NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

VPNs: Will Zero Trust & Improved Secure Architectures Spell the End?

March 5, 2021

  • Blog
  • Archive
  1. Home
  2. Blog
  3. VPNs: Will Zero Trust & Improved Secure Architectures Spell the End?

Virtual private networks (VPNs) have long been an enterprise mainstay. And just as long, there has been debate about their role in providing security, along with facilitating access. But amidst a year of briskly changing workplace staffing restrictions, are VPNs finally approaching their end as a viable business information security tool?


Achieving a Zero Trust Approach to Secure Access: Get the Guide

The Role of VPNs in Facilitating Access

Vendors for years bragged about VPNs providing “enhanced security,” but, do VPNs actually enhance security?

Let’s take a step back for a moment. Everyone is tired of talking about “the new normal.” I don’t mean wearing masks - I mean we’re tired of talking about it and using the term “the new normal.” The remote workplace trend long predates COVID-19, and the impact of COVID-19 was softer in office settings where remote work may have already been an option.

Front-line healthcare workers and restaurant staffers were never going to be able to work remotely. Sure, there’s been some smaller shifts from waitstaff at bars to drivers for DoorDash and some advances with telemedicine, but the brunt of the “remote work” shift has really just been a continuation of an existing trend. That trend actually started in the early 1970s during the OPEC oil embargo, when filling your car with gasoline became extremely difficult.

VPN technology was built to provide access and protect data in transit to outside the traditional company network. It is deployed as more of a business enablement tool than a cybersecurity tool, giving us the ability to extend the company network to users in any physical location - whether home, mobile, on an airplane, in a hotel, or somewhere else. IPSec packets aren’t easily sniffed, and while there are vulnerabilities, IPSec generally does its job and provides strong encryption to ensure the protection of data transmissions.


Give Users Secure Access - Not a VPN: Download Infographic

VPN as an Attack Vector

However, one longstanding problem has been that many businesses use VPNs to grant open network access to employees, assuming the trustworthiness of anyone inside the VPN, including third parties / vendors, office guests, and anyone who can compromise a VPN entry point. That itself is a serious security oversight. In these instances, your security may ultimately only be as good as that as the external endpoint/user you are allowing to tunnel into your environment.

Additionally, in recent years, we’ve seen dozens of VPN vulnerabilities exploited in major business and government breaches. VPNs have become a target, as hackers now know if they can breach a VPN, in many cases, they no longer have to worry about traditional security controls such as firewalls—they now have complete access to a company’s network. Firewalls can’t do much to help block unwanted traffic when you openly grant network access through a VPN. Additionally, VPNs are often misconfigured, creating exploitable gaps for attackers to gain access.

Another issue undermining VPN security is that VPN device and software patching is often forgotten or ignored. Those companies which require VPN access for employees to do their jobs often meet opposition to VPN patching maintenance windows.

Of course, in this era of large-scale remote access, network performance issues around VPNs are also increasingly cropping up, especially when you see many users simultaneously VPNing in.

How to Facilitate Truly Secure Remote Access

Instead of the “castle and moat” security architecture assumption that everything inside the network perimeter is safe, organization’s should carefully understand and plan:

  • what resources should be available inside the company network
  • what users truly need access to those resources
  • a basic policy of least privilege to avoid granting access unless necessary

The zero trust model of refusing access by default to any person or system unless needed, represents a constructive movement towards a more secure architecture. Privileged access management (PAM) is a key piece of the zero trust approach and evolving to the security architecture where you can often replace VPNs.

Tuning your alerts and monitoring, and the ability to isolate things that are truly a big deal, is also an essential piece to establishing the secure architecture we need.

Hackers, or “threat actors” as we sometimes like to call them, aren’t going to wait for cybersecurity professionals to correct their security architecture. For “enhanced security,” consider scrapping the VPN and implementing Zero Trust.

For a more in-depth exploration, check out my on-demand webinar: VPNs: New to the Endangered Species List?


Whitepapers

A Zero Trust Approach to Secure Access

Photograph of Dan Stern

Dan Stern, Vice President of IT, Infrastructure and Services at AirMethods

Dan is a 20-year IT professional having owned a small IT business in Maryland, led fast paced IT teams at Chipotle, Blaze Pizza, and others, and now leads Infrastructure and Services teams as VP of Information Technology at Air Methods. Having a Bachelor of Arts specialized in journalism from Colorado State University and a Master of Applied Science concentrated in Information Systems Security from the University of Denver, Dan uses his experience with communications to help teach sometimes intimidating technology to office workers and college students. In his free time, Dan likes to power down all of the tech toys and simply get lost in the mountains.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Azure PIM vs. BeyondTrust PAM

Whitepapers

The Guide to Just-In-Time Privileged Access Management

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.