An Ode to VPNs: Why Traditional Solutions Stink

by

April 15, 2020

If you’ve ever had to connect remotely over Virtual Private Network (VPN) for work, you’re missing out. Dante’s Inferno would have included VPNs, had they been around in the 14th Century.If you haven’t read the Inferno, or you’re more familiar with the story of Sisyphus, imagine instead of pushing a rock uphill all day long, trying to connect to your place of business over and over again, only to succeed briefly before losing contact and having to start over.

And now, with increased work from home, VPNs (and the problems they bring with them) are becoming even more prominent.

 

Why do traditional VPNs stink?

 Oh, let me count the ways. There are multiple reasons as to why a traditional VPN solution is less fun than a kick in the pants. For the sake of this article though, I shall limit them to the following:

  1. Traditional VPNs are expensive
  2. Traditional VPNs are slow
  3. Traditional VPNs are difficult to set-up/use
  4. Traditional VPNs can be difficult to secure

 It’s difficult for me to explain each of these points individually as they’re all connected in one way or another. VPNs are expensive because of the cost associated with implementing, supporting and securing them.

 Traditional VPNs are often slow because of things like hardware or other physical limitations. They’re difficult to set-up and properly maintain because an Information Technology department might not have the necessary resources to do so.

 VPNs are also difficult to secure because of all the reasons above but with the addition of a large human element. The actual end-users and the variety of bad security hygiene they bring with them when they try to connect to the VPN and the things they might do while connected to the VPN.

 So, ultimately, what’s the solution? There are three we can think of:

  • Zscaler Private Access
  • Cloudflare Access
  • Idaptive’s IDaaS solutions

 

Zscaler Private Access

 Zscaler Private Access (ZPA) allows an organization to provide access to internal applications and services while maintaining security. Where traditional VPN requires users to connect directly to your network, ZPA allows for policy-based secure access to only the internal apps the user requires to accomplish their task.

 ZPA allows your end-users seamless connectivity to your private applications, whether they’re in the cloud, or a data center or both. It can adjust dynamically to any changes on the network and it allows you to rearrange your resources without hosing your end-users.

 The whole thing is based on the premise of “zero-trust” for all of your applications. Zscaler takes privacy so seriously that your traffic is even isolated from their eyes.

 Key features include:

  • Seamless User Experience  — Policy-driven connectivity that dynamically adjusts to network changes.
  • Enhanced Security — Application-specific connectivity without ever bringing users on-net.
  • Ease of Deployment — Does not require hardware upgrades.
  • Instant Deployment and Discovery — Can automatically discover applications so you can easily build policies around them.
  • Single Sign-On (SSO) — ZPA is tied directly to your enlisting authentication infrastructure, leveraging SSO to further reduce complexity.
  • Real-Time Visibility — Dashboards provide unparalleled visibility into your users and applications, and the health of your organization’s applications and servers.

 

Cloudflare Access

Similar to Zscaler’s ZPA, Cloudflare’s Access also upends the traditional corporate VPN with some pretty nifty technology. If you’re a long time reader of this blog, you probably already know how much we LOVE Cloudflare and what they do on a daily basis to keep people protected on the Internet.

Access and Gateway build on that same technology and enthusiastic corporate spirt as their other products. Cloudflare Access allows you deconstruct “the fence” that’s been built up around internal applications.

As with most of their offerings, Access is exceptionally hard to beat.

Key Features Include:

  • One Dashboard for all Your Internal Applications — This single pane of glass allows you to secure your teams applications in hours opposed to months, standardize access controls and manage access to internal apps on a per-user and per-application basis.
  • Pure, 100% Zero-Trust Coverages — You can minimize the attack surface of exposed applications while protecting asserts, implement software-defined security perimeters without code changes, and establish discrete perimeters of protection around key applications
  • Completely Ditch Your Existing VPN — Authenticate users anywhere, around the world via Cloudflare, drive adoption and reduce IT overhead with a seamless and familiar login experience, and improve end-user performance with Cloudflare’s distributed network and intelligent routing.
  • Seamlessly Onboard Partners & Contractors — Integrate with multiple identity providers simultaneously, utilize popular provider options for external users while your employees use your corporate SSO, and connect securely from any device with no special software agent required.
  • Log & Review Any and Every Event — Generate logs for logins, access requests and policy changes across all of your internal applications, all in one place, search and investigate logs within the dashboard, and integrate with SIEMs for enterprise visibility.

 

Idaptive IDaaS Solutions

Idaptive Identity Service improves end-user productivity and secures access to the cloud, mobile, and on-premises apps via single sign-on, user provisioning, and multi-factor authentication.

It supports internal users (employees, contractors) and external users (partners, customers). Identity Service manages apps, mobile devices, and Macs via Active Directory, LDAP or cloud identity stores.

Key Features Include:

  • Simplify app access with single sign-on for employees, business partners, and customers:
  • Automated Account Management – Save time by automatically creating or updating user accounts across apps
  • Improve efficiency by deploying the right apps the first time, with SSO
  • Improve security with automatic user provisioning and role-based permissions within apps
  • See who has access to which apps, how they received access, and when changes occurred.
  • Manage the app request, approval, and provisioning process with automated workflows
  • Prevent unauthorized access by automatically revoking access to all apps at once
  • Protect App Data – Protect the entire enterprise — on-premises apps, cloud apps, VPNs, endpoints, and
    more
  • Gain granular control with discrete per-app policy, global policy or combinations
  • Select from a broad range of authentication methods
  • Get adaptive MFA based on risk — automated policy only challenges for MFA when user behavior is
    outside of what’s considered normal.
  • Improve user experience without compromising security, thanks to flexible authentication policies
  • Ensure adoption of uncomplicated, user-friendly experience
  • Integrated Mobile Device and App Management
  • Combine device status and identity for smarter, context-based access
  • Enable secure BYOD, with simple device enrollment and integrated single sign-on to business apps
  • Ensure your data is safe with full Enterprise Mobility Management (EMM) including remote lock and wipe
    capability across devices
  • Eliminate help desk calls with a simple user portal to add new devices and locate, lock or wipe existing
    ones
  • Reduce complexity with a single console to manage apps and devices
  • Simplify management with a single source of identity for mobile and app access policy
  • Identity-Based Security and Management for Macs
  • Full control over access to corporate resources and apps
  • Policy enforcement for both BYOD and corporate Macs and mobile device
  • Robust Mac smart card support
  • Single managed identity for users that leverage existing infrastructure.
  • Reduced IT costs through user self-service and a single toolset
  • Management and security for Macs — just like PCs

 

Conclusion

Unfortunately there’s never a “perfect” solution for any problem. But when it comes to replacing a traditional VPN, the three products mentioned above really come close to hitting the mark. If you’re interested in any of them, reach out for a free consultation.

Carl Keyser is the Content Manager at Integris.

Keep reading

How to Navigate the Cybersecurity Workforce Shortage

How to Navigate the Cybersecurity Workforce Shortage

Cybersecurity stats are in for 2023, and the numbers aren’t pretty. Ransomware attacks are up by 95 percent over 2022, according to the latest analysis by Corvus, a cyber risk insurer. With the inevitable rise in attacks coming in election year 2024, it’s enough to...