Modernizing Secure Remote Access for a Hybrid Workforce
Problem: The Traditional VPN Is No Longer Enough
Since the 1990s, virtual private networks (VPNs) have been well-suited for the purpose they were built for – to grant employees temporary access to corporate networks and resources when they weren't logging in from an office. While VPNs have since been the widely used standard in doing this, they weren’t built to handle a scenario in which most – or even all – employees wouldn’t be in a physical office for months at a time.
As we all know by now, today’s work environment has shifted to being largely remote. Driven significantly by the COVID-19 pandemic in 2020, remote work hasn’t been the ephemeral experiment some may have seen it as before: A recent survey by Upwork estimated that over 36 million Americans will be working remotely by 2025. While organizations could benefit from giving employees this added flexibility, IT and security teams have had their hands full.
employees are generally given broad access to the network without any sort of
intentional vetting of their role, workgroup, device, or location. The
massive influx of remote work has complicated this, as security vulnerabilities
could be exposed through a traditional VPN. This has
made it challenging for organizations to rely exclusively on VPNs for securing
remote access for the entire workforce.
Here are some of the modern-day realities that challenge traditional VPN usage:
Limited access to distributed applications, whether on site, available as a cloud software-as-a-service (SaaS) offering, or within a private cloud infrastructure like Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure.
Temporary workers, contractors and vendors might not be able to connect to company networks.
A significant increase in remote work at scale has put an unexpected and often unmanageable load on VPNs. It is no surprise then, according to Gartner’s analysis, that an estimated 60% of enterprises will phase out most of their remote access VPNs in favor of zero trust network access (ZTNA) by 2023.
Solution: Zero Trust Secure Remote Access
Since 2014 when Google shared their architectural approach to VPN-less called BeyondCorp, many organizations have adopted a VPN-less approach for enabling access to private applications. They, too, have experienced the benefits over a VPN-only model. These benefits include:
Reduced Risk Through Application-Specific and Granular Access Controls
A solution that enforces zero trust remote access policies is less permissive and highly granular. Every user must log in with multi-factor authentication (MFA), and every device is checked for its health posture, operating system updates and more before being granted access.
Streamlined Experiences for End Users and Administrators
A zero trust solution gives way to a seamless end-user experience that enables high productivity, on site or remote. Users only see the applications to which they have access. Application access is simple and secure, irrespective of user and application locations.
Flexible and Adaptive Security Policies
Instead of being based on IP addresses and subnets, zero trust remote access policies are based on user identity and other factors, including endpoint posture, location and time. Also, security can be adapted to a broad range of users (for example, partners, suppliers and contractors) and devices (managed or unmanaged, corporate, or personally-owned, also known as Bring Your Own Device (BYOD).
Deployment That’s Simple, Less Cumbersome and Cheaper
With a zero trust solution, you don’t need to buy, maintain or upgrade VPN hardware. You don’t have to set up site-to-site VPNs, and deployment may be faster because there are not complex policies to configure. Furthermore, the costs for deploying and maintaining a zero trust solution may be lower than that for a VPN solution.
To stay competitive in today’s marketplace, you need to offer flexible options to your employees, and security should be kept at top of mind.
Consider adopting a zero trust remote access strategy that reduces complexity, enables security and keeps users productive on any device and from any location whenever they access corporate resources.
Try Duo for Free
Duo’s secure access solution – which includes the
Duo Network Gateway – lets you validate user identities, continuously verify
device trust, and protect every application without compromising on user
experience. Try Duo free for 30 days.