NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Rethinking Remote Access Security: Can Zero Trust Replace VPNs?

May 7, 2021

  • Blog
  • Archive
  1. Home
  2. Blog
  3. Rethinking Remote Access Security: Can Zero Trust Replace VPNs?

Virtual Private Networking (VPN) has been at the core of remote access solutions for years. VPN is well understood by IT, but it can be complex to deploy and secure. And the global health pandemic has helped to expose some of its shortcomings. VPNs don't always scale well to meet increasing demand. As many organizations have discovered, VPNs can reach capacity quickly, preventing users establishing new sessions and providing a poor experience for users who are already connected.

As hackers focus their efforts on remote workers, providing all-or-nothing remote access to corporate networks increases risk, especially where IT staff and external contractors need privileged access. Gone are the days when hackers are on the outside and users on the inside of a corporate network. All access requests should be treated as potentially malicious because intranets aren't a secure fortress.

As organizations look to provide ways to secure and deploy remote access solutions to an ever-growing number of employees, many are turning to zero-trust models to replace aging VPN solutions. Zero trust can be less complex to deploy and maintain than VPN. And by design, zero trust solutions are more secure, reliable, and better performing.

What is the zero-trust security model?

The zero trust security model was developed by former Forrester analyst John Kindervag more than 10 years ago. And since then, it has gone on to be adopted by Microsoft, Cisco, Palo Alto, Symantec, and many others. More recently, NIST and National Center for Cyber Security Excellence have published a document called NIST SP 800-207 Zero Trust Architecture.

The primary concept of zero-trust security is:

“Every user and connection should be verified before accessing IT resources, regardless of where the connection originates.”

Zero trust improves security by requiring secure and authenticated access to all resources. And least privilege is used to limit access to only the resources that users require to do their jobs. When organizations reach full zero-trust maturity, they must inspect and log all activities using Security Information and Event Management (SIEM) systems like Azure Sentinel and Splunk.

How security vendors help enable zero trust

Security vendors, such as BeyondTrust and Microsoft, let users access corporate assets using single sign-on and multifactor authentication without needing to establish a VPN connection. These zero trust solutions can replace VPN and reverse proxies. Microsoft’s Application Proxy service runs in the cloud and network traffic is terminated at Microsoft's servers. Likewise, BeyondTrust takes the same approach with their Privileged Remote Access solution. Organizations just need to deploy one or more on-premises connectors or endpoint agents so that the cloud services can connect to intranet-based assets.

Privileged Remote Access and Application Proxy simplify remote access because they don't require inbound connections from the Internet. All traffic is outbound on ports 80 and 443. A DMZ isn't required, but if organizations choose to deploy one, servers in the DMZ don't need to be joined to a domain. And because both solutions are cloud services, Microsoft and BeyondTrust each manage security, high availability, scalability, and distributed denial-of-service (DDoS) protection.

7 steps to zero trust maturity

To help organizations implement zero-trust security solutions, Microsoft promotes the following 7 steps to full zero trust maturity:

  1. Secure identity with zero trust
  2. Secure endpoints with zero trust
  3. Secure applications with zero trust
  4. Secure data with zero trust
  5. Secure infrastructure with zero trust
  6. Secure networks with zero trust
  7. Provide visibility, automation, and orchestration with zero trust

The first two steps are the most important to implement initially:

Secure identity with zero trust: Multifactor authentication and passwordless sign-in both provide strong authentication for user identities. Azure AD evaluates risk factors during user logon sessions, and it provides real-time sign-in risk detection.

Secure endpoints with zero trust: Devices should be compliant with corporate policies before users connect to applications. Mobile Device Management (MDM) enrollment with Intune and Azure AD Conditional Access policy ensure devices are healthy and compliant before remote connections can be established.

Zero trust - next steps

While VPNs have their place, that scope is getting smaller and smaller. Zero trust is more secure, reliable, and flexible, while also providing better performance than VPNs. If privileged users need access to remote systems, zero trust can protect systems better by providing the necessary checks, session monitoring, and analysis of log data at every step. Least privilege security is also important to apply to deliver adequate protection against today's threats, regardless of which remote access solution you deploy.

To learn more, check out my on-demand webinar: Is VPN Dead?


BeyondTrust provides secure remote access, without a VPN, and helps organizations align with zero-trust initiatives. Learn more:


Whitepapers

A Zero Trust Approach to Secure Access

Whitepapers

How to Achieve the NIST Zero Trust Approach with Unix & Linux Remote Access

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Photograph of Russell Smith

Russell Smith, IT Consultant & Security MVP

Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.

Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Azure PIM vs. BeyondTrust PAM

Whitepapers

The Guide to Just-In-Time Privileged Access Management

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.