October is Cybersecurity Awareness Month! All month long, we’ll be exploring cybersecurity-related topics to help you (and your data) stay safe online.
Click to learn more about author Francis Dinha.
Like clockwork, it seems as though every time you check the news you see a story about a major hack of an organization’s VPN. Colonial Pipeline, a major supplier of oil, is a perfect example, demonstrating just how fragile a VPN can be when the company was hacked via its legacy VPN. Please take note of the most important word in that sentence: legacy. The hacking caused Colonial Pipeline to temporarily shut down pipeline operations before paying the cybercriminal gang DarkSide $5 million to restore access to company data. In reality, that is nothing in comparison to what could have happened. How did a breach like that occur? Colonial Pipeline CEO Joe Blount testified on the hill that the company’s legacy VPN did not implement basic cybersecurity policies. Not even multi-factor authentication had been implemented.
Sophisticated threats, regionally and remotely distributed workforces, work from home, the growth of IoT, and the move to the cloud make the old, rigid ways of connecting and insulating assets obsolete. The days of legacy VPNs as purely remote access or site-to-site are gone. Modern network architecture requires room for contemporary approaches to sit on top of a private networking foundation. This is something that all CSOs and CIOs should embrace – the concept that a layered approach is absolutely key to success.
This shouldn’t come as a surprise. Layered approaches have been the smartest methodology in protecting systems to date. Legacy VPNs, although both less sophisticated and less secure, still fill a vital role within a company’s tech ecosystem. Luckily for enterprises around the world, next-gen VPNs have fortified their security with enhanced encryption and zero trust security principles to keep data secure as hybrid work environments continue to become the norm in the working world.
So, as an IT decision maker of a small to medium-sized business (SMB) or enterprise organization, what else, in addition to layering, should be considered when it comes to security in next-generation VPN solutions?
- Don’t toss the baby with the bathwater: Remember, SASE, zero trust security, and SDNs are not replacements for VPNs but are instead fueled by them. A VPN is a vital part of an organization’s ecosystem, especially with the proliferation of remote working.
- Encryption, encryption, encryption: The new generations of VPNs encrypt and tunnel traffic to the VPN server. The tunnel connects the employee’s device to the enterprise’s network and makes it part of the corporate network. This encryption is essential for securely accessing corporate resources, especially for employees connecting from their home ISP, or public WiFi, which oftentimes utilizes the easily exploitable WPA2 encryption standard.
- Zero trust: Mentioned earlier, zero trust is a basic must-have in security. Due to the number of devices, remote workers, and the cloud (or even hybrid), the traditional network edge is long gone. Networks can be local or in the cloud. Either way, zero trust must be incorporated within the VPN.
- Scalability and agility: Customization and agility are key for all next-gen VPN. The solution should be customized for each enterprises’ needs to help keep them operational and secure from MITM exploits and other breaches of network integrity. Whether on-prem or in the cloud, self-hosted or serverless, any solution needs to exhibit resilience, agility, and have the infrastructure to help enterprises of all sizes network securely and at scale, anywhere in the world.
The years 2020 and 2021 were a huge reset for the world, especially the business world. With any great disruptions, there are often great paradigm shifts. And with those shifts, comes growing pains. It is becoming obvious that hybrid work is here to stay and as employees work farther away from corporate data centers, next-gen VPNs are now and will continue to be a critical part of any IT infrastructure.