The current crisis has accelerated the trend towards a new normal where remote work is the rule rather than the exception. VPNs have long been a trusted and popular solution for securing remote access to corporate resources, and while reliable and popular, they're not always the best solution for supporting and protecting the workforce. changing job today. The idea of a "full VPN"* for everyone is like having a hammer in your toolbox: the multiple flavors of VPN are essential to consider alongside other technologies when designing. Improved remote access. However, today's "new standard" shows the limitations of traditional VPNs, making it clear that a new approach is needed to secure remote access. When the doorbell rings and the repairman comes to fix the electric stove, caring homeowners aren't just going to hand over the house key and say, "Kitchen is the first door on the left, go ahead and help." you", then leave. They'll stick around and keep an eye on the service guy to verify he's doing his job, and they certainly won't let him wander the house unsupervised. And yet, when it comes to corporate security, that's exactly what What Happens: A Virtual Private Network (VPN), standard technology in many organizations for giving remote users access to corporate resources, offers The 'Keys to the Castle': Once users are connected, a VPN allows them to proceed without restrictions. Also, in the current crisis, many VPN gateways are finding it difficult to perform under the load of additional home office users. Having to route all traffic through the corporate data center adds significant latency and hurts quality of time-sensitive services, such as video conferencing, however, there are many mechanisms to avoid this effect that make VPN complex and expensive to manage.
The dangers of insecure trust
While the VPN castle key approach has always been problematic, today it is even more dangerous. If you control and trust the entire end-to-end VPN network and ecosystem, a full VPN is a solid choice, but if you can't or cannot control the entire ecosystem, a full VPN introduces the risks of lack of visibility and control. Attackers can target a much larger area of attack these days: when they manage to obtain a remote user's credentials or gain access to an unsecured home office device, a traditional VPN will give them a free pass to surf the web. the corporate network. Here they can search for sensitive information and install malware such as data extraction tools or backdoors to facilitate their return. Trust involves more moving parts than just the VPN tunnel. Since this endpoint becomes a full participant of the network, there must be constant verification of appropriate security tools such as firewalls, IDS/IPS, AV tools, and others. This leads to management complexity that carries risks with multiple tools to manage and maintain. Obviously, there has to be a better way. And in fact, there is: it is called "zero trust". This new approach to security that adds a security mindset to the IT architecture. Zero trust follows the principle: never trust, always verify. No user or device is assumed to be trusted, whether accessing resources from inside or outside the network. The first step to this is getting to know the users, ideally by applying various authentication methods such as hardware tokens or software token applications. Devices connecting to the network are thoroughly inspected, for example by checking ownership (company ownership, private ownership) or whether the patch level is up to date. At the same time, corporate data is protected by limiting access to the resources users actually need for their roles.Zero trust solutions
Today's zero-trust solutions use machine learning (ML) to continuously monitor end-user and device activities against behavior patterns and company policies. This allows security teams to quickly detect unusual activity that indicates compromised accounts or insider threats. By providing alerts as soon as suspicious activity is identified, zero trust enables a fast and highly targeted response. This dramatically speeds up incident response and reduces the time attackers have to search the network. This approach, after many years of ``bad guys'' improving their tools and tactics while businesses and organizations were slow to respond, is finally helping businesses catch up on security, no matter where they are. users or what devices they use. This makes it the ideal solution for today's world, where, accelerated by the crisis, remote work has become the new normal. Zero-trust IT environments ensure that companies don't just hand over house keys to a "technician" who rings the doorbell. Instead, he will ask the repairman, and any other visitors, for a company badge with a photo ID. He locks all the doors except the kitchen door, knowing exactly where the technician is and what he is doing. And if he behaves unexpectedly, he will automatically notify the owner. In this way, companies can always keep an eye on users and devices, improving compromise detection and reducing attack windows. At the same time, employees can access company resources securely, anytime, anywhere.- Darren Fields is the Vice President of Cloud Networking EMEA at Citrix.