The first blog in this series explored why organizations should split the implementation of a zero-trust initiative into three more manageable steps, beginning with securing access for users who pose the highest risk. The second step, which we will examine now, is to secure access for remote users.
With remote work now a permanent part of the work landscape, securing remote users’ access to corporate systems and applications has become a critical step in the journey to zero-trust.
Virtual private networks (VPNs) have been used for decades to give remote users access to corporate systems. Historically, when the huge majority of workers came to the office each day, trust and access were based primarily on whether or not you were on the company network – and VPNs behave the same way. If you have the right credentials or certificates, your VPN will trust that you belong on the corporate network and grant wide lateral access.
VPNs were an important access tool for workers on business trips or otherwise away from the office, but they come with their own slew of problems:
VPNs are site and network-centric rather than built for applications and users.
VPNs give too broad of access to applications, users, and other networks connected to the VPN. Once a bad actor gains access to the VPN, they can essentially access everything.
VPNs were simply not built to provide remote access for entire organizations. VPN performance issues can be detrimental to productivity and cause significant user frustration, not to mention the cost of bandwidth needed to terminate all the connections.
Despite these well-documented problems, VPNs are at the core of remote access for many organizations and the thought of replacing them may be a non-starter. This is why Cyolo does not force our customers to immediately replace their VPNs. Instead, we offer a solution that can augment the existing VPN deployment, seamlessly integrate into remote workflows, and verify identity to provide the appropriate access level for different user groups.
Cyolo empowers organizations to first strengthen the security features of their VPN with identity-based Zero-Trust Network Access (ZTNA) and then, when they are ready, to turn off the VPN altogether. Since Cyolo does not require change management, it is quick and easy to stand up this additional layer of security to support your existing remote connectivity solution. During the VPN-augmentation period, the Cyolo platform will enable not just multi-factor authentication (MFA) but also continuous authorization of all users, based on identity. In addition, Cyolo delivers users directly to applications, not to the full network. This adheres to the zero-trust principle of least privilege access and significantly limits the potential attack surface for bad actors.
The Cyolo identity access controller (IDAC) is an an application connector that connects remote workers to the applications they need. The Cyolo IDAC supports any application protocol and can be implemented on-prem or in a cloud provider, like AWS or Google, and can be deployed anywhere, even without internet connection.
Bonus: The overhead to manage and deploy the Cyolo platform is much simpler than a VPN and doesn’t need firewalls, VPN agents, licenses or credentials.
VPNs played a pioneering role in the history of remote access, but they were never intended to support entire organizations or ensure the level of security that modern businesses demand. Today, identity-based zero-trust access is the best way to allow remote users to connect to the resources they need seamlessly and securely.
A gradual transition from VPN to ZTNA, possibly even including a period when the two run side by side, will reduce pressure and allow stakeholders to see the security benefits of identity-based access before turning the VPN off once and for all. At this point you will be ready for the third and final step of Cyolo’s recommended zero-trust journey, securing hybrid and on-premises users.
Author
Samuel is the Director of Product Marketing at Cyolo. Before cybersecurity, he spent 7 years working in the ER and loves to tell stories. He is the husband to one, father to four, lives in Bozeman, MT, and would rather be outside. He holds an M.A. in Strategic Leadership from Life Pacific University.