While the rollout of COVID vaccines around the world continues, offering hope to those of us that have had to endure such major disruptions to the way we work, shop and live, the number of coronavirus infections is once again rising. Our reality seems to be readjusting itself yet again. Now, the tens of millions of employees that were sent home to work—that were more recently considering returning to an in-person setting (at least part-time)—are realizing that work from home (WFH) likely remains the smartest place to be, and will not be ending any time soon.
These tens of millions of employees that were sent home to work, and the IT professionals that were tasked with supporting and enabling their success, faced a number of hurdles. Many were overcome, but some persist. Not surprisingly, two top pain points that remain are data and network access and security. More specifically, according to recent research, the number-one enterprise pain point for those who used a VPN for network access and/or security measures is inadequate security. This was the finding based on recent research, conducted for DH2i prior to the COVID-19 stay-at-home guidance, that explored the “Pre-Pandemic State of Virtual Private Networks (VPNs).”
While this early finding was not shocking, the anonymous survey of IT professionals across small-, mid- and enterprise-sized organizations also included a real eye-opener. Nearly 40 percent of those responsible for keeping ransomware and other malware from penetrating their network, thought that in fact, their network already had been breached. My suspicion is, however, that this number is likely much higher, as some respondents would probably prefer not to admit this unsettling fact, even to themselves.
Let’s review the fuller findings of this research, which reveal the myriad challenges that IT professionals face who are charged with deploying and managing VPNs. I’ll also share a potential solution that could overcome these challenges and respond to the desired new capabilities: a software-defined perimeter (SDP) solution.
Initial Goals & Findings
In conducting this research, the initial goal was to gain a more nuanced understanding of the challenges that IT professionals charged with deploying and managing VPNs face on a daily basis. We also hoped to discover what new capabilities IT professionals felt might benefit them as a replacement solution.
What really stood out in the findings was that across the board, respondents shared the difficulties that their organizations encountered when using a VPN. While inadequate security topped the list of VPN connection problems with 62 percent dubbing this as a high or medium pain point, there were many other concerning connection issues as well, including:
- Availability, failover, and disaster recovery (reliability for DR) (48 percent)
- Cost (46 percent)
- Performance (45 percent)
- Configuration and management (44 percent)
Other notable findings included that the top three VPN use cases were remote user access (83 percent), site-to-site connections (57 percent), and site-to-cloud and/or cloud-to-cloud connections (48 percent) and that the top three VPN vendors were CISCO (63 percent), Palo Alto Networks (22 percent), and Check Point (12 percent).
How to Overcome the Rising Bad Actors and Malware Threat
While it was certainly surprising to have such a large percentage of those responsible for keeping malware from penetrating their network tell us that their network had likely already been compromised, I’d expect this number to grow in the future. The reason for this assumption is based on the rise in bad actors who worked hard the past year to identify and exploit pandemic-related data security vulnerabilities.
Of course, we didn’t just commission this research to hone in on existing issues, but to identify viable alternative solutions. We asked respondents for feedback on what improvements, features, functionality, and capabilities they saw as ideal in a next-gen VPN or competitive solution. Again, it wasn’t terribly surprising that given the limitations of current VPNs, the vast majority of IT professionals—86 percent of those surveyed—were open to considering alternatives if a different solution could improve on VPN’s security, configuration and management, cost, performance, and availability. It is interesting to note, nearly 90 percent of respondents told us they would prefer to replace their VPN if another solution would help them easily limit remote users’ access to specific applications or services—without creating a network attack surface.
A solution like this does currently exist through software-defined perimeter (SDP) software, which by its very nature, ensures users can only access authorized apps, rather than a slice of the entire network. This eliminates any chance of lateral movement since data flows between remote users, clouds, and sites. SDP is also much simpler than VPN when it comes to configuration, management, and maintenance, and also offers a higher level of performance using encrypted micro-tunnels and public key authentication.
Lessons Learned and What Next
We learned a great deal from this research about what enterprises are struggling with, what their requirements are, and what types of solutions can help them do better. While it provided immense and immediately actionable insight, we knew that this study would need to be considered the first phase of a continued effort to learn more, given the cataclysmic shift that was taking place during COVID-19. Since the pandemic hit while analyzing this phase of our initial research, numerous organizations abruptly found themselves working to assist employees to navigate the challenges of a WFH scenario—especially how workers could gain fast and secure access to their organization’s applications and information.
While merely obtaining access was the priority for most workers, IT had the larger mission of ensuring both that their employees had uninterrupted access, and that it was optimally secure. In this next phase of research, we examine how today’s WFH paradigm continues to morph the data security and VPN landscape. Stay tuned—We look forward to sharing the results of our Phase Two research shortly.
