Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/28/2018
09:00 AM
Chris Park
Chris Park
Partner Perspectives
50%
50%

Virtual Private Networks: Why Their Days Are Numbered

As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.

Virtual private networks (VPNs) have for a generation been viewed as the connectivity solution for the distributed enterprise, enabling secure remote access for mobile workers and branch offices back to the business-critical data at headquarters. While these connections are viewed as far more secure than the public Internet, VPNs are no longer the only solution for securely vetting enterprise traffic – let alone the most efficient one.

In reality, the days of ubiquitous VPNs may be numbered. These and other backhaul configurations make network management unnecessarily cumbersome as more and more remote workers and mobile devices flood enterprise networks, requiring their own dedicated VPN tunnels. The drawbacks of such complicated configurations are innumerable, and only get compounded every time a new device joins the network.

Security Left to the User
VPNs are designed to increase network security, but their functionality does little more than act as a standard web proxy. This means that advanced threat protection capabilities still need to be deployed on top of VPNs to assure traffic entering the network is secure.

Often, for instance, remote users will access the network using unsecured devices – like a personal laptop – that may already be infected with a malicious software. Once the user has authenticated their access request and successfully logged into the servers at headquarters, the malware could compromise network data.

This threat is difficult for network administrators to manage because they are forced to rely on responsible users to ensure that the network remains secure. This also illustrates one of the limitations of the VPN: most don’t differentiate traffic based on origin or device, but simply grant access to users who enter the right credentials. In addition, if an employee is given a device to be used exclusively for the company's business, there can be no guarantee that the employee will do so.

Performance Lags
By nature, VPNs can slow down performance since they require proper authentication to be completed before users can access the network. But it’s trickier when the connectivity of remote users doesn’t move at the same speed as others on the network. In truth, VPNs are only as fast as the slowest Internet connection between two endpoints.

Adding to the performance lag is the fact that most IP applications were designed for low-latency and high reliability network environments. This means that network performance issues will only become more apparent as more real-time and interactive applications begin leveraging the enterprise network.

Complexity Breeds Budget Busters
VPNs require an array of equipment, protocols, service providers and topologies to be successfully implemented across an enterprise network – and the complexity is only perpetuated as networks grow. Purchasing the excess capacity and new Multiprotocol Label Switching (MPLS) connections needed to support effective VPNs can weigh heavily on IT budgets, while managing these networks will require greater reliance on personnel.

Rather than limit the number of devices on their networks, organizations need to seek out solutions that simplify network management as companies continue embracing mobile and remote workforces. Even businesses that continue to rely on VPN or backhaul networks to protect their data need to employ a defense-in-depth approach to security, since VPNs, on their own, only offer the baseline protections of a standard web proxy.  

As more solutions move to the cloud and enterprises rely less and less on physical servers and network connections, the need for VPNs will eventually evolve, if not disappear altogether.

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...