The ever so vulnerable VPN gave remote workers the sanctity of safety with a secure tunnel into the enterprise network. Unfortunately, the same VPN is on the face of extinction. Why? Because enterprises are migrating to a more granular security framework that is agile, which is better adapted in today’s digital world.
The core of the VPN strategy is based on the notion of a network perimeter that trusted employees are on the inside, and the not so trusted ones should be on the outside. But this notion does not work anymore as for the mobile employees, as per the modern working environment, the network can be accessed from anywhere because now corporate assets don’t reside behind the walls of enterprise data but in multi-cloud environments.
Gartner predicted that 60% of the enterprises would phase out their VPN by 2023 entirely in favor of zero-trust network access.
Why is VPN dying a slow death? There are several flaws associated with the perimeter-based approach to security. It doesn’t address third party vendors, supply chain partners, neither does it do anything to detect inside attacks. If, by any way, the hacker has someone’s VPN credentials, he can access the network and roam free.
VPNs over time have become extremely problematic to manage with their clunky, outdated architecture. At a more fundamental level, if we look at security, they will know that whatever is being done isn’t categorically working to keep hackers at bay, and perimeter-based modeling is the first one to take the bullet. As per the Principal Analyst of Forrester, VPNs are built on a house of cards, so if one thing fails, everything becomes a victim.
Security vendors have started embracing zero trust
Even though zero trust has been around for a decade, it started garnering interest and enterprise adoption since 2018. According to a survey by Gartner, the adoption has been only 13%, as vendors have been slow to set it up.
To mention a poster boy story of success for Zero Trust adoption way back in 2014 is Google. It announced that it had invested enormous amounts of time, energy, and resources building its zero-trust implementation. Unfortunately, the other enterprises could not follow suit because… well, they aren’t Google!
Fortunately, zero trust is now gaining traction with vendors adopting it from all angles because enterprises need catching up to this vision. For example, Forrester Wave, for what is now called the Zero-trust Extended Ecosystem (ZTX) includes a next-gen firewall vendor Palo Alto Networks; Akamai Technologies as a managed services provider; Okta for the identity vendor management; Symantec, the security software leader; the micro-segmentation specialist Illumio; and access management vendor Centrify.
I also don’t want to leave out Microsoft, Cisco, and VMware as they all have zero trust offerings and are classified as strong performers.
So how do enterprises that have already spent large bucks on defining perimeter defenses suddenly shift gears? When it comes to concerns about security, enterprises don’t mind shifting any number of gears.
To know more, go through our latest whitepapers on Security.