Long considered the standard in the industry, it appears the Virtual Private Network (VPN) is on death’s doorstep after nearly two decades.
While the cybersecurity industry is making great strides with digital transformation, the VPN continues to hold enterprises back. For a time, the VPN was the best way for enterprises to allow secure access from outside their perimeter to their internal resources and data. But along with this digital transformation, comes an increasingly mobile and remote workforce that is reliant upon IaaS apps being hosted in the public cloud.
All of this contributes to a dissolving perimeter, where workers are working off of enterprise networks in the cloud. VPN’s just can’t keep up, either causing friction for remote workers or being wholly ineffective at actually establishing a private secure connection.
These signs all point to the imminent death of VPN. But if the VPN is dead, what is going to take its place?
We’ll get to that in due time, but first let’s touch on some of the specifics of why the VPN is dying.
Why Are VPNs Being Replaced?
The biggest hit to current VPN deployments is coming from the increasingly evident shift away from the dissolving security perimeter, rendering VPNs ineffective.
Many VPNs exist as appliances within an enterprise’s on-prem security stack, backhauling traffic to allow secure access to the network whether employees are on-prem or not. As the traditional perimeter slowly dissolves into the cloud, and the security stack follows suit, there’s no sense in paying for the upkeep of a costly VPN appliance.
This backhauling also causes more headaches for remote workers trying to access enterprise apps hosted in the public cloud. Instead of having direct cloud access they’re routed back through the corporate security stack only to head back out into the cloud. From here it should be obvious that the VPN emerges as a clunky, costly appliance that only hinders a workforce that is becoming more mobile and geographically dispersed.
Considering that the VPN itself is a direct, immediately trusted connection to an enterprise’s network, it can be a most sought out asset to a malicious actor, making it a liability in the wrong hands. If a malicious actor or insider gains access to the VPN credentials, and circumvents security controls that may exist, it positions access to any sensitive data on your network that isn’t otherwise locked down.
So, not only is the VPN a clunky and increasingly outdated solution in a digitally transforming world, but it also isn’t providing the secure network access the modern workforce requires. With the VPN clearly on its way out the time is now to name the worthy successor to the VPN’s thr