Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/28/2018
09:00 AM
Chris Park
Chris Park
Partner Perspectives
50%
50%

Virtual Private Networks: Why Their Days Are Numbered

As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.

Virtual private networks (VPNs) have for a generation been viewed as the connectivity solution for the distributed enterprise, enabling secure remote access for mobile workers and branch offices back to the business-critical data at headquarters. While these connections are viewed as far more secure than the public Internet, VPNs are no longer the only solution for securely vetting enterprise traffic – let alone the most efficient one.

In reality, the days of ubiquitous VPNs may be numbered. These and other backhaul configurations make network management unnecessarily cumbersome as more and more remote workers and mobile devices flood enterprise networks, requiring their own dedicated VPN tunnels. The drawbacks of such complicated configurations are innumerable, and only get compounded every time a new device joins the network.

Security Left to the User
VPNs are designed to increase network security, but their functionality does little more than act as a standard web proxy. This means that advanced threat protection capabilities still need to be deployed on top of VPNs to assure traffic entering the network is secure.

Often, for instance, remote users will access the network using unsecured devices – like a personal laptop – that may already be infected with a malicious software. Once the user has authenticated their access request and successfully logged into the servers at headquarters, the malware could compromise network data.

This threat is difficult for network administrators to manage because they are forced to rely on responsible users to ensure that the network remains secure. This also illustrates one of the limitations of the VPN: most don’t differentiate traffic based on origin or device, but simply grant access to users who enter the right credentials. In addition, if an employee is given a device to be used exclusively for the company's business, there can be no guarantee that the employee will do so.

Performance Lags
By nature, VPNs can slow down performance since they require proper authentication to be completed before users can access the network. But it’s trickier when the connectivity of remote users doesn’t move at the same speed as others on the network. In truth, VPNs are only as fast as the slowest Internet connection between two endpoints.

Adding to the performance lag is the fact that most IP applications were designed for low-latency and high reliability network environments. This means that network performance issues will only become more apparent as more real-time and interactive applications begin leveraging the enterprise network.

Complexity Breeds Budget Busters
VPNs require an array of equipment, protocols, service providers and topologies to be successfully implemented across an enterprise network – and the complexity is only perpetuated as networks grow. Purchasing the excess capacity and new Multiprotocol Label Switching (MPLS) connections needed to support effective VPNs can weigh heavily on IT budgets, while managing these networks will require greater reliance on personnel.

Rather than limit the number of devices on their networks, organizations need to seek out solutions that simplify network management as companies continue embracing mobile and remote workforces. Even businesses that continue to rely on VPN or backhaul networks to protect their data need to employ a defense-in-depth approach to security, since VPNs, on their own, only offer the baseline protections of a standard web proxy.  

As more solutions move to the cloud and enterprises rely less and less on physical servers and network connections, the need for VPNs will eventually evolve, if not disappear altogether.

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
iboss has created the first and only web gateway as a service specifically designed to solve the challenge of securing distributed organizations. Built for the cloud, the iboss Distributed Gateway Platform leverages an elastic, cloud-based node architecture that provides advanced security for todays decentralized organizations with more financial predictability. Backed by more than 110 patents and patents pending, and protecting over 4,000 organizations worldwide, iboss is one of the fastest growing cybersecurity companies in the world. To learn more, visit www.iboss.com.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.
CVE-2018-17336
PUBLISHED: 2018-09-22
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n...
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.