Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

Chris ScheelsJanuary 13, 2021

Developing Your VPN Replacement Roadmap

Step 2 of 4 in your Fast Track to Superior Secure Remote Access

The time has come to phase out your VPN and adopt a Zero Trust approach to remote enterprise network access. We know it can be easier said than done. Many before you have been daunted by the scope of the transition and fear of operational disruption. It doesn’t have to be this way. Many of our customers start small, prove value, then scale quickly as part of a crawl, walk, run approach.

Our Software-Defined Perimeter (SDP), designed and built with Zero Trust principles in mind, can work with your VPN and other legacy technology as you work to phase it out. There are a multitude of ways to approach a VPN replacement. Our diverse customers have found viable paths to move their Zero Trust journey forward in safe, non-disruptive ways, including:

  • Define Your VPN Baseline
  • Uncover Impending Budget Triggers
  • Assess Highest Risk Users and/or Apps
  • Factor in the Business Value

A Less Painful Path to Zero Trust

First of all, a full-scale rip-and-replace of all your VPNs is unrealistic. Many of our customers who adopt SDP over a VPN approach did it strategically and incrementally, phasing out VPNs as part of their greater Zero Trust journey. The most pain-free way to shift from a VPN to an SDP is to identify initial areas where the change can be made with the least amount of friction or disruption to business workflows with the highest risk reduction.

With this in mind, we lay out the following considerations when starting your VPN replacement journey:

1. Define Your VPN Baseline

If you are like most mid- to large-sized organizations, you have acquired multiple VPN solutions to control access to different resources in different locations. Identify what and where those are, who is using them, and for what purpose. This should include the identification of vendor names, user numbers, contract expirations and any upcoming hardware refreshes. Also important is the assessment of the nature of the network, data and people each VPN bucket is providing access to, and the cost of each platform— both in terms of hardware maintenance and software licensing.

2. Uncover Impending Budget Triggers

Search for VPN replacement points that would cause the least amount of friction and disruption to business workflows. Using your list of VPN vendor buckets, sort by the nearest renewal date, and estimate the annual renewal cost for hardware maintenance, support and any licensing costs. This becomes your initial budget for killing your VPN over time and truly securing your remote access. A hardware refresh or license renewal trigger date can serve as the entry point for your first Software-Defined Perimeter use case.

3. Assess High-Risk Users and/or Applications

Identify the most pressing risks of the continued use of VPNs present. What would cause the most damage to your organization if the vulnerability inherent in all VPNs was exploited by attackers tomorrow? Would it be the compromise of a financial app, a database containing IP or PII, a code repository, or often just plain old third-party vendor access? Maybe all of the above? While your organization may have robust security standards and practices in place, third-party partners that are allowed to connect to your network might not. VPN access points used by third-parties are often the weakest security link and have become the attack vector of choice by cybercriminals and hackers.

4. Factor in the Business Value of Improving Operations

Client VPNs all have the limitation of only being able to connect to one location at a time. Maintaining site-to-site VPNs to connect to different site infrastructures is not only costly, it’s complex and brings its own set of vulnerabilities. This exposes more of the network to attack via inside lateral movement should one entry point be compromised. Users from different teams must connect to multiple locations throughout the day to do their jobs. This leads to excessive VPN switching, which lowers workflow efficiency and creates further security vulnerabilities. Moving to an SDP with multi-tunnel capability eliminates the need for VPN switching, and reduces the overhead cost and complexity of maintaining many site-to-site VPNs or MPLS traffic flows.

These are just a few preliminary considerations for undergoing a VPN replacement. But in reality, there is no single right way to go about it. Every organization is different, with different complexities, teams, risks and needs—these will need to be factored in as you embark on your journey from VPN-based security to an SDP.

We have partnered with hundreds of enterprises on their journeys to replace VPN. We first seek to understand their unique situation and challenges, then we work together to build a plan to start small, demonstrate value and scale quickly on a path to full Zero Trust secure access and café style networks.

Explore Appgate SDP