Legacy VPNs facing unprecedented modern security threats
Remote work is the future. Remote work is our new reality. Even though Gartner predicted that by 2020, half of the US workforce will be working remotely, no one could have anticipated it to become ubiquitous given the COVID-19 outbreak. The once-familiar 9-to-5 office environment as we know it has changed dramatically, and now, nearly everyone has been forced to work from home for the foreseeable future. This change is also expected to become permanent for many companies given the various benefits this model provides.
This rapid global transformation has forced the largest amount of people to work remotely in history. With millions of people connecting to their corporate networks from their homes, network infrastructure is being taxed like never before, creating new issues of internet overload and skyrocketing VPN usage.
VPNs on the Rise, Security and Scalability Lagging
Virtual Private Networks (VPNs) have always been the technology backbone of remote work. Previously, they were sufficient as only a few million people globally were working remotely. Before the universal necessity for everyone to work from home, most workers treated VPNs as a dependable, yet occasional solution for remote access.
Introduced more than 30 years ago, legacy VPNs have enabled secure, remote access to the Internet through a point-to-point connection by creating an encrypted 'tunnel' through which IP traffic flows. However, VPNs can make enterprises and organizations of all sizes more vulnerable to attacks and data breaches because they provide access to the entire internal network in order to access company resources.
Now, with the sudden surge of workforces implementing different VPNs, cracks are starting to emerge: these solutions were not built to scale to support millions of users nationally or globally. In the United States alone, there is a 53 percent increase in usage of VPNs. This is due to the number of state governments mandating a work-from-home policy, and is creating an unprecedented stress test on VPNs.
The sudden spike in volume has also resulted in slowdowns in internet access and reduced quality of service. Furthermore, organizations have been onboarding at this capacity onto legacy hardware, despite their hybrid and cloud-based resources, which puts scaling and security on the backburner.
Previously, organizations only needed to designate enough network access for a limited number of remote workers. However, now they must identify and offer significantly greater network capacity to accommodate an entire remote workforce. Unfortunately with traditional VPNs this isn't easy. New private networks or environments must be created to host the organization's resources and applications, and maintain employees' regular work environment from home. This process often takes weeks to complete.
More Users, More Security Issues
While the challenge of increased scalability for VPNs is a major challenge, another, arguably bigger concern is the lack of security in legacy VPNs.
VPNs have been targeted by hackers but the COVID-19 era has cast a spotlight on their vulnerabilities. Last July, a vulnerability in Pulse Secure VPN resulted in several companies becoming victims of ransomware attacks. So how can you tell if the VPN you're connecting to is not secure, and why are they such an attractive target for attackers?
In the NordVPN breach, attackers gained access to the TLS key which opened the door and exposed the unencrypted network to hackers. This revealed that the bigger risk is hackers accessing the VPN server for extended periods. In this case, the intrusion went undetected for over a month due to a lack of activity logs. Since most legacy VPNs do enable activity logs, this presents a major security issue. When an organization cannot track network attackers, how can they trust that the network is uncompromised and remains secure?
Additionally, users are not restricted to specific network resources, making VPNs another singular point of failure with respect to identity access and credential management. There is no segmentation, audit or control. Critical VPN limitations include a lack of network segmentation, traffic visibility, on-premises user security and straightforward network security. VPNs are also not suited for dynamic networks because they require computer hardware, constant management and cannot easily adjust to network or server changes. This includes the integration of physical servers and site-specific applications, cloud-based infrastructure and applications and identity access and management.
The new challenge for virtually any company is how to provide secure and reliable employee access without draining IT resources and budgets, especially remotely. Organizations must look beyond traditional VPNs to alternatives that can be quickly deployed and configured via the cloud to provide device and application configurability, as well as accessibility, increased security, privacy and user-access control granularity and analytics.
A Moving Target for Attackers
Over 40 percent of top executives from the CNBC Technology Executive Council say that data and cyber attacks have surged since the majority of their workforce is working from home. This isn’t surprising as hackers understand the value in attacking VPNs, and are familiar with their common vulnerabilities. We will see an increase in hackers taking advantage of common security gaps, and indeed already have.
Vulnerable VPNs provide hackers an undefended attack vector with which to infiltrate an organization’s network and get at its unencrypted critical resources and data. Without the correct security and complete network visibility, organizations will lack the right safeguards and safety nets in place to detect and fight off unusual activity in their network. For better cybersecurity in the remote workforce, organizations need to prioritize the importance of secure network access for their employees.
Modern Approach For The Remote Workforce
Now, more than ever, there is growing demand for secure and scalable solutions for network access. It is time to look past the legacy VPN and look into the future with a more secure modern approach to network security. This is where Secure Access Service Edge (SASE) comes in.
Secure Access Service Edge (SASE), pronounced "sassy," is a new cloud-based network security model defined by research firm Gartner that combines multiple network technologies delivered as a service which supports dynamic secure access to all organizational assets. This new model allows IT security teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective and scalable way.
SASE enables the delivery of integrated secure network security services that supports digital business transformation, edge computing, workforce mobility and identity and access management. In addition to improved security and network performance, SASE delivers increased user and IT staff productivity, operational efficiency, cost reduction and new digital business scenario enablement. By adopting SASE , organizations can make their applications, services, APIs and data securely accessible to third-parties such as partners and contractors, without the risk exposure of legacy VPN and demilitarized zone (DMZ) architectures.
This new modern approach to network security delivers new levels of flexibility, scalability and security for the remote workforce. Instead of grabbing a legacy VPN, change your mindset and look into a more user friendly SASE service to secure your organization and your remote workforce.
Amit Bareket is CEO and co-founder, Perimeter 81, a Zero Trust Secure Network as a Service / Secure Access Service Edge (SASE) vendor that is simplifying network security for the modern and distributed workforce. Previously he was co-founder and CEO of SaferVPN.