What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the virtual private network (VPN) — intersects with it.

Why VPN Is at Odds With Zero Trust Network Access

VPNs have been falling out of favor for some time. That’s because of the way in which the corporate network has changed. Many businesses are now using a hybrid cloud model where employees can access corporate systems and data that could be stored thousands of miles away.

Traditional VPNs can still create an encrypted connection tunnel between those employees and on-premise business systems. But as they need to route users through the physical corporate network infrastructure, these solutions tend to be slow and not user-friendly. This has become even more apparent in the age of extensive remote work.

There’s also the issue of security. Nowadays, many remote employees are using VPNs to access corporate assets from a variety of devices while at home. Others work from a public place, including a library or coffee shop, when it’s safe to do so. Digital attackers might have already compromised those devices or the Wi-Fi networks to which they’re connected. They might have even compromised the user themselves by stealing access to their work account. Zero trust network access can handle this, but a traditional VPN can’t.

That’s because traditional VPN solutions don’t vet for those kinds of compromises. They’re designed to do one thing: provide a direct, trusted connection right past all perimeter defenses. Threat actors know this, which is why they can leverage an account compromise with a VPN to hide within the corporate network for as much time as possible.

VPNs in the Age of Zero Trust Network Access

In response to the risks discussed above, many organizations are turning to zero trust network access as a means to secure users, devices and applications on an ongoing basis.

There’s been a lot of talk lately about how zero trust will change the way in which many security tools function. For example, the zero trust model does not portend the death of the firewall, despite worries. It merely uses ‘segmentation gateways’ that combine the functions of firewalls and other tools. Zero trust enables you to enforce trust between approved users, devices, apps and other assets.

Where Software-Defined Perimeters Fit In

It may not be the death knell for firewalls, but it is pushing out VPNs. They’re being replaced with a software-defined perimeter (SDP).

The idea behind an SDP is to stop equating the perimeter with the data center, as was the case with traditional VPNs. Instead, you want to think of the perimeter as a solution that goes wherever the device goes. This type of arrangement dispenses with the blanket authorization granted to users by traditional VPNs.

Instead it gives out zero trust network access. Verified users and their devices receive access only to what they need to perform their jobs. This enforces the principle of least privilege, another core tenet of zero trust, by default. Therefore, it makes the notion of moving laterally between corporate systems much more difficult for a potential attacker.

That’s not the only way in which an SDP is different from a traditional VPN and supportive of a zero trust mindset. For example, many SDP offerings use a global network of points-of-presence to reduce latency and optimize data routing. This helps to create a smoother (and more productive) gateway for any users who might need access to the corporate network.

Keeping in mind the fact that many offerings come with a fixed price per user regardless of how many network resources are in play, you can also use an SDP to scale up zero trust network access as your business grows and evolves.

A Bright Future for Next-Gen VPNs

Traditional VPNs might have outlived their utility amidst more distributed networks. But that’s not so for next-gen VPNs like SDPs. In fact, the Cloud Security Alliance reported that the SDP is “the most effective architecture for adopting a zero trust strategy.” No doubt we’ll see more organizations turning to these types of solutions as zero trust network access adoption continues to grow.

More from Zero Trust

Zero Trust Data Security: It’s Time To Make the Shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

4 min read

How Zero Trust Changed the Course of Cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

4 min read

SOAR, SIEM, SASE and Zero Trust: How They All Fit Together

4 min read - Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

4 min read

Contain Breaches and Gain Visibility With Microsegmentation

4 min read - Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

4 min read