Don Boxley, CEO and Co-Founder, DH2i, tells us how organisations can best address legacy VPN technology security issues.
Network administrators and developers alike need to be more concerned than ever about their connectivity security infrastructure. A 2019 report from Verizon that analysed more than 40,000 security incidents found that the cause of most data breaches could be traced back to the computer networks themselves – and technical deficiencies within these networks.
The findings also highlighted that cybercrime is often quite predictable in terms of how the process is carried out, from establishing access to data, to illegitimately obtaining administrator privileges, to mapping the network and siphoning out the data before anyone is the wiser.
When this happens, the losses can be profound. Verizon’s research found that the more expensive breaches can end up bleeding organisations dry, to the tune of US$100 million. Other studies have reported equally troubling figures, including a 2018 study from Ponemon that found the cost of breaches continues to rise and is up 6.4% to just under US$4 million per breach.
Confusing new world
Yet while the problems are obvious, many enterprises are unsure about the best way to address these security issues. The confusion makes sense, since what used to be relatively clear-cut in a world of physical services and virtual machines has changed dramatically in light of today’s data reality, which involves cloud, multi-cloud and hybrid environments – not to mention mobile, the Internet of Things (IoT) and Edge Computing – all of which greatly exacerbate network vulnerabilities.
In IoT alone, we’re looking at growth approaching 28.5 billion smart devices by 2022, according to Cisco’s 2018 Visual Networking Index, which means billions of smart devices will be using IP networks to communicate.
Machine-to-machine connections are projected to comprise more than half of the world’s global connected devices in the next three years. By 2022, it’s also predicted that the fastest growing IP connection type will be secure cloud native microservice connections.
Such advancements all happening in tandem also create conflicting demands – from expanding requirements to greater responsiveness and disconnected approaches – when it comes to connecting partners and other third parties securely to an organisation’s network.
And this is an important point when you consider that corporate need for secure privileged user access has been expanding more rapidly than the population of the entire planet (7% CAGR versus 1.0% CAGR, respectively), according to Cisco.
Old drawbridge obsolete
The fact is that these new realities have made the past go-to solutions for security and connectivity – particularly virtual private networks (VPNs) – highly insufficient, if not obsolete, on their own.
The old VPN security model, which is analogous to a ‘castle and moat drawbridge’, was designed for a simpler time with a drastically different network environment.
Not only is VPN technology now insufficient to fully protect the types of networks that are more common today, but relying solely on VPN can actually multiply security risks rather than protect data.
In the case of privileged access, VPN leads to slow connections, credential theft and compromised devices, as well as the unnerving possibility of excessive network access by third parties. In the case of cloud native uses, VPN leads to scaling limitations, unreliable connections and a large programming overhead, among other issues.
As a result, if such legacy approaches are used today in settings that they weren’t intended for, a plethora of problems often result.
Companies still cling to VPNs in hopes of a security saviour, but instead find themselves dealing with a long list of headaches, from management complexities, to snail-paced connections, to scaling limitations. Perhaps the most disturbing outcome of continuing to rely on VPN technology without bolstering it is that sensitive data becomes even more vulnerable and costs rise continuously.
Signs of the times
Fortunately, as times change, technology advances – including in the area of connectivity security. Think SDP (software defined perimeter) rather than VPN when you need to address the security issues caused by legacy VPN, as well as cloud-native and privileged user access.
What’s changed is much more than the acronym. In addition to boosting network security, SDP technology also facilitates faster performance and allows for scaling workloads, while supporting open API for integrations, analytics, visibility and compliance.
This is because unlike VPN, SDP technology was designed with the cloud in mind and is built to thrive in hybrid and multi-cloud environments. A multi-cloud-ready solution means secure application data communication to and from any host, regardless of location.
How does SDP achieve all of this? One key is the design, which features encrypted micro-tunnels. By spanning isolated networks, SDP technology can connect containers and also allow secure connections for vendors to designated cloud applications – no VPN required.
The dynamic movement of gateways in the micro-tunnels allows for smart availability, with fault detection and failover baked into the functionality. In some cases, VPN can be enhanced with SDP technology for additional fortification of connectivity security. The bottom line of this new approach to connectivity security is support for what work looks like today – as well as tomorrow.
Click below to share this article
