Why Software-Defined Perimeters Outflank VPNs for Secure Remote Access

With an increasing number of employees working from coffee shops, airports and home, and the cost of breaches increasing the security concerns created by perimeter-based VPNs, organizations are looking closer at alternatives such as SDPs, which use a zero-trust paradigm to overcome these issues.

Software.Defined.Perimeter

Perimeter-based virtual private networks (VPNs) are deployed globally for employee and contractor access to corporate networks. Up until now, they were one of the better solutions for remote access.

However, once authorized, VPN users have broad access to resources on the corporate network. This all-or-nothing approach to access leaves potentially sensitive resources and information exposed to VPN users and attackers.

As a result, interest has been heating up around software-defined perimeter solutions (SDP) as a much more compelling alternative for secure remote access, and for good reason. SDPs ensure that users are authenticated and authorized based on preset policies prior to accessing specific applications, rather than whole networks.

With an increasing number of employees working from coffee shops, airports and home, and the cost of breaches increasing the security concerns created by perimeter-based VPNs, organizations are looking closer at alternatives such as SDPs, which use a zero-trust paradigm to overcome these issues.

In this eWEEK Data Point article, Etay Bogner, co-founder and CEO of Meta Networks and an expert on this topic, offers 10 reasons why enterprises might rethink secure remote access in light of SDP innovations in security, scalability, reliability and flexibility.

Data Point No. 1:  Traditional VPN security issues

Enterprises have become more vulnerable in this era of worker mobility and cloud migration, making it harder to effectively secure the perimeter. Traditional VPN access is overly permissive, granting remote workers access to more of the network than is required to complete their tasks. As a result, network resources are unnecessarily visible, overly vulnerable and open to attack.

Data Point No. 2:  Zero-trust remote access for users, isolation for the network

SDP solutions have several security advantages over VPNs. First, there are no trusted zones. The IT administrator must grant users explicit permission to access specific applications. Beyond these designated one-to-one connections that are created for user devices, all other network resources remain isolated from view and completely invisible.

Some SDP solutions allow continuous authentication and verification of the user and/or device at the packet level using identity-based networking technology. Security isn’t left to chance; all network traffic is logged for audit and investigation.

Data Point No. 3:  Unreliable end-user experience

For anyone who has used a corporate VPN, slow and unreliable performance is common. If you use applications in multiple locations, then you’ll face the aggravation of having to repeatedly connect and disconnect—and you have to keep track of where you are connecting, based on the app you need.

Data Point No. 4:  SDP: Connect once and access everything you need

With the right SDP solution, end users connect once to gain access to the required applications, wherever they are, for a better user experience. For unmanaged personal devices and for contractors, partners and customers, an agent-less browser-based solution makes access to applications as simple as possible.

Data Point No. 5:  Administrative headaches

Whenever cloud migration is involved, VPN management balloons in complexity, leaving IT administrators to configure and sync VPN and firewall policies across multiple locations. This makes it even more difficult to eliminate unwarranted access.

Data Point No. 6:  VPN configuration on-site compared to SDP ‘as-a-service’ approach

Compared to the complexity of configuring VPNs in every data center and cloud instance, administrators can onboard each network resource to an SDP platform once and manage all policies centrally in the cloud. Another advantage of a fully-cloud based SDP solution is that there is little to setup or maintain in the data center or virtual private cloud (VPC) that the administrator is enabling access to. All of the intelligence as well as the security enforcement is done in the cloud.

Data Point No. 7:  Lack of affordable scaling

As organizations require additional user connections and deployments across multiple cloud instances, VPN/firewall costs escalate rapidly due to the need for additional licenses and more powerful appliances. Scalability comes at a significant price.

Data Point No. 8:  Unlimited growth potential

Witha cloud-native SDP solution, expansion is never an issue. Regardless of the number of users that need to connect or volume of applications that need to be accessed, SDP solutions have the ability to seamlessly scale in the cloud, bypassing the need for expensive hardware.

Data Point No. 9:  Flexibility, but at a cost

VPNs offer flexibility since they can be used to connect multiple sites, data centers and virtual private clouds (VPCs). However, these connection options can be resource-intensive and drive up costs.

Data Point No. 10:  Connect anything, without complexity

Software-defined perimeter solutions enable more efficient connectivity to the IT resources required by employees without the cumbersome management requirements or mounting hardware costs.

In summary …

Understanding the realities of secure remote access is moving cloud-forward organizations toward software-defined perimeter solutions. SDPs enforce a customized network access policy for users and resources on a one-to-one basis. Resources remain invisible to unauthorized individuals, reducing the potential attack surface for malicious actors. SDP’s people-centric approach is more manageable, ubiquitous, secure and agile, greatly outweighing the benefits of traditional on-premise VPNs.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...