By Byron V. Acohido
Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon.
Related: Taking a risk assessment approach to vulnerability management.
This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles.
I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.
Guest expert: David Holmes, Analyst for Zero Trust, Security and Risk, Forrester Research
VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. VPNs verify once and that’s it.
Zero trust — and more specifically zero trust network access, or ZTNA — never trusts and always verifies. A user gets continually vetted, with only the necessary level of access granted, per device and per software application; and behaviors get continually analyzed to sniff out suspicious patterns.
Remote access is granted based on granular policies that take the least-privilege approach. For many reasons, and for most operating scenarios, ZTNA solutions makes more sense, going forward, than legacy VPN systems, Holmes told me. But that doesn’t mean VPN obsolescence is inevitable. To learn more, please give the accompanying Last Watchdog Fireside Chat podcast a listen.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
Great post. I am new to ZTNA and mostly from a TCP background. If we continually verify the user wont it effect performance as well as customer experience?