Thursday, November 21, 2024

Tech News, analysis, updates, comments, reviews

VPN limitations leave opening for ‘zero-trust’ tech

Gartner sees a growing interest in ‘ZTNA,’ as employees work from home.

Virtual private network (VPN) usage soared in March 2020 as employers sought to connect a growing number of homebound employees to company resources.

But limitations of VPNs—namely, drawbacks in security and scalability—have left an opening for a technology area known as “zero-trust network access” (ZTNA), according to industry consultants.

VPN’d

While a VPN provides an encrypted tunnel to a network, its benefits don’t always impress IT pros.

  • Scalability: The road gets crowded—and network performance potentially degraded—when a whole work-from-home workforce bottlenecks to the same destination. “If you’re going to scale big and you’re going to want lots of people coming in remotely, there are much more cost-effective approaches,” said Dan Lohrmann, field CISO at the IT services provider Presidio.
  • Security: A tunneled device is not within your direct control, said Paddy Harrington, senior analyst at Forrester. “Sure, business traffic goes down the VPN, but internet traffic heads out my home network,” Harrington told IT Brew. “Well, what else on that home network could jump onto my device and then go on across the business network?”

Gartner sees a growing interest in the area of technologies known as ZTNA.

“Most organizations adopting ZTNA services are looking beyond VPN approaches due to the spike in remote working, combined with unmanaged device usage,” the consultancy said in a report updated in April 2022.

ZTNA: not a warrior princess

‘Zero trust,’ according to Forrester, is an information security model that denies access to applications and data by default, where “Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices.”

In other words: User access is limited to explicitly authorized applications.

If a VPN is the tunnel that hides your car, zero trust sends a few boxes from the trunk rather than the whole Buick—directly to the person on the other side, while checking along the way to make sure that what’s said to be in the boxes is really in the boxes, said Harrington, who considers ZTNA to be a “really good” replacement for traditional VPNs.

“It’s connecting at an application level, versus at a device level,” Harrington told IT Brew. “So, it’s not just saying ‘you can only get to web apps,’…it’s saying, ‘If I’m going to set up a connection from your endpoint to the business network, it’s going to be restricted to this particular application, talking to this set of application servers in this set of data in this location.”

Gartner estimates that by 2025, at least 70% of new remote-access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.

Many technology options support a zero trust model, including software-defined wide area networks (SD-WANs), secure web gateways (SWGs), and cloud access security brokers (CASBs), said Lohrmann, but identity is central to the concept: “Who are you? What can you access? What are you authorized to access? What are you accessing? And then monitoring all around that.”

A VPN isn’t really following zero-trust principles at all, said Lohrmann: “It’s just giving you a point-to-point secure encrypted connection.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

The Tor Project + Tails, A Game-Changing Merger for Privacy Advocates

In a significant development for digital privacy enthusiasts, the Tor Project and Tails have merged their operations, uniting two of the most trusted tools in the fight against online surveillance. This merger, announced this month, combines the power of...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.