A VPNs may be a step in the right direction, but it isn’t the be-all and end-all when it involves security and falls short in some ways.
In the blink of an eye fixed, everything changed. March 2020 marked an enormous shift within the way we approach remote work and therefore the infrastructure needed to support the long term of business. consistent with Gartner’s recent CFO survey, 74% of organizations will move a minimum of 5% of their previously on-site workforce to permanently remote positions following the pandemic. within the very near future, remote work is going to be the norm instead of the exception, necessitating a shift in how we approach security.
The reality of the fashionable, mobile-enabled workplace is that we’d like to travel where the users are — an approach that needs security measures beyond virtual private networks (VPNs). While a VPN may be a step in the right direction, it isn’t the be-all and end-all when it involves security and falls short in some ways. Here are four challenges I see with traditional VPNs:
1. VPNs Are Physically Limited
Traditional VPNs typically have an on-premises appliance that’s constrained by hardware within the number of users which will be supported. Many businesses determined specifications for his or her VPN appliances using remote work statistics from a few years ago, leaving them unprepared for the surge in teleworking that occurred when COVID-19 hit. VPNs are failing and corporations are struggling to work out the way to scale to support numerous users. Organizations are resorting to creative approaches, like limiting VPN use to pick workers, purchasing a secondary solution, enforcing inconsistent policies, etc. — but these aren’t viable long-term strategies.
2. VPNs Fail to Balance Productivity & Security
The age-old debate over productivity and security rages on, and VPNs don’t provide a workable solution. Do organizations enable productivity and permit access, effectively endangering security? Or is all traffic routed through the safety infrastructure so it are often filtered, overloading the VPN, Web gateways, and firewalls, while negatively affecting productivity due to the resulting substandard user experience? Ask VPN users and they’ll tell you about getting half the work wiped out double the time. Then there are the IT pros who relate countless samples of employees who’ve infected their corporate laptops with malware or compromised sensitive information by failing to use appropriate security measures. With traditional VPNs, the war between productivity and security has no resolution.
3. VPNs come short on Mobile
VPNs were designed to use a protocol that’s resource-intensive on the setup — it takes a touch of your time to attach, but the idea is that the connection will stay alive for the duration of the user’s needs. This all changes with mobile. whenever your device goes to sleep otherwise you change networks, the VPN gets interrupted and has got to reconnect. Furthermore, mobile apps aren’t built to be VPN-aware; when the VPN has got to reconnect, app responsiveness suffers and user experience suffers. Consider this: Wandera finds that typical knowledge workers will engage with their mobile device almost 100 times during a typical day — that’s 100 times each day the VPN has got to reconnect and 100 instances of a foreign worker who can’t be productive. For businesses, time is money, in order that wasted time translates into lost revenue.
4. VPNs Aren’t Built for the fashionable Workforce
In today’s business ecosystem, various remote users are making choices for his or her own devices and collaborating with individuals outside of their organizations. The way VPNs are managed within the past is via certificates that sit on the devices and are wont to initiate a session. Access to the organization’s infrastructure is granted via access to the certificate and, therefore, VPN use is usually restricted to company-managed devices. this suggests that BYOD devices and people employed by contractors or partners are often unable to utilize the company’s remote access tool.
According to a 2016 research report, the typical company’s network is accessed by 89 different vendors — contractors, partners, freelancers, etc. — hebdomadally, a figure that’s likely grown given the rapid digital transformation across industries. These third parties aren’t ready to access the corporate VPN given they need devices that are not managed by the company, yet they often have access to sensitive information or collaboration tools. Beyond third-party risk management, the surge in remote work spurred by coronavirus has seen organizations shifting their policies toward lenience. Countless organizations tried and did not supply employees with approved corporate devices, forcing many to rethink their BYOD policies and take a “whatever you’ve, make it work” approach to remote work. And this explosion in unmanaged, insecure devices opens organizations up to countless threats.
As companies transition to the cloud, an enormous part of that shift involves moving to software-as-a-service applications. In today’s world, corporate information isn’t on the private network anymore — some assets still live behind firewalls, but most users and therefore the most usage is already on the web. this needs a replacement way of thinking and a replacement approach to security — that’s, cloud-based security. [Editor’s note: The author’s company is one among the variety that provides cloud-centric security.] instead of the normal VPN, organizations need cloud-based protection for traffic filtering and mobile-friendly traffic vectoring that does not break modern applications that are running on any device getting used for remote work, whether it is a Windows 10 laptop, a MacBook, an iOS tablet, or an Android smartphone. Organizations still need filtering and therefore the ability to supply access control to applications, but those protections must move to the cloud to organize for the business of the longer term.