Many organizations are amid rapid digital transformations. COVID-19 pushed a transition to remote work, and the zero-trust security model is rapidly catching on as a method for minimizing enterprise cybersecurity risk.
Combined, the need to implement both zero trust security and support for remote work means that organizations need to carefully consider the telework infrastructure that they put in place. Two options for secure remote access are the virtual private network (VPN) and software-defined perimeter (SDP). A clear understanding of the functionality of SDP vs VPN is essential to effectively implementing zero trusts for a remote workforce.
The Benefits Of Zero-Trust Security
Historically, many organizations have adopted a perimeter-focused security model. Under this model, all security solutions are deployed at the network perimeter and designed to enforce this perimeter.
The underlying assumption is that all threats originate from outside the network and that, by defending the perimeter and keeping external threats out, the organization can defend itself against attack.
This model has several issues, which have led to the development of the zero-trust security model. Zero trusts provide access to systems and resources on a case-by-case basis driven by role-based access controls. This provides much more granular access control than the perimeter-focused model, which can grant full access to any user.
The zero-trust security model is growing rapidly in popularity because it provides some different benefits. As a result, many organizations are actively seeking to implement zero-trust throughout their IT infrastructure, which can be a daunting task.
Remote Work Transforms Access Control Requirements
The COVID-19 pandemic forced rapid digital transformation on many organizations. The need to suddenly support a remote workforce drove organizations with no telework program to rapidly develop the infrastructure for remote work.
The urgency of the COVID-19 pandemic meant that many organizations adopted the secure remote access solution that they were most familiar with: VPNs. However, as these organizations look to extend their telework programs and implement zero trusts, they need to explore other secure remote access solutions, such as SDP.
How VPNs Implement Access Control
VPNs are designed to provide an encrypted tunnel between two points. After the connection is set up, all traffic flowing between a remote worker’s computer and a VPN endpoint on the enterprise network is encrypted by the VPN. This protects against eavesdropping and helps to ensure the integrity of the data being transmitted.
The goal of a VPN is to provide an experience similar to being connected directly to the enterprise network. Once the remote user’s traffic reaches the enterprise network, the VPN endpoint unwraps it from its encryption and forwards it to its destination. This means that the remote user has essentially the same network connection as the VPN endpoint.
One major issue with VPNs is that they provide minimal access control. VPNs commonly require a user to authenticate to the VPN endpoint before use, but this is the extent of their built-in security since their sole purpose is to provide an encrypted tunnel. VPNs are designed to work with a perimeter-based security model: if you’re inside, then you’re trusted. Any additional security or access control must be layered on top of the VPN software with additional standalone solutions.
SDP And Zero-Trust Network Access
SDP takes a different approach to provide secure network access than VPNs. Instead of a VPN’s single tunnel, SDP – also called zero-trust network access (ZTNA) – creates micro connections between a remote user and the resources that they request.
The use of micro connections enables SDP to achieve a much more granular level of access control than is possible with VPNs. Each access request is compared to a set of role-based access controls by the access broker and approved or denied. If approved, the remote user is granted access to the particular application or resource that they have been approved for and nothing else.
The design of SDP makes it possible to implement zero-trust security across an organization’s entire network infrastructure. By decoupling access to the network from access to particular resources, SDP makes it possible to enforce zero trust access controls.
This limits employees’ access to those required for their role and limits the impact of a compromised account and an attacker’s ability to move laterally throughout an organization’s network.
Designing A Modern Enterprise WAN
Every organization is pursuing digital transformation, and the COVID-19 pandemic only served to accelerate these efforts. To compete effectively in the marketplace, an organization needs to be able to leverage the cloud, support a remote workforce, and otherwise transform its IT infrastructure to make the most of modern technology.
With a remote workforce comes additional cybersecurity risks, which a zero-trust security model can help to manage. When designing IT and security infrastructure for the long-term, selecting modern solutions, such as SDP for remote access, is essential to the success of the business.