In today’s world, where cyber threats are becoming more complex and widespread, many companies have or are just deciding to implement a VPN as a key component of their security strategy. A VPN offers a number of benefits, such as encryption of data between a company and an employee or between company branches and anonymity on the network, but let’s take a closer look at whether a VPN is a sufficient solution today. It’s worth noting that in the face of growing threats and a changing technological landscape, VPNs are becoming an increasingly outdated solution that may not meet the requirements of today’s companies. It is worth noting that the date of inception of the technology is considered to be 1966. Taking this into account, the technology is almost 60 years old!
A VPN creates a secure connection between a user’s device and the company’s network. Data sent over the Internet is encrypted, making it difficult for third parties to intercept. In addition, the VPN masks the employee’s IP address, which increases their anonymity on the network. This allows employees to securely connect to company resources wherever they are – in the office, at home or abroad.
As I mentioned VPN is an outdated technology and comes with many limitations. First of all, a VPN only creates an encrypted connection between 2 points – so between the employee and the company, and there is no way to restrict access to company resources in a simple way. This is related to the fact that, horror of horrors, in many companies both employees and external companies have access to the entire company infrastructure. If an employee’s computer is infected with malware, the VPN is unable to block the spread of the infection and therefore company systems can be easily infected.
VPNs also have a number of vulnerabilities that are willing and exploited by criminals.
So how do we secure corporate data? First of all, we need to look holistically so that the VPN is only one element of the company’s overall security strategy. It’s worth at least investing in network devices and implementing network segmentation so as to, for example, separate the server subnetwork from the subnetwork where the computers are, in edge firewalls, on which it is often possible to limit access somewhat – although this is not always easy. It is worth investing in anti-virus software on employees’ computers so that threats are detected and removed as early as possible. It will also be necessary to implement MFA, i.e. multi-component authorization for all employees and external contractors so that in addition to the password, for example, a code from an application is required. However, I think that first of all it is worth looking for a solution that has all these functionalities and take a closer look at the concept of ZTNA ( Zero Trust Access Network). There are many solutions on the market that can dynamically determine and change the permissions held depending on the contractor, on the location, on the time of day, etc.
In summary, a VPN is a valuable but basic tool that cannot be the only solution in the face of growing threats. Modern systems require much more advanced security and a dynamic approach to security – if only because of remote working. It is worth taking a closer look at ZTNA technology, which can dynamically, based on identity and location or other aspects, adjust permissions depending on the context.