Friends Don’t Let Friends VPN

Please stop creating more VPNs... This is NOT the way.

Traditional VPN, which did a good job of separating trusted and untrusted networks, is too antiquated for modern cloud networks and distributed workforces. Companies are fully remote and even have near shore and offshore contractors and employees working on their environments with privileged access, using non-company issued or managed devices. It grants broad access to all systems, which is not optimal for security.

Does everyone need the same access to all systems?

No.

Share with others you think are stuck in their VPN ways…

A More Modern Approach to VPN

A more modern approach to privileged access requires a multi-faceted approach based on:

  • User’s Identity

  • Device Posture

  • Contextual Factors such as:

    • Last 5-10 logins

    • IP Address

    • User-agent

Even then, not everyone would have the same access to every system.

Everyday engineers can have access to systems, but maybe not privileged access.

Those with privileged access, should go through step-up authentication (which takes you through all of the above) before access is granted.

Notice I haven’t even used the word “Zero Trust” yet? Well, I just explained it to you.

Oh, you can also reduce all of the above by making everything stateless and through Infrastructure As Code (IAC). That way, the PR process is how changes are made to production.

To sum up, traditional VPN is not enough to provide secure access to applications and resources for modern cloud networks and distributed workforces. Zero-trust network access (ZTNA) provides a software-defined perimeter that ensures only authorized users and devices can access the network. ZTNA utilizes a multi-faceted approach based on a user's identity, device posture, and contextual factors to provide secure access to the systems they need to perform their jobs. By implementing ZTNA, companies can improve their security posture, reduce their attack surface, and stay ahead of emerging threats.

Share with others you think are stuck in their VPN ways…

Reply

or to participate.