Here are reasons to choose zero trust network access over remote access VPN
by Francois Teo, Senior Regional Manager ASEAN, Sophos
One of the biggest shifts in the workplace as a result of the pandemic is the trend of remote working. While some companies used to offer the ability to work from home as a benefit, it has now become the norm for most businesses.
According to a survey by the Malaysian Employers Federation (MEF), 61.7% of companies want to continue with a hybrid work arrangement – meaning they have the flexibility to work from home or anywhere they want. This arrangement is only made possible with the use of secured and reliable internet connection.
Over the years, many have relied on remote access VPN, providing a secure method to remotely access systems and resources on the network. VPN was developed to reflect the experience of being back in the office. Once you are in, you have broad access to everything on the network. However, this poses many cybersecurity risks to employees and employers.
On the other hand, Zero Trust Network Access is based on the principle that any connection to your network should be treated as hostile until it has been authenticated, authorized, and granted access to resources.
Traditional remote access VPN vs ZTNA
Here are several differences between traditional remote access VPN and ZTNA.
With remote access VPN, users are implicitly trusted with broad access to resources, which can create serious security risks, especially with the rising number of hybrid and remote workers who may be working on public and unverified Wi-Fi networks. ZTNA treats each user and device individually - this is so only resources that the user and the device are entitled to access are accessible. Ultimately, this reduces the risk of attack and protects data across your entire organisation and every single user, wherever they reside. ZTNA includes monitoring of device health not only before but even after access is granted to the resource. Any change in device posture would lead to revocation of the application access.
A single point-of-presence on the network is provided by remote access VPN, which could lead to inefficient backhauling of traffic from various locations, data centers, or applications through the remote access VPN tunnel. Whether connected from a home, hotel, coffee shop, or office, ZTNA works as effectively and securely. No matter where the user and device are situated, connection management is secure and transparent, providing a seamless experience for the user.
Additionally, ZTNA is a great way to ensure greater security controls during Remote Desktop Protocol (RDP) sessions. RDP has a number of known difficulties, including unprotected default ports, a lack of support for multi-factor authentication, broad network access, and of course, security vulnerabilities. RDP server vulnerabilities and mistakenly-open RDP connections can be directly exploited by attackers, who leverage such exploits to identify themselves as trusted RDP users. ZTNA’s authentication features would consider such users as hostile acting as a layer of defence against attacks.
Remote access VPN is unaware of the traffic and usage patterns it is facilitating, making visibility into user activity and application usage more challenging.
ZTNA access can provide better visibility into application activities because it is micro-segmented. This makes monitoring application status, capacity planning, licensing management and auditing much easier.
Remote access VPN clients are notorious for offering a poor user experience, adding latency or negatively impacting performance, suffering from connectivity issues, and generally being a burden on the helpdesk. These problems won’t help when you’re rushing to meet a deadline.
ZTNA automatically creates secure connections as needed, which gives users a frictionless experience. The majority of users won't even be aware that the ZTNA solution is protecting their data because everything is done in the background.
For organisations, it is challenging to set up, deploy, enrol new users, and decommission departing users of remote access VPN clients. On the firewall or gateway side, managing VPN can also be difficult due to various nodes, firewall access rules, IP management, traffic flows, and routing. It soon turns into a full-time job.
ZTNA solutions tend to be a lot more streamlined, cleaner, and simpler to deploy and manage. They are also quicker and easier to administer on a daily basis because they are more adaptable in rapidly changing environments where people, apps, and devices come and go especially now with the increasing number of remote workers.
Taking the above into consideration, the “never trust, always verify” approach would be useful for companies with multiple resources that need to be shared remotely. Sophos ZTNA is a cybersecurity solution that has been carefully designed to make zero trust network access easy, integrated, and secure. Most recently, it was named Frost & Sullivan’s Global New Product Innovation Award winner, recognized for its superior protection, industry-first integrations, innovative capabilities, and ease of use. It ensures that users have secure access to only the resources that they need. For more information on this, visit Sophos.com/ZTNA.