Search
Appgate SDP

Appgate SDP Overview

Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Chris ScheelsMarch 17, 2020

You’re Ready to Kill Your VPN

But Where Do You Start?

Share


You might already know the time has come to phase out your VPN in favor of a more secure approach to enterprise network access. But you may be daunted by the scope of the transition and the headaches it may cause. It doesn’t have to be this way.


You already know that the evolution of cyberthreats has outgrown your network security strategy, and now it’s time to replace your VPN for a Zero Trust solution.

But the task of phasing out your VPN in favor of a Software-Defined Perimeter (SDP) – a solution that was designed and built with Zero Trust principles in mind – is daunting. You know the transition is necessary, but it’s likely to be a headache, and you’re worried that the whole process may end up disrupting the business.

A Less Painful Path to Zero Trust

First of all, a full scale rip-and-replace of all your VPNs is unrealistic. Many of our customers who adopt an SDP over a VPN approach did it strategically and incrementally, phasing out VPNs as part of their greater Zero Trust journey. The most pain-free way to shift from a VPN to an SDP is to identify initial areas where the change can be made with the least amount of friction or disruption to business workflows.

With this in mind, we lay out the following considerations when starting your VPN replacement journey:

1. Get a Firm Grasp on Your VPN Posture and Costs

If you are like most mid- to large-sized organizations, you have acquired multiple VPN solutions to control access to different resources in different locations. Identify what and where those are, who is using them, and for what purpose. This should include the identification of vendor names, user numbers, contract expirations, and any upcoming hardware refreshes. Also important is the assessment of the nature of the network, data and people each VPN bucket is providing access to, and the cost of each platform, both in terms of hardware maintenance and software licensing.

2. Identify VPN Replacement ‘Low Hanging Fruit’

Search for VPN replacement points that would cause the least amount of friction and disruption to business workflows. Using your list of VPN vendor buckets, sort by the nearest renewal date, and estimate the annual renewal cost for hardware maintenance, support and any licensing costs. This becomes your initial budget for killing your VPN over time and truly securing your remote access. A hardware refresh or license renewal trigger date can serve as the entry point for your first Software-Defined Perimeter install.

3. Evaluate Risk for VPN Replacement

Identify the most pressing risks the continued use of VPNs present. What would cause the most damage to your organization if the vulnerability inherent in all VPNs was exploited by attackers tomorrow? Would it be the compromise of a financial app, database protecting IP or PII, code repository, or often just plain old third-party vendor access? Maybe all of the above? While your organization may have robust security standards and practices in place, third-party partners that are allowed to connect to your network might not. VPN access points used by third parties are often the weakest security link and have become the attack vector of choice by cybercriminals and hackers.

4. Factor in the Business Value of Improving Operations

Client VPNs all have the limitation of only being able to connect to one location at a time. Maintaining site-to-site VPNs to connect to different site infrastructures is not only costly, it’s complex and brings its own set of vulnerabilities. This exposes more of the network to attack via inside lateral movement should one entry point be compromised. Users from different teams must connect to multiple locations throughout the day to do their jobs. This leads to excessive VPN switching, which lowers workflow efficiency and creates further security vulnerabilities. Moving to an SDP with multi-tunnel capability eliminates the need for VPN switching, and reduces the overhead cost and complexity of maintaining many site-to-site VPNs or MPLS traffic flows.

These are a few preliminary considerations for undergoing a VPN replacement. But in reality, there is no single right way to go about it. Every organization is different, with different complexities, teams, risks and needs – and these will need to be factored in as you embark on your journey from VPN-based security to an SDP.

If you’re serious about killing your VPN and want to transition to a Software-Defined Perimeter, we invite you to connect with an expert who can assist you on your journey.

To learn more about Appgate SDP, click here.

Remote Access Demo, Featuring Forrester

Receive News and Updates From Appgate