A few weeks ago, a particular SC Media Executive Insight claimed it’s time to say good-bye to VPNs. Among other things, the writer claimed that application access was more effective, and that zero trust architecture is an essential ‘alternate model’ for access. While I agree with Mr. Sullivan that application access and zero trust architecture are important and effective, I see no evidence that they’re mutually exclusive to VPN technology. In fact, without the network security a VPN provides, they’ll be of little use. Not only is VPN technology constantly updating — it’s more essential than ever before.
As our world becomes more global and more remote, businesses are spreading out. Whether it’s via remote employees, the Internet of Things, or simply expanding locations, the majority of businesses simply aren’t centralized in one location any more. For a business that wants to grow, this is all the more relevant. That’s why a great VPN is so important; it doesn’t just provide a ‘security border’ for whoever, it provides access to essential data and resources on your network for the people that need them most: your team. VPNs can connect vast networks of POS systems, IT tools, pop-up shops, remote employees, and everything in between. With a VPN, they’ll all have access to the specific resources they need to succeed — just as if they were logging in to HQ. That kind of technology could never be stagnant; it’s always developing to meet the shifting market needs.
VPNs provide a type of network security that is deeply complex. It’s true that application security is important — but that does not eliminate the need for network security and network access control. It’s vital to support both network security and application security. Application security without a private network means enterprises will be subject to the same level of cybersecurity threat as the public internet. This obviously isn’t tenable; but, when combined with the network security of a powerful VPN, application security provides the in-depth protection companies need. Zero trust does indeed provide powerful security; but you can’t truly achieve zero trust without strong network security.
Most importantly, granular application security — limiting specific users to those specific resources they need to do their job — is absolutely possible with a good VPN. In fact, I’d argue it’s a key function. Offering full access to your entire corporate network to your entire team is a foolhardy move. Third-party contractors, for example, simply don’t need the access that your full time employees do — and each of those employees might need access to different resources based on their specific role and department. Does your marketing department need access to everything that your IT team does? Absolutely not. Limiting that access has nothing to do with the level of trust on your team; it’s just a realistic practicality. In fact, it protects your team just as much as it protects your data — no one wants to be the unintentional source of a data breach because they had access to something they didn’t need.
VPN technology is always developing — and with more cyber threats hitting the market every day, it’s more important than ever, especially for companies who want to securely scale. A good VPN should provide both application security and network security; both are essential to keeping your data safe, because both perform key security roles. A great VPN will also provide granular controlled access for maximum security, because excessive access, especially for remote or third-party users, is a major security risk. But it’s a risk that’s easily mitigated with the right VPN.
VPNs aren’t dead or dying; on the contrary, they’ve become more valuable than ever to any company that wants to scale safely in this ever-changing cybersecurity landscape.
Francis Dinha is the CEO and co-founder of OpenVPN
