Partner Perspectives  Connecting marketers to our tech communities.
09:00 AM
Chris Park
Chris Park
Partner Perspectives

Virtual Private Networks: Why Their Days Are Numbered

As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.

Virtual private networks (VPNs) have for a generation been viewed as the connectivity solution for the distributed enterprise, enabling secure remote access for mobile workers and branch offices back to the business-critical data at headquarters. While these connections are viewed as far more secure than the public Internet, VPNs are no longer the only solution for securely vetting enterprise traffic – let alone the most efficient one.

In reality, the days of ubiquitous VPNs may be numbered. These and other backhaul configurations make network management unnecessarily cumbersome as more and more remote workers and mobile devices flood enterprise networks, requiring their own dedicated VPN tunnels. The drawbacks of such complicated configurations are innumerable, and only get compounded every time a new device joins the network.

Security Left to the User
VPNs are designed to increase network security, but their functionality does little more than act as a standard web proxy. This means that advanced threat protection capabilities still need to be deployed on top of VPNs to assure traffic entering the network is secure.

Often, for instance, remote users will access the network using unsecured devices – like a personal laptop – that may already be infected with a malicious software. Once the user has authenticated their access request and successfully logged into the servers at headquarters, the malware could compromise network data.

This threat is difficult for network administrators to manage because they are forced to rely on responsible users to ensure that the network remains secure. This also illustrates one of the limitations of the VPN: most don’t differentiate traffic based on origin or device, but simply grant access to users who enter the right credentials. In addition, if an employee is given a device to be used exclusively for the company's business, there can be no guarantee that the employee will do so.

Performance Lags
By nature, VPNs can slow down performance since they require proper authentication to be completed before users can access the network. But it’s trickier when the connectivity of remote users doesn’t move at the same speed as others on the network. In truth, VPNs are only as fast as the slowest Internet connection between two endpoints.

Adding to the performance lag is the fact that most IP applications were designed for low-latency and high reliability network environments. This means that network performance issues will only become more apparent as more real-time and interactive applications begin leveraging the enterprise network.

Complexity Breeds Budget Busters
VPNs require an array of equipment, protocols, service providers and topologies to be successfully implemented across an enterprise network – and the complexity is only perpetuated as networks grow. Purchasing the excess capacity and new Multiprotocol Label Switching (MPLS) connections needed to support effective VPNs can weigh heavily on IT budgets, while managing these networks will require greater reliance on personnel.

Rather than limit the number of devices on their networks, organizations need to seek out solutions that simplify network management as companies continue embracing mobile and remote workforces. Even businesses that continue to rely on VPN or backhaul networks to protect their data need to employ a defense-in-depth approach to security, since VPNs, on their own, only offer the baseline protections of a standard web proxy.  

As more solutions move to the cloud and enterprises rely less and less on physical servers and network connections, the need for VPNs will eventually evolve, if not disappear altogether.

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
iboss has created the first and only web gateway as a service specifically designed to solve the challenge of securing distributed organizations. Built for the cloud, the iboss Distributed Gateway Platform leverages an elastic, cloud-based node architecture that provides advanced security for todays decentralized organizations with more financial predictability. Backed by more than 110 patents and patents pending, and protecting over 4,000 organizations worldwide, iboss is one of the fastest growing cybersecurity companies in the world. To learn more, visit
Featured Writers
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.