Zero-trust Networks vs VPNs
VPNs have been here for decades. It has been helping users get safely to the enterprise network while protecting it from outside attacks at the same time. However, new technology has been recently shifting towards some new approaches, such as zero-trust Networking, that might seem like they are about to replace VPN.
Many experts feel like the arrival of zero-trust Networking will be the end of VPNs. But is it really? Some of the recent researches suggest that it isn’t the end of VPNs, but rather an improvement, or a transformation of a sort. VPNs aren’t likely to completely disappear because they are crucial to enterprise on so many levels. They can’t simply be replaced. For instance, VPNs are very important to enterprises with remote workers. In this case, VPNs can offer access to enterprise data, applications, and cloud-based resources. They are also very beneficial for enterprises in general since they are facilitating the site-to-site connection of remote data centres with enterprise networks.
In other words, zero-trust Networking won’t be the death of VPNs. On the contrary, it will transform VPNs and improve their already existing abilities. For example, they will help them deliver more secure remote access. These two technologies will most likely be used in tandem in order to implement combined solutions that will be using the best of both of these technologies. VPNs’ functionality will, thus, be enhanced with zero-trust Networking’s access approach.
Security Vendors Embrace Zero-trust
Now, the zero-trust-framework has been around for a decade. However, enterprise adoption has only begun to take off in the last year. One of the main reasons why is because the vendors have been slow to step up. Google has invested a huge amount of money and time in building its zero-trust framework. But enterprises weren’t able to use it for a long time simply because they weren’t Google. The good news is zero-trust is gaining more traction. Technology has been advancing and now we have capabilities that can enable these types of approaches.
That is why today, vendors have a chance to come at zero-trust from various different angles. So, the next logical question would be ‘How does an enterprise that has spent years devoting a huge amount of money on building its perimeter defences, suddenly switch to a new model that treats everyone as equally untrusted. To know how to get started requires you to first fully understand how this model works.
How Does Zero-trust Networking Work?
The traditional model uses firewalls to block access to enterprise networks from the outside world. It allows access only via a secure VPN. Therefore, it is very hard to obtain access from outside of the network itself. However, anyone who is inside the network is automatically trusted by default. The problem with this approach is that once the attacker has access, they can do whatever they want because they have full access to everything inside the network. So, the zero-trust works on the premise of not trusting until the information is verified.
zero-trust Networking assumes that potential attackers can be both inside and outside the network. To ensure that enterprise is safe from any attacks, zero-trust Networking uses least privilege access, micro-segmentation, and multifactor authentication to secure networks. This approach only provides “need to know” access to users. This access is restricted in a way that users can only have access to data they need to know in order to do their work.
Micro-segmentation breaks up the network into multiple zones, which means that a program logged into one zone is not able to access another zone without going through the authentication process. Plus, each zone is secured with multifactor authentication. The user has to enter both a password and a code sent to another device in order to prove their identity.
How to Get Started With a Zero-trust Security Model
Firstly, it’s always recommended to start small. You first need to take care of vendors and third parties and find a way to isolate them from the rest of the network. Three main use causes of zero-trust are new mobile applications for supply chain partners, cloud migration scenarios and access control for software developers. You just need to find what suits your company best. Luckily, there are many reliable free VPN professional services here that can help you get started in 2020, a list of such tools that I find reliable is here
For instance, if your company’s IT structure is entirely cloud-based, implementing access control for the DevOps and IT operations is exactly what you need. This is one of the best and most effective ways to give your teams access to specific development instances. In some companies, when a new employee gets a laptop, the device is explicitly authorised by an admin. Now, no matter how improved zero-trust Networking is, getting properly informed about how VPN works as well is very important, especially if you are just starting out.
Network-centric or identity-centric zero-trust
There are two types of this approach:
- the network-centric group;
- the identity-centric one.
The first one emphasises network segmentation and application-aware firewalls, while the other one focuses on identity management and access control. Keep in mind that transitioning to zero-trust isn’t an easy process. Many people take it as a business strategy. The best strategy would be to start with a limited rollout in a non-critical support application. Then, you will be able to build out slowly and gather support from business leaders at the company. For instance, one energy distribution company in Ontario, Canada, works with zero-trust, but they also use an approach that is centred on network-access control. Even though this brings a broad attack surface that needs to be protected, it ensures that you are properly covered and secure in the most efficient way possible at the same time.
Zero-trust: Prepare for an Uncharted, Unending Journey
Lastly, if you are considering zero-trust, keep these two important takeaways in your mind. Firstly, there is no singular strategy or a roadmap when it comes to zero-trust. You pretty much have to roll on our own and try as many different possibilities and see what works for you. Secondly, the journey is never over. There is simply no clear definition of success because zero-trust Networking is a never-ending process that helps companies keep up with shifting business conditions.
All things considered, new times are coming and technology is evolving. Therefore, adjusting to new strategies is crucial if you want your network to be properly protected. VPN has had great results for years. However, zero-trust is here to embrace the benefits of VPN while improving the negative aspects at the same time. It definitely is the future of netwo