Perimeter-based virtual private networks (VPNs) are deployed globally for secure employee and contractor access to corporate networks because they are a traditional part of the firewall infrastructure deployed in every data center. However, interest has been heating up around software-defined perimeter solutions (SDP) as a more compelling alternative for secure user access. Perimeter-based VPNs have well-known shortcomings that are leading some IT organizations to explore alternatives, including software-defined perimeter solutions.
The following is a list of the top ten reasons why enterprises are advised to rethink secure user access in light of the innovations in security, scalability, reliability, and flexibility offered by a software-defined perimeter.
1. Traditional VPN security issues. Enterprises have become more vulnerable in this era of worker mobility and cloud migration, making it harder to effectively secure the perimeter. Traditional VPN access is overly permissive, granting remote workers access to more of the network than is required to complete their tasks. As a result, network resources are unnecessarily visible, overly vulnerable, and open to attack.
2. Zero-trust remote access for users, isolation for the network. SDP solutions have several security advantages over VPNs. First, there are no trusted zones. The IT administrator must grant users explicit permission to access specific applications. Beyond these designated one-to-one connections that are created for user devices, all other network resources remain isolated from view and completely invisible. Some SDP solutions allow continuous authentication and verification of the user and/or device at the packet level using identity-based networking technology. Security isn’t left to chance; all network traffic is logged for audit and investigation.
3. Unreliable end-user experience. For anyone who has used a corporate VPN, slow and unreliable performance is common. If you use applications in multiple locations, then you’ll face the aggravation of having to repeatedly connect and disconnect—and of course you have to keep track of where you are connecting to, based on the app you need.
4. SDP – Connect once and access everything you need. With the right SDP solution, end users connect once to gain access to the required applications, wherever they are, for a better user experience. For unmanaged personal devices and for contractors, partners and customers, an agent-less browser-based solution allows access to applications as simple as possible.
5. Administrative headaches. Whenever cloud migration is involved, VPN management balloons in complexity, leaving IT administrators to configure and sync VPN and firewall policies across multiple locations. This makes it even more difficult to eliminate unwarranted access.
6. VPN configuration on-site compared to SDP “as-a-service” approach. Compared to the complexity of configuring VPNs in every data center and cloud instance, administrators can onboard each network resource to an SDP platform once and manage all policies centrally in the cloud. Another advantage of a fully-cloud based SDP solution is that there is little to setup or maintain in the data center or virtual private cloud (VPC) that the administrator is enabling access to. All of the intelligence as well as the security enforcement is done in the cloud.
7. Lack of affordable scaling. As organizations require additional user connections and deployments across multiple cloud instances, VPN/firewall costs escalate rapidly due to the need for additional licenses and more powerful appliances. Scalability comes at a significant price.
8. Unlimited growth potential. With a cloud-native SDP solution, expansion is never an issue. Regardless of the number of users that need to connect or volume of applications that need to be accessed, SDP solutions have the ability to seamlessly scale in the cloud, bypassing the need for expensive hardware.
9. Flexibility, at a cost. VPNs offer flexibility since they can be used to connect multiple sites, datacenters, and virtual private clouds (VPCs). However, these connection options can be resource-intensive and drive up costs.
10. Connect anything, without complexity. Software-defined perimeter solutions enable more efficient connectivity to the IT resources required by employees without the cumbersome management requirements or mounting hardware costs.
Dealing with the realities of network security in general and secure access in particular is moving cloud-forward organizations toward software-defined perimeter solutions. SDPs enforce a customized policy for each user device that provides whitelist access to specific applications and network resources. All other resources remain invisible, reducing the potential surface for attackers. Combine this with people-centric, manageable, ubiquitous, secure and agile access, and the benefits provided by SDP solutions far outweigh traditional on-premise VPNs.
About the Author:
Etay Bogner is the CEO and co-founder of Meta Networks, a technology leader focused on helping organizations to rapidly provide secure remote access for employees, contractors and partners to corporate applications and the Internet through a software-defined perimeter.