Moving Beyond VPN to Secure Access Inside the Perimeter
Securing access inside the perimeter is key.
The virtual private network (VPN), the longtime workhorse of enterprise networking, has been used to extend trust to remote users. As IT has evolved, however, security chiefs and IT leaders are questioning the premise of VPNs, often concluding that it is flawed.
VPN opens a conduit for remote users to access networks, a vital function at a time when many workers rely on mobile devices. By granting access at the network layer, it is feasible for a client on the trusted network to discover and probe all sorts of apps that typically exceed the least-privilege set of apps.
Zero Trust, a simple and effective means to user access, significantly reduces IT complexity.
In a Zero Trust environment, external users launch sessions by way of a branded portal or a client connector. Authorization requests move through a cloud-based proxy which in turn talks to the active directory environment and applications themselves. When external users request a connection to an internal application, creation of a unique pathway facilitates the connection.
This arrangement eliminates the need for an inbound port, a doorway that could swing open too wide and create a security risk. In addition, the Zero Trust model applies a range of checks to validate the system integrity and identity of end users, while implementing multi-factor authentication along the way.
Zero Trust, then, provides another layer of protection against one of the perils of the VPN paradigm: the “lost laptop” nightmare. In such a scenario, a found device grants a nefarious hacker complete freedom of movement within a network. Zero Trust also helps limits opportunities for authorized users to explore parts of a network that are off-limits. As an application-based constraint, Zero Trust helps to keep everyone in his or her lane.
Zero Trust also checks the access of contractors and other third-party users whose presence on the network has concerned many IT chiefs. It simplifies overall architecture, a desirable goal for IT departments that deploy multiple VPN concentrators, sometimes well-removed from their Infrastructure as a Service cloud server. By combining all access-related activity at the proxy, Zero Trust enables a slimmer simpler system profile.