Tuesday, 20th October 2020

Zero Trust Network Access (ZTNA) vs VPNs: The new era of securing your workforce during crisis

By Salvatore Sinno, Chief Security Architect and Director of Cybersecurity Innovation, Unisys.

Following WHO’s and the government’s safety guidelines in light of Covid-19, organisations of all shapes and sizes switched to remote working. While the work from home (WFH) movement that has been enforced on businesses has contributed to slowing the spread of the virus, collaborating, sharing data and sensitive information online significantly expands the attack surface of a network. Therefore, it’s critical that we organisations move from simply working from home, to finding ways to ensure that citizens, companies, and the nation is cybersecure from home.

Moving to the digital reality

Organisations within private and public sector across the world are focused on ensuring seamless a switch to digital channels during COVID-19, and malicious threat actors aren’t biding their time either. As we move into uncharted waters of working entirely remotely, cybercriminals see this crisis as an opportunity to exploit any gaps and develop sophisticated methods to leverage possible vulnerabilities. Unfortunately, many organisations were not sufficiently prepared against the ‘old tricks’, let alone the new wave of technologically-advanced attacks. The pressure to quickly provide staff with remote working systems has meant that cybersecurity concerns took a backseat.

This issue is being further exacerbated by outdated guidance to simply use a virtual private network (VPN). Although using such safety measures were once the right answer, the demand for remote connections has exposed major flaws with the current remote access model based on the traditional VPN. In fact, old remote access infrastructures were designed to cater for just a fraction of staff working from home at any given point in time, and shouldn’t be used on a greater scale.

This technology was the right approach back when businesses had all of the secure systems in their own data centre, instead of moving across different environments, such as cloud. Using VPNs are simply not an efficient strategy for enterprises that work in the cloud and need their entire workforce to be fully productive from home, or are part of our critical infrastructure and the global economy.

Here are some issues that the Unisys security teams are seeing in the field today:

· VPNs often are of questionable origin, including many of the ‘free’ or cheap VPN services that may or may not terminate in some hostile place. Remember, if an internet service is free, it’s also likely using and selling your data.

· VPNs may encrypt from home to a corporate network access point, but not necessarily to the actual applications. Instead, they might be changed back to clear text as the data moves through your network, making it easily accessible to ransomers.

· Some VPN concentrators are so overloaded that they need massive support of hardware equipment, software licenses, rules managers, and time just to accommodate the overwhelming demand.

· Industry is facing a 400% increase in attacks on VPN infrastructure. That adds to the chaos, with some of what we thought to be load issues turning out to be hostile acts such as ransomware.

· Malicious actors see VPNs as an easy target to crack – once a VPN is compromised, the attack can propagate laterally and at a great pace from server to server within the data centre.

· Worst of all, managers who have been responsible for facilitating WFH are sometimes opening the security doors and allowing unsecured access because their VPNs can’t handle the job for everyone.

Bridging the security gaps of VPNs

If your company has implemented a WFH strategy and is experiencing some or all of the above, it’s high time to make the switch to a Zero Trust model.

The model supports the efficiency enabled by containers, clouds and Kubernetes, which understands the dynamically-evolving risk landscape we are witnessing and enables the secure scalability that today’s enterprises require.

Working safely from home

At Unisys, and with many of our clients, we have one set of Zero Trust-directed security policies that span on-premises, cloud, and container deployments around the world. We use proven technologies including mobile, micro segmentation and Kubernetes to enable us to add as many remote users as necessary, maintaining security, identity, and encryption all the way to the applications. All this is delivered by our Stealth Zero Trust Network Access solution called Stealth Always on Access (AoA).

The benefits of ZTNA and Stealth are immediate as this brings significant benefits in user experience, agility, adaptability and ease of policy management.

To further illustrate the capabilities of the Stealth ZTNA solution, within the first week of the COVID-related mandates, Unisys went from approximately 15% remote workers to over 90%, and that change was completely transparent to the global workforce – increasing employee productivity without sacrificing security, timeliness or budgets if possible.

The new era of securing remote workforce

Like firewalls before them, VPNs are past their glory days. Current enterprises, compounded by the new reality of the global pandemic and heavily relaying on real-time connectivity, must address any gaps exposed by the current crisis immediately. With the number of employees working remotely doubling, or in some cases tripling, businesses must ensure the workforce remains not only productive but also safe at the same time.

A recent HPE panel discussion sought to provide some answers to this question – topics covered inclu...
Pascal Geenens, director of threat intelligence, Radware, offers some fascinating insights into some...
By Mike Kiser, senior identity strategist, SailPoint.
You may be surprised to learn that one of the first computer viruses to bring millions of computers...
How IT managers protect corporate networks from targeted attacks By Chris Connell, Deputy Vice Pre...
Why business decision makers should expand their network security strategy, By Chris Connell, Deput...
By Joseph Carson, chief security scientist at Thycotic.