VPNs don’t meet any of today’s modern infrastructure and application requirements, says Galeal Zino, CEO at NetFoundry
The requirements for high performance, secure connectivity are at an all-time high as enterprises embrace the cloud to develop and deploy modern applications.
Within this new cloud-native world, traditional Virtual Private Networks (VPNs) are still being relied upon. However, from a security perspective, the perimeter-based security provided by VPNs fails to make the grade, as it does not take into account user context and modern security threats. In addition, VPNs cannot protect corporate assets from possible insider threats. Employees who wish to harm the company can gain full access to a network under a VPN scheme.
The performance and security challenges of traditional VPNs are recognised and well documented. A recent study conducted by Futuriom found that of 75 percent of users are looking for new networking solutions. 64 percent said their current solution was underperforming and 48 percent said the same solution gave them security concerns.
VPNs implementations such as PPTP, OpenVPN and L2TP, are still used for corporate extranets, business-to-business (B2B) and connected supply chains. VPNs, a part of the hardware age of networking as Ethernet replaced ATM, and had their heyday in 1998 as the only secure way to do transactions across the widening Internet and spiralling extranets.
However, today, VPNs fail at almost all modern IT needs like connectivity performance, cloud networking complexity, IoT network awareness, cloud application availability, and security. There is no VPN that can offer any direct application support, they can only deliver 1-1 connectivity support secured by encryption, not the multi-edge to multi-application-specific cloud overlay needed for today’s application environment.
The bottom line is that VPNs don’t meet any of today’s modern infrastructure and application requirements. They were designed for the 1990’s networking environment and not for today’s distributed and dynamic cloud-based applications.
IPSEC and SSL
Due to changing needs over the last twenty years, different flavours of VPN have evolved, including IPSEC and SSL for connecting remote devices.
IPSEC VPNs Tunnels, known as conventional VPN technology, represent the security challenge facing the IT industry. IPSEC is not specific at all to any device or application, it merely means a user has used a password and encrypted tunnel to virtually plug into the physical resources of a network switch.
A fit analogy for an IPSEC tunnel is being inside somebody’s home. The front door is open, and suddenly all the rooms inside the house become yours to discover. This may be appropriate for a remote office, but it isn’t appropriate for applications spanning multi-cloud and IoT. Applications generally only require specific access to resources, not holistic access to the resources’ network.
SSL VPNs are different. They do not require any software installation on remote devices because SSL uses a web browser and SSL connection to establish a secure connection. Users can be given more specific and secure access based on hierarchies and policies.