Too soon? You might have guessed that if this question is being asked by tech pros, the answer is probably yes. I recognize this might be unwelcome news for many. A VPN, or Virtual Private Network, looked like the clear choice for a lot of companies looking to accommodate hybrid and remote workplaces safely. It promised more privacy, so users’ activity would be hidden, even when using public WiFi.
VPNs seemed ideal, but just like many fads, what seemed to be too good to be true turned out to be exactly that. Here are some alarming statistics: 93% of organizations use a VPN service now, but 94% of organizations are aware it’s a target for cybercriminals.
So…Are Virtual Private Networks Obsolete?
They aren’t perfect, and they may not be the best choice long-term, but they aren’t entirely useless either. VPNs first arrived in the ’90s, but like most 1990s tech, they’re not equipped to protect against modern threats. It doesn’t integrate well with other systems, and its best feature — private access to corporate systems — is now better accomplished with zero-trust architecture.
That said, the best network for your organization depends on who’s using your network, how, where, and for what.
Four Things To Consider Before Investing in a VPN
1. Adaptability
While VPNs can help accommodate work from anywhere, they’re cumbersome, and adjustments are time-consuming and sometimes expensive. If you anticipate the need to scale your staff up or down to adjust to economic volatility or employ new tools, a VPN may not be your best choice.
2. Location, Location, Location
Depending on where you’re connecting from, if you use a VPN, your connection could be slowed down significantly due to your physical distance from the systems you’re accessing.
3. Cybersecurity
VPNs still have value, but they aren’t the be-all-end-all they were historically considered to be. They provide privacy to credentialed users, but hackers have proven they can extract legitimate credentials or exploit vulnerabilities to gain entry. In theory, VPNs are private, but in practice, they’re not a guarantee. Plus, their defenses aren’t layered, so they’re no match for modern cybercriminals. Once a hacker makes their way inside, they are often free to do their worst. VPNs don’t do a good job of identifying or halting an existing intrusion.
4. Ease of Use
Unfortunately, VPNs aren’t as easy to manage, troubleshoot, or support. In many ways, VPNs are like landlines. They are a perfectly useful technology that just doesn’t meet today’s requirements.
VPN vs. Zero Trust
Unlike a VPN, and like its name suggests, a zero trust framework doesn’t automatically trust users that have made their way inside a security perimeter. Instead, it takes on an “assume breach” mentality, regards every user with perpetual suspicion, and requires more frequent user authentication. In addition to the “assume breach” principle, zero trust architecture also values limiting user privilege to only access the resources necessary to do their jobs. This principle is called “least privilege.”
Zero trust architecture was considered the gold standard of cybersecurity in the early 2010s. But the pandemic, the rise of remote work, and the resulting escalation of cybercrime have led to more widespread adoption.
How Does a Zero Trust Framework Operate?
When a user attempts to log in to a system or an app, a zero trust network quickly evaluates risk by asking who, what, when, where, and why. In milliseconds, it is able to make an assessment and grant or deny access accordingly.
Help Setting Up Zero Trust Architecture
Marco’s approach to technology is holistic, and we don’t rely on cookie-cutter solutions. “Normal use” for one organization may look completely different for another. So we work with clients to help their network authenticate legitimate users quickly and easily while putting up fierce resistance to hackers.
Cybersecurity these days isn’t for the faint of heart, and staying on top of current and emerging threats is difficult for any company that’s still struggling to keep up with patches, seismic shifts in telecommunications, and more. Even if you already have a fully-staffed IT department, if they could use some assistance on an ongoing basis, or just for certain projects, we’re here to help.