Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/28/2018
09:00 AM
Chris Park
Chris Park
Partner Perspectives
50%
50%

Virtual Private Networks: Why Their Days Are Numbered

As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.

Virtual private networks (VPNs) have for a generation been viewed as the connectivity solution for the distributed enterprise, enabling secure remote access for mobile workers and branch offices back to the business-critical data at headquarters. While these connections are viewed as far more secure than the public Internet, VPNs are no longer the only solution for securely vetting enterprise traffic – let alone the most efficient one.

In reality, the days of ubiquitous VPNs may be numbered. These and other backhaul configurations make network management unnecessarily cumbersome as more and more remote workers and mobile devices flood enterprise networks, requiring their own dedicated VPN tunnels. The drawbacks of such complicated configurations are innumerable, and only get compounded every time a new device joins the network.

Security Left to the User
VPNs are designed to increase network security, but their functionality does little more than act as a standard web proxy. This means that advanced threat protection capabilities still need to be deployed on top of VPNs to assure traffic entering the network is secure.

Often, for instance, remote users will access the network using unsecured devices – like a personal laptop – that may already be infected with a malicious software. Once the user has authenticated their access request and successfully logged into the servers at headquarters, the malware could compromise network data.

This threat is difficult for network administrators to manage because they are forced to rely on responsible users to ensure that the network remains secure. This also illustrates one of the limitations of the VPN: most don’t differentiate traffic based on origin or device, but simply grant access to users who enter the right credentials. In addition, if an employee is given a device to be used exclusively for the company's business, there can be no guarantee that the employee will do so.

Performance Lags
By nature, VPNs can slow down performance since they require proper authentication to be completed before users can access the network. But it’s trickier when the connectivity of remote users doesn’t move at the same speed as others on the network. In truth, VPNs are only as fast as the slowest Internet connection between two endpoints.

Adding to the performance lag is the fact that most IP applications were designed for low-latency and high reliability network environments. This means that network performance issues will only become more apparent as more real-time and interactive applications begin leveraging the enterprise network.

Complexity Breeds Budget Busters
VPNs require an array of equipment, protocols, service providers and topologies to be successfully implemented across an enterprise network – and the complexity is only perpetuated as networks grow. Purchasing the excess capacity and new Multiprotocol Label Switching (MPLS) connections needed to support effective VPNs can weigh heavily on IT budgets, while managing these networks will require greater reliance on personnel.

Rather than limit the number of devices on their networks, organizations need to seek out solutions that simplify network management as companies continue embracing mobile and remote workforces. Even businesses that continue to rely on VPN or backhaul networks to protect their data need to employ a defense-in-depth approach to security, since VPNs, on their own, only offer the baseline protections of a standard web proxy.  

As more solutions move to the cloud and enterprises rely less and less on physical servers and network connections, the need for VPNs will eventually evolve, if not disappear altogether.

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
CVE-2021-29443
PUBLISHED: 2021-04-16
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be throw...