Cyxtera Blog: Appgate

Written by Jason Garbis on March 11, 2019

2019: It’s Time for a VPN Alternative

2019 is the year we must all accept it: it's time for a VPN replacement. Jason Garbis explains why a Software-Defined Perimeter is the Zero-Trust cybersecurity solution every enterprise needs.

Perimeter-based security has no place in today’s enterprise. We’re a modern workforce, working anywhere and everywhere, and the days of a fixed and easily identifiable perimeter are long gone. So why are we still pretending that VPN security is effective?

The VPN was created in 1996 when Microsoft first developed the peer-to-peer tunneling protocol. It was invented in a time when Blackberry was just launching two-way pagers and when the term “cloud computing” was first coined. To use VPN technology to secure how we work today simply defies progress.

Today’s network landscape is one of incredible complexity with distributed applications, people, and data. Companies have taken the standard method of protection, the trusted private network, and applied hundreds or thousands of VPN and firewall rules with complex topologies to manage the chaos. Our expanding cloud and mobile ecosystems have made the perimeter both porous and irrelevant. In the meantime, our networks are infested with unsanctioned, insecure devices. To complicate matters, in an increasingly distributed work environment, cyber threats are just as likely to come from inside the organization as they are from the outside.

VPNs have four critical flaws.

Using VPNs in an era of perimeterless IT is a problem because they don’t provide security. There are several reasons why:

  • VPNs authenticate to everything. Once authorized, users typically have complete access to the authenticated network.
  • VPNs are too simplistic. In a world where the physical perimeter is no longer relevant, they are unable to keep up.
  • VPNs provide static, perimeter-based security. This is ineffective when user context and security threats are ever-changing.
  • VPNs are a siloed solution. Ultimately, VPNs are only useful for remote access by remote users. They don’t help organizations secure on-premise users or on-premise networks.

What’s an enterprise to do?

Gartner recommends a new strategic approach for information security Continuous Adaptive Risk and Trust Assessment (CARTA). The idea behind this is that enterprises can continuously evaluate in real-time if a user should be trusted or not. It mirrors similar sentiments from Forrester around Zero Trust, the notion that we must not trust unless verified. Both concepts – CARTA and Zero Trust – are fundamental for today’s secure enterprise.

Supporting both principles is the Software-Defined Perimeter (SDP), a Zero Trust cybersecurity model. A Software-Defined Perimeter is a network security model that dynamically creates 1:1 network connections between users and the data they access. SDP reduces the attack surface in real-time by creating a discrete, encrypted network segment of one, making everything else invisible and inaccessible. A network segment of one is an individualized, micro-segmented network tailored for each individual user, device, and session. Further, this solution is holistic – it provides a single secure access control platform for both remote and on-premise users accessing remote and on-premise resources.

A Software-Defined Perimeter is designed around the user and addresses VPN shortcomings;

1. It’s user-centric.

An SDP ensures we know as much about a user as we can BEFORE allowing them to make a connection to the network such as:

  • What is their user context?
  • What device they are using, and what is its security posture?
  • Where are they located?

2. It’s adaptive and extensible. 

It manages access and adapts based on user context, device, and security conditions. It integrates with operational systems and provides an individualized perimeter for every user, granting specific access and visibility.

3. It enforces Zero Trust

Cyxtera’s Software-Defined Perimeter solution, AppGate SDP, creates a discrete, encrypted segment of one, making everything else invisible and inaccessible. AppGate SDP prevents modern attacks by reducing network attack surface and implementing adaptive security.

In 2019, enterprises have a choice: keep employing outdated technology in an attempt to secure a perimeterless world or realize that we need a VPN alternative. It’s time to use the latest cybersecurity innovations to secure the technology of today.

To learn more, watch the on-demand webinar with our customer Verdant who replaced their VPN with SDP. Click here to access.