allow enterprises to use app-specific micro-tunnels to tie together workloads spread across multiple clouds, solving the networking configuration nightmares often experienced with VPNs. By being multi-cloud enabled, enterprises gain the advantage of reducing risk in case of outages, and can shift operations as needed from cloud to cloud. When comparing SDP solutions, it’s also important to find one that allows the micro-tunnels to continuously locate their best execution venue in an “always-on” application infrastructure.
VPNs are failing to adequately protect enterprise data in a more hybrid, heterogeneous world of multi-cloud settings. By leveraging SDP technology, enterprises can deploy a secure perimeter around trusted users – and protect gateways and network data transfers alike from unapproved usage – effectively shrinking their network’s attack surface.