Why VPNs Are Out and Zero Trust Is In

Zero trust assumes that all users and devices are suspect and assigns role-based access to resources.

Before the COVID-19 pandemic, most companies equipped their few remote workers with virtual private networks (VPNs), but now that a permanently hybrid workplace has become the reality for a large segment of the workforce, IT security teams are changing their strategy. Zero trust is being adopted as a policy to offer broad security coverage across widely dispersed teams.

Companies need to ensure that their teams can securely connect to corporate resources, allowing them to be productive from any location. Complicating this task even further is the involvement of personal devices, in part because of employee choice through bring-your-own-device (BYOD) programs. IT security teams are under a lot of pressure to support a wide range of devices all trying to access the network.

And more companies are investing in cloud-based solutions in addition to still utilizing on-premise software, making the network environment a complex place. Some teams are determining that there is no longer a place for the vulnerabilities of VPNs; a broader solution must be applied.

VPNs were appropriate when companies had just a few remote employees, but their use is becoming outdated. They can’t keep pace with the needs of a widespread team, and they don’t offer the security necessary for remote work.

Network administrators can no longer assume that the devices employees are utilizing are secure – whereas in the height of pre-pandemic VPN use, administrators knew the network, device, and user. But as the pandemic sent full teams to remote work, administrators no longer knew whether the device connecting with the VPN was trustworthy, or if it had been patched or updated, allowing for significant security vulnerabilities.

Applying Zero Trust Policies

When security teams consider elements introduced by the pandemic, such as widespread personal device use, ongoing hybrid environments, and the increasing adoption of cloud-based technology, a new approach is needed.

Companies are adopting what is called zero trust network access. Sometimes shortened to ZTNA, this name represents not a single device or technology, but more of a strategy and mindset about how to secure a network that no longer has an identifiable perimeter.

Zero trust assumes that every device and user is a security threat. It combines policies like multi-factor authentication, role-based access to resources with technologies such as Secure Web Gateway, Next Generation Firewall, and virtual networking solutions such as software-defined wide area networking (SD-WAN).

Each business organization will implement different combinations of strategies and tools to effectively apply zero trust, and for most it will be more of a journey than a quick project implementation. But with the right zero trust policies in place, security teams can ensure that their employees can truly work securely from anywhere and at any time.

To learn more about implementing zero trust policies for your company, contact us at ITBroker.com. We can assist you in determining areas of vulnerability and future-proofing your network security so that it grows to meet the needs of your organization.