While useful for creating a window into the internal business network, existing virtual private networks (VPNs) struggle from several challenges.
Even the initial setup of configuring an employee’s endpoint and teaching them how to run the VPN client can be daunting.
Once they are in, businesses still need to ensure there are enough resources for all of their remote employees and guarantee that the employee signing in remotely is who they claim to be.
“Ensuring that a VPN is sufficient to handle an entirely remote workforce is challenging. Most corporate VPN networks were designed with the assumption that only a small fraction of staff would be remote at any given time.
They were built with hardware and bandwidth to accommodate the estimated loads.
This was the most cost-efficient way to allow remote access when needed, since redundant hardware and bandwidth that is unused is a wasted expenditure,” says Paul Stuttard of Duxbury Networking, local distributors of Ananda Networking technology solutions.
Stuttard points out that staff is required to maintain the hardware and network connections and guarantee they are operational at all times.
“This is not a simple set-and-forget system. If hardware fails or the network connection goes down, all users will lose access. When all employees are remote, this is a complete breakdown in productivity across the company and frustration.”
Once a user is in the VPN, they can access the entire internal network even if they only need a few resources.
This makes the VPN a prime target for attackers as all they need to do is steal credentials from an existing user.
According to Verizon research, this attack is quite common, as 37% of breaches used lost or stolen credentials.
When credentials are stolen, there is no easy way for a business to know that the user connecting is actually an attacker with stolen credentials.
Once they are in the VPN, they generally have broad-reaching access to the internal network.
Leaving such wide access is a violation of the principle of least privilege and increases the attack surface for an attacker once they gain access to the internal network.
“VPN is currently a large challenge for businesses; but it doesn’t have to be. Solutions exist to handle the problem areas of existing VPNs and let businesses get back to doing business.
They allow businesses to get the remote access they need without wasting large amounts of resources on setup and operations,” says Stuttard.
A VPN should allow access to only the resources a user needs and not the entire internal network.
Existing infrastructure can already do this by configuring cumbersome networking rules on the VPN hardware and wasting time customising it every time needs and users change.
It is far more efficient to utilise a remote access solution that focuses on an identity-defined perimeter that automatically evaluates users based on well-defined roles and groups. Then access can be limited only to what they require and nothing more.
“We can take this further with zero-trust networking. All traffic on the network carries the identity information, and access is granted dynamically based upon the identity.
This limits traffic in a more targeted manner, preventing any access outside of what is permitted.
By shifting to zero-trust networking, even if a user’s credentials are compromised or if the user is an insider threat, the attack surface is greatly diminished, reducing the attack’s overall impact,” Stuttard explains.
Modernisation with the cloud is what growing and evolving businesses are embracing.
Rightscale estimates that 81% of organisations not only utilise the cloud but have a multi-cloud strategy.
To manage this shift, organisations need VPN solutions that can connect anywhere, on-premises or in the cloud, and are not restricted to any one cloud provider.
Using a direct connect solution, organisations can avoid the challenges in setting up and configuring cloud VPN tunnels to internal networks.
Instead, workers can operate from anywhere and connect remotely without having to originate on the local network.
Not only does this streamline the operations, but it eliminates an additional hole in the user’s network.
The next phase of VPN evolution allows businesses to dump the excessive hardware hassle altogether.
Using software endpoints, the configuration is nothing more than a simple software installation.
This process reduces the overall complexity of getting a VPN going and reduces the need for additional staff to upkeep and maintain legacy hardware solutions.
“Ananda is an evolved VPN solution that delivers a truly zero-trust networking solution with the rules set by the organisation.
This is coupled with the speed of Ananda’s SmartPath technology that dynamically self-optimises traffic.
Users can quickly access the resources they need but are strictly confined to only what they should access.
Unlike complicated hardware solutions, Ananda is quick and easy to enable. With a simple software installation, businesses can be up and running in no time,” says Stuttard.