“The VPN is dying.”
“The VPN is dead.”
“The death of the VPN!”
“Wait, I still use a VPN for that.”
“Long live the VPN.”
You’ve heard it all countless times before.
The headlines have been cyclical, copious and dogmatic over more than two decades, like a cosmic loop of inevitable banter about the weather. Through all of this, the VPN has survived. After all, a VPN is a virtual private network, an app an end user can call up to form a cone of silence over (or within) his or her public connection.
A VPN is like a mini-firewall, out at the edge, protecting distributed organizational resources. This mini-firewall at the edge, or VPN, persists, despite repeating rumors of its demise. It lives on in smartphones, and in films (Spider-Man: Far From Home), and in classrooms, and in computer architectures where security needs to be scaled outside the network core and data center. The VPN’s essence lives on in all of this because it is a roll-off-the-tongue, easy-to-understand / easy-to-justify network security strategy: To provide safe passage to that which is precious and protect them and that data from cyber highwaymen.
Virtual private networks (VPNs) haven’t died or gone away. They’ve lived so long as to take on new names, new deployment designs. So now that we understand the VPN’s ongoing presence, what form is it taking?
- A server-and-agent (or agentless) deployment leveraging firewall as a service protection from the cloud.
- An endpoint device’s ability to connect to an encrypted tunnel and use it for secure and private computing.
- Something installed on each device that makes it protectable, i.e., agents deployed that enable each network participant to ward off a variety of attacks automatically.
While there are new names on the block, new more complex shapes the VPN is taking, there are also new types of endpoint devices and computing environments for the VPN to support and protect. This complicates the VPN’s role but does not eliminate it. For your wide lucidity it’s important to look beyond devices in your virtual private network (VPN) outlook, to look at cloud access points and containers, the latter which are basically self-contained software that’s abstracted away from the operating system so it can run almost anywhere.
Whether it’s a software agent on every device, or an agent-less security system hosted on cloud server or cloud server proxies, VPNs continue to provide secure tunnels for users and authenticated devices when outside a private network.
Just because technology marketers aren’t talking about the VPN anymore doesn’t mean you aren’t employing its capabilities under the hood of a newer and sexier technology label. Some of these security technologies include:
- Endpoint protection and response (EDR) system – Endpoint detection and response is cybersecurity technology that continuously monitors and responds to threats across computing resources. EDR usually utilizes data collection agents, reinforced endpoint security such as file integrity monitoring and IDS, automated response, and analysis.
- Secure access service edge (SASE) – The secure access service edge is an emerging offering combining WAN capabilities with comprehensive network security functions – such as secure web gateways, firewall as a service (FWaaS) and zero trust network architecture (ZTNA). According to Gartner, which coined the term, SASE capabilities are delivered as a service based upon the identity of the entity, real- time context, enterprise security/compliance policies and risk assessment.
- Zero trust architecture (ZTA) – Zero trust is the term for a mature but evolving cybersecurity approach that moves defenses from static, network-based perimeters to focus on users, assets, and resources. Not implicitly trusting assets connecting to the network, the ZTA is often built from a principle of least privilege and defense in depth to defend against the spread of malware, malicious instructions and fraudulent or criminal activities.
Why the VPN is not dead, but instead better
All this being said, something has fundamentally changed about the VPN, and changed for the better. Put simply, VPNs aren’t the pain in the neck they used to be. VPNs have had a stigma of being onerous, rigid, oppressive, making access a chore for end users and requiring more secret passwords and logins than eight seasons of Scooby Doo episodes.
But with the move to approaches such as EDR and SASE, VPNs have fused into the technology layer, becoming more discrete and less burdensome. Yeah, the VPN is on… Yeah it’s protecting you… No, you don’t have to log in to it every time you do work, although it is best practice to protect access to sensitive enterprise applications with MFA, encryption, and workload segmentation.
Atomicorp offers integrated intrusion detection and cloud workload protection functionality through Atomic Protector. Formerly Atomic Secured Linux (ASL), Atomic Protector is an endpoint detection and response system and cloud workload protection platform, the most widely distributed full-stack security solution for Linux servers today.
Is the VPN truly dead … yet again? Not really. It’s just more of a dirty word.
Get the VPN functionality required for today’s distributed hybrid cloud architectures without the hassle of logging in and logging out, additional superfluous passwords, and indirect VPN traffic backhaul to a VPN controller before that traffic is delivered. Orchestrate security out to the edge with Atomic Protector for endpoint and cloud workload protection.
Get a demo.
Read the endpoint, SASE, and cloud workload protection whitepaper.