Skip to content

The VPN is dead (and goes unmourned)

That’s certainly the case with the not-so-trusty-any-longer Virtual Private Network. At one time a boon allowing secure access to remote resources, the VPN has become a clunky relic of the past, with not even its most heralded advantage holding up too well these days. In its place have emerged alternatives which not only hit that all-too-important convenience factor square on the head, but also achieve improved security. Important when you want your traffic truly ‘private’ as opposed to merely giving that impression. Key among those alternatives is ZTNA – and I apologise in advance for yet another acronym!

First, a quick trip down memory lane. As you’re probably aware, the VPN emerged in the late 90s when a chap called Gurdeep Pall invented the Peer-to-Peer Tunnelling Protocol. Sure, a lot came along afterwards in terms of security, techniques, mechanisms and added protocols, but the point is that in internet terms, VPN is absolutely ancient. The principles of a modern VPN, too, remain essentially the same, as does the purpose: improving the security of the connection itself.

Of course, there’s no trouble with an enduring principle. Maths has stayed the same through the centuries. But when it is superseded, like an electric car over internal combustion, it’s time to move on.

Like a lot of ‘consumer’ technology today (yes, you’re bombarded with VPN ads on YouTube and everywhere else), the VPN started out as an enterprise solution, useful for connecting remote workers ‘dialing in’ to corporate assets. Now, it’s something used by everyday folk looking to bypass geolocked content providers like Netflix, or in a misguided attempt to maintain internet anonymity or avoid hackers altogether. Newsflash: a VPN does neither of these things. Along with consumerisation and popularisation has come something a little less salubrious: increased attention from hackers.

That brings us to the question of the enduring principle and its suitability for today. In other words, if the VPN is dead, who or what killed it?

The answer has a couple of facets, but the biggest one is simple obsolescence. VPN was great for a long time, but time being inexorable and all that it marched on and so has technology. On the one hand, what was ‘simple’ in terms of years gone by, appears awfully complex and clunky compared to modern alternatives. The VPN just doesn’t integrate well with modern systems. On the other, VPNs are increasingly unsuitable for protection against modern hacking methods.

Just punch ‘can VPNs be hacked’ into the search engine of your choice. The answer will be ‘yes’, even if it is hard to do so.

But we also know that with so many users – and a probable view from hackers that those using VPNs have something worth knowing or stealing – that VPNs are a huge target lately. Just this week, Fortinet issued a Common Vulnerabilities and Exposures (CVE) for a critical flaw in its VPN devices. Why? Because it’s not only researchers looking for those vulnerabilities. A quick look told us there are more than 3,800 of those devices in New Zealand alone; until patched, those things are radioactive.

As VPNs fade away (and no, the death won’t be fast…but it is coming), the next question becomes…well, what takes its place? The brief is for fast, secure, and direct access to private applications hosted anywhere. That access should reduce risk and simplify the IT manager’s work. It should also fit within what we expect as a modern user experience; none of the muck around associated with getting into the VPN, then.

As hinted at up front, the answer, broadly speaking, ZTNA. Zero Trust Network Access; more specifically, we are seeing considerable success within our client base with Netskope Private Access (NPA…sorry[again] for ZTNA). ZTNA provides secure remote access based on clearly defined access control policies; it also does so directly, rather than routing via a central point as a VPN does.

There are a couple of key phrases worth picking up on. Zero Trust is the first; readers probably know that this simply means what it says – nobody and nothing is trusted on the network. The second is ‘defined access control policies’. This means no one can access anything unless they are authorised to do so.

I’d encourage you to investigate the limitations of VPNs. While security is increasingly becoming the major issue, things like clunkiness and fitness for purpose warrant examination, too. And take a closer look at Netskope’s NPA – or get in touch. I’d be happy to bring you up to speed.

Facebook
Twitter
LinkedIn

Related Posts

Sometimes the first step in a cyberattack isn’t code. It’s a click. A single login involving one username and password can give an intruder a front-row seat to everything your business does online. This guide looks at how to make life much harder for would-be intruders. The aim isn’t to drown you in tech jargon. Instead, it’s to give IT-focused small businesses a playbook that moves past the basics and into practical, advanced measures you can start using now.
Managed security services provider Advantage is drawing attention to its appointment as an AWS Channel Partner Private Offer partner through distributor NEXTGEN. The agreement makes available various software solutions through the AWS Marketplace platform, enhancing Advantage’s ability to deliver value-added solutions to its clients.
We interviewed Brad Pearpoint about why Cyber Security is a core pillar of Advantage. He talks about the fact that security is a business-critical issue for businesses across all sectors and that every organisation, regardless of size, is facing growing pressures to protect data, ensure continuity of business and meet changing compliance requirements. He outlines how Advantage is responding to this issue with a client-first approach.