COVID exposes the shortcomings of over-reliance on VPNs

As work from home mandates scattered employees to the wind, the COVID-19 pandemic highlighted the dangers for businesses in over-relying on Virtual Private Networks to allow their staff to securely work remotely.

As work from home mandates scattered employees to the wind, the COVID-19 pandemic highlighted the dangers for businesses in over-relying on Virtual Private Networks to allow their staff to securely work remotely.

A distributed workforce significantly expands an organisation’s attack surface area, especially when staff may be working from home on consumer-grade devices over consumer-grade connections which rely on consumer-grade networking equipment.

In this scenario, VPNs have long been the tool of choice to offer secure access to remote workers. A VPN creates an encrypted tunnel between the end user’s device and the head office, wherever they are in the world, to protect that traffic from prying eyes.

While it creates a secure connection, one downside of this approach is that all of the end user’s internet traffic is routed through the VPN connection. Remote staff are essentially forced to digitally commute back into the office. This takes a significant toll in terms of speed, latency and application performance – when some employees may already be struggling with sub-par home broadband.

Reliance on VPNs during the pandemic also took its toll on businesses through the need for more capacity and licences to handle the larger number of simultaneous users. The concept of a VPN was never intended to support an entire workforce at once, says Kevin Bloch – ​​former Cisco ANZ Chief Technology Officer and founder of corporate technology advisory firm Bloch Advisory.

A VPN is designed to let some external users tunnel back into the supposed safety of the office walls on an ad-hoc basis. Meanwhile, newer approaches like Secure Access Service Edge (SASE) converge Software Defined WAN (SD-WAN) with Zero Trust Network Access (ZTNA). This approach extends security out the edge for all users, Bloch told Orro’s recent ‘Seriously SASE’ virtual fireside event.

“That’s where the SASE approach is designed to far better meet the needs of both the business and end users than simply relying on VPNs.”

Robert De Nicolo – Director of Cybersecurity at Cisco Systems, ANZ

The result is a significant performance boost by allowing end devices to securely connect directly to some cloud services, rather than routing all their traffic back through head office, Bloch says.

“This concept of SASE was coined because you and your devices are now the edge of the network, ensuring security regardless of your physical location,” he says.

“Rather than remotely accessing the corporate network, you’re now going directly to the cloud, which offers benefits in terms of performance and security.”

Traditionally, most organisations built their security architecture on the assumption that the majority of users were accessing resources from within the office, while connected to the local network. Technologies designed to offer secure on-premise access and enforce security compliance – such as network segmentation – are often not designed to extend that same level of granular security control to remote users connecting into the office via a VPN.

Relying on VPNs to grant staff remote access can mean there is no segmentation as they exit the VPN into the corporate network. This lacks the ability to apply different policies and limit access to segments of the corporate network, depending on the needs of the user and the security concerns of the business.

This is why SASE should be viewed as far more than simply a replacement for VPNs, says Cris Bailiff – CTO of managed security services provider eSecure.

“The key to SASE is the identity-based security aspect,” Bailiff says. “It’s that granular, dynamic security which is the real game changer compared to a VPN, especially combined with the improved performance that SD-WAN offers remote workforces.”

As a result of these combined benefits, 60 per cent of enterprises are predicted to phase out the use of VPNs in favour of ZTNA by 2023, according to Gartner.

This concept of SASE was coined because you and your devices are now the edge of the network, ensuring security regardless of your physical location

Kevin Bloch – Founder Bloch Advisory

Today, most organisations want to provide staff with an “equitable application experience” which is high-quality, reliable and secure. The expectation is that this experience is delivered regardless of where the user is located or where the application resides, says Robert De Nicolo – Director of Cybersecurity at Cisco Systems, ANZ.

“If you’re trying to deliver this equitable experience, you need to consider the technology holistically,” De Nicolo says.

“That’s where the SASE approach is designed to far better meet the needs of both the business and end users than simply relying on VPNs.”


Get In Touch With Orro Today

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Related Insights

5 May 2021

Security should not be an add-on for your business

Security should never be considered an add-on for your business – it’s a critical base element! The reality of today’s world is that security is becoming the elephant in the room that must be discussed.
15 August 2023

Uncovering Hidden Threats with a Cyber Risk Assessment

The increasing reliance on digital infrastructure in our deeply interconnected world has rendered organisations susceptible to cyber threats. Data breaches, ransomware attacks, and other cyber incidents continue to occur, causing severe financial losses, reputational damage and legal consequences for the organisations impacted.
7 March 2023

Combating the biggest cyber security challenges facing enterprises

It can be said that the only constant in the world of cyber security, is change. Cyber threats are evolving more rapidly than ever, with both the technology and people behind the cyber attacks becoming more and more sophisticated.