With many businesses accepting remote and hybrid work models, businesses are now looking to MSPs to evaluate the long-term sustainability of their existing cybersecurity infrastructure to ensure their businesses are protected. For many, this means turning from existing cybersecurity protections to zero-trust network access (ZTNA).
For decades now, MSPs have provided secured, and sometimes encrypted, Virtual Private Networks (VPN) for end users to remotely access their secured office networks from anywhere, at any time. Applications or data running through the VPN tunnel have helped them take advantage of the functionality, security, and management of the office network.
VPN was the solution of choice for many MSPs and their clients at the beginning of the pandemic when workers were asked to shelter-in place. It was an existing technology that businesses understood, and it was easy for MSPs to implement because many of their existing firewall solutions offered VPN capabilities. However, with the sheer volume of remote workers and the legacy technology that VPNs were built-on, businesses soon found that offering VPN is not enough to protect them from today’s cyberthreat climate.
It’s important to note the origins of the VPN. When VPN was first introduced in the 1990s, very few employees worked outside the office and majority of IT infrastructure were located on-premises. It was created to protect a flat network. Using VPN, once a user logs into the network, they have access to the entire network, regardless of their role. The VPN tunnel remains connected for the entire duration, until the user decides to sign off.
While VPN is sufficient at providing remote workers access to their network, there are a few drawbacks.
Limitations of VPN
To begin with, VPNs are notoriously resource intensive and can be quite slow, especially when the worker is farther away from the physical network. The speed of VPN further deteriorates as more connections take place. And for remote workers that must rely on mobile devices to do their job, using a VPN would not be an option due to the amount of resources it requires.
Secondly, it increases security risks for the network. The VPN is only a connection tunnel; it does not validate the security posture of the device. If the device, whether it is a company authorized device or personal device used as part of a ‘bring your own device’ (BYOD) policy, is infected with a virus, the virus can easily spread throughout the network once the user connects to the VPN, as VPN gives the device unlimited access throughout the network.
Lastly, with so many resources moved to the cloud or business data residing in SaaS collaboration applications nowadays, these perimeter networks are not something a VPN can protect. Businesses would have to invest in additional remote access solutions to ensure the access of these infrastructure remain secure.
A more secure alternative: ZTNA
Zero Trust Network Access (ZTNA) is a security concept which requires all requests are validated first to ensure that the right person is using the right device before access is granted to a company’s resources, no matter if they are within the firewall or elsewhere. Given today’s complex business environment and the heightened cyberthreat landscape, a zero-trust concept is more desirable to ensure the security of an organization’s data, devices, and employees, while providing them the ease-of-use, flexibility, and scalability needed to boost user productivity.
With ZTNA, MSPs can ensure that they have full visibility of users’ access and of the devices that are accessing the data, even if it is a BYOD. However, a zero-trust concept is relatively new and not all businesses will see the need for this level of security. Vertical-focused MSPs may find that industries such as financial, healthcare, government, and insurance companies are the first to adopt the zero-trust concept.
Securing customers’ remote workers with both VPN and ZTNA
Securing the remote workforce is not a one or the other situation. While ZTNA offers the security, flexibility, and scalability today’s businesses require, it is still a relatively new concept for some businesses.
Whether you service the mom-and-pop shops who are not as security conscious or businesses with larger networks and bases of end-users, it’s important that you become familiar with ZTNA alongside other methods of securing today’s workers, so that you can make the best decisions regarding how to provide secure remote access that meets all security needs and allows your customers to still get their jobs done.
To learn more about Barracuda MSP’s VPN and ZTNA, visit our website: www.barracudamsp.com/product-details.
Photo: metamorworks / Shutterstock
Zero trust is about to be tested, this might make the deal breaker for work from home or back to the offices with machines off the network and untrusted home networks
Great article comparing VPN to ZTNA
Great article
Businesses are going to have a hard time getting away from VPN. Once that dependency is broken the business world will be happy it did so.
[…] [Source] Have you calculated all your costs for cloud migration? For more insights on this topic: Digital Transformation Managed Services Security […]
Very good info, we’re still evaluating our options for zero trust remote access and every bit of info we can get helps.
I see these protocols being implemented rapidly with the covid work from home policies. We’ve implemented a lot of VPNs this year.
Nice Summary. Thanks.
I think that Zero Trust is a hard concept for non-IT Security people to wrap their brains around. Even for a lot of IT people it’s a new thing that sounds very tricky to implement and support. VPNs on the other and are much simpler to implement and understand. I think it will be a long path to change things over.
Nothing stays the same. Good post.
I agree with the article and think ZTNA is the future, but I’m still not a fan of the name for some reason.
I think Zero Trust is the future of network security, and the sooner businesses implement ZTNA the better.