Virtual private networks, VPNs, have often been referred to as the “backbone of the enterprise network.”  This is a bold statement to make about a technology that essentially hasn’t changed in almost over two decades.  And yet, a VPN’s ability to offer employees, third parties and even customers “secure” remote access into enterprise applications and data continues to be a necessity in today’s corporate world.  However, it’s time the death of VPNs, which industry experts have been speculating about for over a decade, actually happens.

The reason that traditional VPNs, a workhorse of most Enterprise Networks, have no place in our architectures moving forward is that they perpetuate a network perimeter security architecture where a user’s location on the corporate network topology defines their trustworthiness and suitability to access critical assets.  In the network perimeter security model, things were simple.  A user’s machine connecting to the corporate network either directly in an office or remotely via a VPN grants the machine a designation of trust.  That trust is then leveraged to grant that user’s machine a level of access nearly always beyond the minimum required to complete the user’s duties.  That fundamental excess of access has been leveraged by attackers in one way or another during the lateral movement phase of the majority of successful breaches.  

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.