Is it Time to Replace the Traditional VPN?
Virtual Private Networks (VPNs) were developed over 20 years ago to provide users with the ability to access corporate resources located within the company’s local data center. Since most employees worked on-site and usually only a handful worked remote, the traditional VPN approach worked fine. However, today with the proliferation of laptops and mobile devices, along with the increased use of cloud (SaaS) solutions, the traditional model is in the need of a redesign and refresh.
With the traditional VPN approach, users would create a secure tunnel back to the corporate data center and access system resources that way. Today organizations utilize applications in the “cloud”, such as Microsoft Office 365, Google G Suite, Salesforce and numerous others. Since these solutions are also used by on-site employees, the company has probably implemented a “secure” connection into the various cloud infrastructures and could require remote workers to connect via the corporate data center and traditional VPN.
According to Gartner Research, “enterprise access requirements are growing ever more complex due to application dynamics, cloud adoption and mergers. To cut through this complexity, technical professionals should explore Software Defined Perimeter (SDP) – a new technology whose strength lies in facilitating access to enterprise apps.”
What is a Software-Defined Perimeter (SDP)?
A Software-Defined Perimeter (SDP) is an approach that provides secure access to enterprise applications and systems.
In today’s environment the network “perimeter” is gradually disappearing as more organizations expand their use of cloud services and allow more and more employees to work remotely. SDP creates network connections between the user and the resources/systems that they have permission to access. SDP uses client software on the end-user device, along with servers, gateways and an orchestration engine, that is used to define the end-user privileges.
SDP can be implemented in a variety of ways, either offered as a cloud service, on-premise or both, but the underlying principle is that a user must first connect to the gateway or server before access is granted to any resource or application. Services are hidden from all users and once authenticated a user will only see the services that they have been granted access to. The level of trust can be context-based with levels defined based on the type of device (corporate device, personal/home computer, phone) along with other criteria such as location, time-of-day, etc., which helps reduce that attack surface.
Rethinking the approach to providing remote access to enterprise resources and systems with a Software-Defined Perimeter (SDP) architecture brings zero trust to remote access and allows more granular security controls to be deployed, protecting those resources and systems.