Four Reasons to Kill the VPN: Security, Speed, Simplicity and Savings
The Enterprise Network Has Moved From Tightly-Bound to Boundless
Virtual Private Networks to Software Defined Perimeters
The network perimeter is changing. IT environments encompass multiple topologies, including on-premise hardware, private clouds, and public clouds. Companies share applications and data with dozens of partners and vendors. Businesses are extending their operational reach and access to a remote workforce that is itself dynamic and elastic in nature. Employees, vendors, partners, customers, and other stakeholders are constantly logging in from different devices, using different connections, and working from different locations. CISOs, CIOs, and CSOs are being asked to secure identities and devices across unknown and untrusted shared common infrastructure.
In such a world, the enterprise network has moved from tightly-bound to boundless. Consequently, whatever protection Virtual Private Networks (VPNs) afforded to an enterprise’s data and critical assets has been completely destroyed. Businesses need a new and better way to secure their “crown jewels.” That is found in a software defined perimeter (SDP) which controls access to resources based on user identity, thereby delivering Zero Trust security.
While the term “software-defined perimeter” has only recently gained prominence in the IT space, Unisys has been deploying SDPs since 2006 in the Unisys Stealth® solution. Stealth™ was originally developed to satisfy a U.S. government need to share sensitive and classified information globally at a huge scale across one of the largest and most complex networks in the world. Stealth protects data by creating an SDP via identity-based, software-defined, encrypted micro-segmentation.
Security: Eliminating VPN Vulnerabilities
To better understand how an SDP provides superior security compared to a VPN, visualize your enterprise’s network as a house and a VPN as a door. That door opens for anyone who has a key – or who can jimmy the lock. Obviously, the door is where burglars are going to concentrate their efforts. Practically speaking, it is not that hard to break in. Plus, once they get through the door, there are no further barriers to navigate. They are “home-free” to move where they want and steal what they want.
In like manner, hackers love VPNs because they are relatively easy to crack. They are a door into your network. Once a VPN is compromised, the attack can propagate laterally and at a great pace from server to server within the data center, with no security controls in place to stop the spread. VPNs therefore represent a single point of security risk for the network.