If You’re Still Trusting VPNs, We Need To Talk

Chris Ault

Remember the late 1990s? That was a simpler time, especially where network security was concerned. Most businesses ran just a handful of enterprise applications on company-owned computers, all wired into an on-premise datacenter. Employees were full-time and permanent. And to connect everyone securely? All you needed was the new virtual private network (VPN) technology. 

Audio cassette tape

Twenty years later, of course, everything in technology has changed. But the VPN? Yeah, not so much. While enterprise computing is now supporting a vast global network of third parties in the cloud, security is still being entrusted to technology that’s still essentially the same as it was two decades ago. Two. Decades. Ago.

Enterprise can’t go on this way. But in many cases, it’s still trying to. In spite of weekly news reports about massive data breaches resulting from VPN connectivity, organizations around the world are continuing to rely on technology that never envisioned today’s brutal realities of state-sponsored, highly funded, and highly focused global cyber attacks.

VPNs provide site-to-site connectivity and remote access to your company’s internal resources. Through a VPN, a remote worker uses their login credentials to get a predetermined level of access to your network, much as an onsite worker would. It’s a simple and elegant solution. And for years, VPNs were the obvious choice for secure and affordable external access.

But today, your data is being accessed in ways that couldn’t have been imagined 20 years ago. You’re now dealing with untold numbers of remote workers and third-party vendors, all of whom need to be granted a particular level of access. On top of that, your internal and external workers are connecting through a variety of personal or public devices that probably don’t comply with your corporate standards. 

Suddenly, your attack vectors are going exponential. And the shift of applications to the cloud means that there’s no longer a clear delineation between what’s inside and outside your network. The resulting risks are now well known: Data theft. Man-in-the-middle attacks. Split tunnelling. Password attacks. Viruses, worms and Trojans.

VPNs were designed for a secure perimeter model that simply no longer exists. To patch the holes in that perimeter, companies are using add-on solutions like software-defined perimeters (SDPs). They’re also carrying on with the low-tech solution of scolding, delivering frequent lectures on the importance of clearing browsers and deleting documents from unmanaged computers. But trusting enterprise security to busy, distracted humans is a really bad plan. And, as we see time and time again, it doesn’t work. According to the IDC, more than 40% of data breaches come from authorized users accessing unauthorized systems. Plus, some of the vulnerabilities have come from the VPNs themselves. This past spring, the U.S. Department of Homeland Security issued warnings about security flaws in VPNs from a group of vendors that included the likes of Cisco and Palo Alto Networks. 

So, what’s the answer? Respected industry leaders are emphasizing the importance of making VPNs just one component in a robust corporate security posture. That’s definitely one approach. But as the complexity of digital enterprise continues to grow, the time has come to look for a better solution, one that doesn’t involve shoring up outdated technology.

Tehama is that solution. Tehama was built from scratch for the realities of a future where even greater security threats are inevitable. Our SaaS solution takes human weakness out of play, offering a secure workspace that complies with the highest global standards, including SOC 2 Type II, GDPR and NYDFS 23 NYCRR 500.

Tehama provides clean end-user compute white rooms where all activity is recorded. Here, access is controlled from a dashboard with a single sign-on and a zero-trust default. In just minutes, you can onboard remote and third-party users to collaborate on Microsoft Windows or Linux virtual desktops. 

VPNs have been with us for a generation, and that familiarity has created a level of trust and comfort that is completely at odds with reality. To do business securely today, enterprise can’t continue relying on a patchwork of security solutions. It needs the purpose-built security of Tehama. 

To learn more about Tehama, download our white paper or request a free 45-day trial  here

More Posts

Subscribe Here!