Word Wall Black Red

Jason GarbisMarch 11, 2019

It’s Time for a VPN Alternative

We must all accept it: The time has come to replace your VPN approach to network security. AppGate VP of Products Jason Garbis explains why an SDP is the Zero Trust-focused solution every enterprise needs.


We must all accept it: The time has come to replace your VPN approach to network security. AppGate VP of Products Jason Garbis explains why an SDP is the Zero Trust-focused solution every enterprise needs.

Today’s network landscape is one of incredible complexity, with distributed applications, people, and data. Companies have taken the standard method of protection, the trusted private network, and applied hundreds or thousands of VPN and firewall rules with complex topologies to manage the chaos.

Our expanding cloud and mobile ecosystems have made the perimeter both porous and irrelevant. In the meantime, our networks are infested with unsanctioned, insecure devices. To complicate matters, in an increasingly distributed work environment, cyberthreats are just as likely to come from inside the organization as they are from the outside.

To use VPN technology to secure how we work today simply defies progress.

VPNs Have Four Critical Flaws

Using static, perimeter-centric VPNs simply can’t provide protection when so many devices connect to the network from outside the perimeter. The approach is critically flawed. Here’s why:

  • VPNs Authenticate to Everything – Once authorized, users typically have unrestricted access to the entire network
  • VPNs Are Too Simplistic – In a world where the physical perimeter is no longer relevant, they are unable to keep up
  • VPNs Provide Static, Perimeter-Based Security – This is ineffective when user context, user location, and security threats are ever-changing
  • VPNs Are a Siloed Solution – Ultimately, VPNs are only useful for remote access by remote users. They don’t help organizations secure on-premise users or on-premise networks

What is an Enterprise to Do?

Security industry analyst Gartner recommends that organizations phase out their legacy VPN and DMZ architectures in favor of a Software Defined Perimeter (SDP). The idea behind this is that enterprises can continuously evaluate in real time if a user or device should be trusted or not. It mirrors similar sentiments from another industry analyst, Forrester, around Zero Trust – the notion that we must not trust any connection unless it is first verified.

An SDP is a network security model that dynamically creates a 1:1 network connection between users and the data they access. It reduces the attack surface by creating a discrete, encrypted network segment of one, making everything else in network systems invisible and therefore inaccessible. A network segment of one is an individualized, micro-segmented network tailored for each individual user, device, and session.

Further, this solution is holistic – it provides a single secure access control platform for both remote and on-premise users accessing remote and on-premise resources.

An SDP is designed around the user, and addresses VPN shortcomings because:

It’s User-Centric – An SDP ensures we know as much about a user as we can before allowing them to make a connection to the network, information such as:

  • What is the user’s context?
  • What device are they using?
  • What is the device’s security posture?
  • Where is the user located?

It’s Adaptive and Extensible
– An SDP manages access and adapts based on user context, device, and security conditions. It integrates with operational systems and provides an individualized perimeter for every user, granting specific access and visibility to only the network resources the user needs to do their job.

It Adheres to the Principles of Zero Trust – A central idea of Zero Trust is that access is never granted based on assumed trust. It requires that trust be earned through proactive device introspection, identity validation, and contextual analysis that is continuously re-evaluated using a contextual, risk-based approach.

When it comes to network security, organizations have a choice – keep deploying outdated technology that is inherently vulnerable to compromise, or come to the conclusion that it’s time to seek out a VPN alternative. It’s time to deploy an SDP, the latest cybersecurity innovation to secure the technology of today.

Receive News and Updates From Appgate