4 Ways Where Remote Access VPNs Fall Short

Eyal Webber Zvik Cato Networks
4 Min read

Secure remote access is a common need for the modern enterprise. While employees almost exclusively worked from the office in the past, this has changed in recent years. The pandemic and the globalization of the workforce means that organizations may have users connecting and working from all over the world, and these remote users need secure remote access to corporate networks and other resources.

Historically, virtual private networks (VPNs) were the only available solution, and this familiarity has driven many organizations to expand their existing VPN infrastructure as the need for secure remote access has grown. However, VPNs are network solutions that were designed for corporate networks and security models that no longer exist, and cannot provide secure, high-performance network access to a workforce that requires a more modern remote access solution.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Let’s take a closer look at how remote access VPNs fall short:

1. Lack of built-in security/access management

VPNs are designed to provide secure remote access to corporate networks or IT resources. This includes creating an encrypted tunnel between two endpoints — such as a remote employee’s computer and a VPN server on the corporate network — for business traffic to travel over.

While VPNs can protect against eavesdroppers, that’s about all that they can do. They include no built-in access management or security controls beyond requiring a username and password at logon. Protecting the corporate network against any threats that come over the VPN connection — such as those from an infected computer or a compromised user account — or implementing a zero-trust security policy requires additional security solutions deployed behind the VPN endpoint.

2. Geographic constraints

VPNs are designed to connect two points with an encrypted tunnel that network traffic can flow over. Securing corporate network traffic along its entire route requires VPN connections along each leg of that route. Corporate IT environments are becoming more distributed with the growth of cloud computing, remote sites, Internet of Things (IoT) devices, and business use of mobile devices. Securing access to all of the corporate WAN often creates tradeoffs between network performance and security.

VPNs’ lack of built-in security means that security solutions must be deployed behind each VPN server, making it more difficult to directly link every potential traffic source and destination. Instead, many organizations backhaul traffic to the headquarters network for inspection, degrading performance and increasing latency.

3. Inefficient routing

The point-to-point nature of VPN connections means that a VPN connection can only provide secure access to a single location. For example, a user may be able to connect directly and securely to the corporate WAN.

However, corporate networks are increasingly distributed with infrastructure in on-prem data centers and scattered across multi-cloud environments. As a result, VPNs either force users to have VPNs configured for multiple different locations or to accept inefficient network routing that passes through a single VPN terminus en route to their intended destination.

4. Excessive trust in endpoint security

The goal of a VPN is to protect remote users’ network traffic from being intercepted or eavesdropped upon en route to its destination. VPNs don’t inspect the traffic that they carry or perform any access control beyond basic user authentication. As a result, VPNs are overly trusting in the security of the endpoints that they connect.

Some of the threats that VPNs provide no protection against include:

  • Infected Devices: If a remote employee’s device is compromised with malware, the malware can send traffic over the device’s VPN connection as well. This could allow an attacker to bypass security restrictions and gain access to corporate networks.
  • BYOD Devices: The rise of remote work has resulted in increased use of personally owned devices for business purposes. These devices can connect to corporate IT assets via VPNs and may be infected with malware or non-compliant with corporate security policies.
  • Compromised Accounts: VPNs only implement access control in the form of user authentication when setting up a VPN session. If an attacker has compromised a user’s authentication credentials (password, etc.), they can log in as that user and connect to corporate IT assets.

VPNs only secure the connection over which two endpoints are communicating. They’re overly trusting of the endpoints involved in the communication, which can result in malware infections or other threats to corporate assets.

Building Secure Remote Access for the Modern Enterprise

VPNs have significant limitations in terms of their performance, usability, and security. While these issues may have been manageable in the past, rapidly evolving corporate networks make them an increasingly unsuitable solution for secure remote access. Relying on legacy remote access VPNs forces companies to make choices between network performance and security.

Organizations looking to modernize their IT infrastructure to better support remote and hybrid work schedules need to replace their VPNs. Secure Access Service Edge (SASE) provides the capabilities that they need, eliminating the limitations of VPNs and providing numerous additional benefits.

With SASE, companies can move security to the network edge, enabling network optimization without sacrificing security. To learn more about how a cutting-edge SASE solution can enhance an organization’s remote access infrastructure, sign up for a free demo.

Latest Articles

Watch: SASE helps AMF Group to boost performance & security while reducing TCO

“Thanks to GlobalDots’ agile and efficient cloud-native innovation, we now have more than a dozen sites connected in various locations in Italy and around the world”. Through this case study, Enrico Fietta, IT Manager at AMF Group, explains how GlobalDots helped the organization to boost performance, improve its security posture, and reduce TCO with SASE.  […]

GlobalDots
23rd January, 2023
You’ll Need Zero Trust, But You Won’t Get It with a VPN

Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy. Zero Trust Security is […]

Eyal Webber Zvik Cato Networks
12th January, 2023
Case Study: GlobalDots Cuts Complexity & Cost For a Top University with SASE

Located in Tokyo, Waseda University is one of Japan’s top private institutions of academic research and higher learning. Classes were once conducted primarily in-person; the teacher’s whiteboard was one of the most useful learning aids. Network downtime had almost no impact on the students’ quality of study, but Waseda University had already noticed the benefits […]

GlobalDots
24th October, 2022
Case Study: GlobalDots guarantees a Japanese manufacturing giant secure WAN & remote access worldwide

Reliability is one of the leading challenges to global networks. Throughout the last few decades, companies have been forced to juggle reliability, speed, and security. Topcon, faced with connectivity issues and complexity, turned to GlobalDots to take back control.  Since 2013, Topcon has been meeting societal challenges surrounding healthcare and infrastructure, providing equipment and services […]

GlobalDots
24th October, 2022

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential