Why VPNs and Zero Trust Network Access Are Not Mutually Exclusive

There are some voices within the IT and cybersecurity communities that insist VPNs are outdated, insecure, and insufficient for the network security demands facing today’s businesses. They instead advocate for zero trust network access (ZTNA) as the silver bullet for every IT and cybersecurity professional’s secure remote access woes. Theirs is a decidedly either/or view of the problem.

What these voices fail to recognize, however, is that secure remote access is absolutely achievable with a business VPN that also has a zero trust architecture in place. You read that right: VPNs and ZTNA are not mutually exclusive.

Read on to learn how your organization can and should employ both a business VPN and ZTNA for a sophisticated, layered approach to its corporate network cybersecurity strategy.

The Rise of VPN Use for Remote Connections

The COVID-19 pandemic was not the catalyst for the advent of virtual private networks (VPNs), but global businesses’ need for remote work solutions and security policies certainly put the demand for business VPNs into hyperdrive. In a recent study conducted by OpenVPN, 68% of employees say their company expanded VPN usage as a direct result of COVID-19, and 29% say their organization started using a VPN for the first time.

In today’s remote work environment, cloud services dominate, and defined physical boundaries are absent. IT teams no longer have control over security solutions for a uniform, on-premises workforce utilizing employer-supplied workstations behind a firewall. And this hybrid ecosystem looks different for every business. It often involves a complex mix of remote employees, apps, numerous endpoints, mobile devices, and personal laptops (and public WiFi) with a variety of operating systems. The result? A worrisome array of vulnerabilities that businesses cannot afford to overlook.

Good to Know: Privileged Access Management (PAM) refers to "an information security mechanism that safeguards identities with special access or capabilities beyond regular users. Like all other infosec solutions, PAM works through a combination of people, processes and technology." Using a PAM system can help you monitor your organization’s network and what data is being accessed by which users.

Cyber Threats and Security Risks of the Virtual Work Revolution

In-office employees and remote workers alike are tasked with handling sensitive data, often with remote devices, all while navigating the seemingly endless threat of vulnerabilities:

• phishing attacks
• malware attacks
• security breaches
• weak passwords
• ransomware
• file sharing

The risks are ever-present, especially with a remote workforce. Today’s businesses need streamlined, sophisticated systems that are easy to deploy.

Recommended Reading: The Remote Desktop Protocol (RDP) enables remote employees to use Microsoft Windows at an off-site location by accessing an RDP server. But What's the Difference Between RDP and Secure RDP?

The Case for Zero Trust Network Access

Since 2019, the idea of Zero Trust Network Access (ZTNA) has been gaining a lot of traction in the IT community.

The ZTNA ethos is often summarized as trust nothing, verify everything. This model relies on a healthy dose of cyber skepticism to prevent unauthorized access, security breaches, and the financial and relational damages of a potential cyber hack.

According to the IT research and consultancy firm, Gartner, ZTNA is defined as “a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.”

ZTNA allows organizations to exercise the utmost control over their network security. And with so much remote work and VPN usage going on right now, it makes perfect sense for every business to ensure it is utilizing both its VPN and ZTNA.

Given the sheer volume of cyber attacks, insider threats, and security breaches today’s businesses face, the benefits of a zero trust architecture are obvious. The cost of a data breach is another factor businesses cannot ignore: a 2020 IBM report estimates that the average total cost of a data breach is almost $4 million. ZTNA is too valuable NOT to use.

Configuration is Key

It bears repeating: all VPN solutions are not band-aids that stand at odds with the zero-trust ideal. Furthermore, it’s crucial to understand that all VPN services and applications are not created equal. Solutions like VPN Cloud are fundamentally designed to afford precisely the level of access control and risk mitigation that ZTNA aims to achieve.

But configuration is key.

“Claiming that your VPN doesn’t offer zero trust network access is like claiming your car isn’t safe because it doesn’t offer seatbelts," explains Francis Dinha, CEO of OpenVPN, Inc. "The seatbelts are there (in a good car, anyway) — you just have to actually use them if you want them to be effective. If you choose not to buckle up, you can hardly criticize the car for being unsafe.”

Thankfully, remote access solutions like CloudConnexa make it simple to effectively configure ZTNA with your business’s VPN.

OpenVPN provides all the tools and capabilities your business needs to build a strong zero trust network to block or significantly mitigate attacks. This allows you to:

• Never trust connections based solely on the perimeter defenses. Define identity-driven authentication policies, then enforce secure connections for specific application resources.
• Classify and isolate specific application resources so they can only be accessed through your secure private network, regardless of location.
• Prevent lateral movement on your network with strong identity authentication and network-level authorization for services access by enforcing authentication on every connection with the Connect Auth feature, integrating with leading SAML identity platforms, and using flexible group-level access control to domain names of private and public services.
• Define access controls based on user groups. Create access control lists (ACL) that limit access to only those resources required for every group. Map roles and departments to ACLs and enforce those at the network level.
• Restrict access to only trusted internet destinations by domain names.

Our tools allow your business to extend security beyond your perimeter, unify access authentication, manage lateral movement, and prevent social engineering hacks, giving you the control and added network security you deserve.

OpenVPN Provides the Solution

With CloudConnexa, businesses no longer have to settle for the either/or application of VPNs and ZTNA strategies. OpenVPN lets you provide remote users with secure access with a best-in-class user experience for both users and admins.

Built on the widely-adopted OpenVPN protocol, the CloudConnexa solution combines secure access control, advanced encryption, IP and domain routing, intrusion detection/prevention, safe content filtering, and firewall capabilities into a mesh-connected, high-speed, secure cloud-based virtual networking platform, with worldwide points of presence.

CloudConnexa also provides a host of additional security measures, like multi-factor authentication (MFA) and single sign-on (SSO), that are industry best practices and should be in place with any VPN setup.