Here are the stories behind VPNs, Zero-Trust Security and Software-Defined Perimeter (SDP), all three elements of corporate cybersecurity that have a common goal: to secure company resources. Zero trust is a relatively recent concept that fills in security gaps left by traditional security methods. SDPs are network architectures that use zero trust principles to provide remote access more securely than VPNs.
Experts predict that VPNs will become obsolete in the future as SDP and zero trust adoption increases. VPN usage is still widespread, but not yet at the same level.
The technologies are not identical, but they share a common goal: to secure corporate networks. This is also reflected in the growing need for remote support by organizations.
Define VPN, Zero Trust and SDP
VPN
VPN is short for virtual Private Network. This technology creates encrypted tunnels between authorized devices and corporate networks. Remote employees can connect to corporate networks as if they are in the office. VPNs provide secure remote access to employees regardless of where they are physically located.
A company may use VPN technology when it has many remote users, or multiple locations for resources that employees need to access securely. VPNs have some shortcomings, including a lack support for modern devices such as IoT devices and mobile devices that need network access.
Zero trust
Zero Trust is an advanced cybersecurity strategy which treats all users and devices as threats until proven otherwise. It limits lateral movement, and denies access requests by default. The principle is upheld by a zero-trust model, meaning that users and devices are only allowed to access the apps, systems and services they need in order to perform their job. Zero trust means that users and devices are required to undergo continuous authentication when they move around an IT environment. This is true even if the users were previously internal users.
Zero trust takes into account context as well as identification. Zero-Trust Network Access (ZTNA), for example, which applies zero trust principles to a network architecture, might deny access to an authorized user that usually logs into an application from New York between the hours of 9 am and 5 pm but suddenly attempts to log in at 3 am in Alaska.
Implementing zero trust is difficult and complex, as it’s a philosophy, not a technology. As a zero-trust approach is based on identity and access management, teams need to ensure that user permissions and authorizations remain accurate and up-to date.
Experts say that organizations who handle sensitive or highly classified data can gain the most from a zero trust approach. However, everyone can benefit.
SDP
SDP enables secure remote access by implementing zero-trust concepts. It’s an overlaid network, a network which sits on top of another network and is connected by virtual or logical connections. This network conceals the network resources inside a perimeter. The SDP is a cloud that acts as an invisible cloak, preventing unauthorized users from seeing or accessing the hidden resources.
SDPs are used to authenticate users and connect them to corporate resources, such as applications or data, through a secure portal, using identity policies. This is done regardless of whether the resources reside in private data centres, the cloud, etc. An organization can use SDP technology in order to reduce network attacks such as denial-of service or man-in the-middle attacks.
Some experts refer to ZTNA 2.0 as SDP 2.0.
VPN vs. zero trust
The cybersecurity spectrum is divided into two distinct sides: zero-trust and VPN. VPNs are all-or nothing, allowing authenticated users to roam freely throughout the network. This sets the stage for lateral attack. If bad actors are able to get past the VPN or moat they can have full control of the corporate network or castle.
Zero-trust security on the other hands, allows only those users who need to know access. If an attacker manages to gain access to an IT environment, microsegments limit their ability to move laterally and access sensitive information.
Although experts agree that a model of zero-trust provides better results than traditional perimeter security it is possible for an organisation to implement zero-trust capabilities while still using VPN. Microsegmentation, for example, can reduce some of the inherent risks associated with VPN use.
SDP vs. zero trust
Zero-trust security refers to a security philosophy, or strategy. SDP and ZTNA fall under this umbrella.
SDP and ZTNA architectural designs apply zero-trust policies and principles to remote network access. These platforms control access to services, applications and systems by using trust brokers – software that authenticates users based on their identity and context.
SDP and ZTNA are newer security strategies for networks, with a shorter history in enterprise than traditional VPNs. However, they offer more innovative protection mechanisms. Zero-trust principles, as implemented by SDP and ZTNA technology, can help organizations protect their networks more effectively and reliably from internal and external threats.
The future of enterprise cybersecurity will probably be shaped by the zero-trust model. A SDP is a way to implement the principles.
SDP vs. VPN
Vendors have claimed that VPNs were irrelevant, and SDP was the future of corporate security. While most experts agree that SDP technology is superior to VPN and addresses many of its shortcomings, traditional VPNs are still a key component in the secure remote access strategy for many organizations. SDPs are a more secure alternative to VPNs, but they also come at a price — time and money — that many organizations cannot afford.
Analysts predict that SDP and ZTNA technologies will continue to dominate network security in the years ahead. Many organizations deploy ZTNA and SDP platforms alongside VPNs to ease the transition as they move towards zero-trust models. SDP can be used for high-risk scenarios, but traditional VPNs are still available for other use cases. This allows enterprises to reduce the attack surface of their network without completely abandoning legacy technology.
