When COVID-19 sparked the surge of work-from-home (WFH) employees, VPNs became a must-have enterprise staple. In fact, since COVID-19, nearly 70% of companies increased their business VPN usage while nearly 30% of other companies leveraged VPNs for the first time.
How reliable are most VPNs? According to the NSA, some ill-equipped VPNs may be highly vulnerable to cyberattacks, which are more pervasive than ever, resulting in more than $4 billion in U.S. losses last year. Every organization is vulnerable and 20% of cybersecurity issues stem from WFH users.
But while nearly everyone has transitioned to distributed work, not everyone carries sensitive information across their VPN, where an exploit could harm their business. So, there are cases where VPNs make a lot of sense. For example, let’s say you’re a developer who works on open source software and uses VPN to access it—do you really care if your data gets breached? Probably not.
But what if you’re managing highly sensitive data? That’s a completely different ballgame and a VPN may not be the right fit. From high-profile data breaches to foreign cyberespionage activity, VPN security issues persist and you don’t want to become another statistic.
What’s causing these breaches? VPNs authenticate users by simply confirming their username and password. However, once a VPN’s “single fence perimeter” is crossed, entire classes of users have unfettered access to countless apps by just connecting to the enterprise network. Think of it as passing by a building’s security guard—once you’re in, you can roam the entire building.
What’s a better way to manage access? Leverage a zero-trust network access (ZTNA) framework. ZTNA enforces the concept of least-privilege. So, users, by default, aren’t granted access to resources until ZTNA knows who they are, their risk behaviors and the risks of the device they use to access company resources.
How does ZTNA grant access to apps? First, it provides conditional app access—which can be very wide or very narrow—depending on their identity, risk profile and device risk. This reduces the surface of attack because ZTNA users have no visibility into the apps they don’t have access to.
Additionally, ZTNA implements per-app VPN access. Here, only specified apps on a user’s endpoint device can send traffic to …….