During the first two decades of this century, virtual private networks —VPNs—served as a cornerstone of network security.
Related: Deploying human sensors
VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe.
This worked extremely well for users accessing network resources remotely via their company-issued laptops and immobile home computers. However, VPN pipes have become less efficient with the rising use of personally-owed mobile devices increasing reliance on cloud-centric IT resources.
The sudden spike in work-from-home scenarios due to Coivd 19 quarantining accelerated this trend. I had the chance to ask Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a Managed Compliance and Cybersecurity Provider (MCCP) about the future of VPNs in a post pandemic world. Below are excerpts of our dialogue, edited for clarity and length.
LW: Post Covid 19, how would you summarize the role VPNs play in security business network today?
Clements: A decade ago having a remote access VPN was the assumed default. Most business applications, especially Microsoft Exchange were on-premise deployments that required a company either opening up access to the whole internet or requiring a VPN connection to the company’s perimeter firewall or dedicated VPN concentrator.
This process was rapidly changing to cloud-based pre-pandemic, but COVID-19 kicked this transition into hyper speed with most of the world moving to work-from-home remote setups. Despite this, it doesn’t mean that traditional VPNs have no use for businesses.
It’s important to remember that historically VPNs served dual purposes of granting individual users access to corporate networks, but also functioned in larger capacity to set up direct links between remote private networks such as remote sites or business partners. While I’d be surprised if end user or “road warrior” VPNs returned at scale, there is likely to continue to be a strong need for network to network or “site to site” VPNs.
LW: Will enterprises continue relying on VPNs as a major component of network security, going forward?
Clements: It really depends on the individual organization’s need. Many companies still rely on business applications that are only available in self-hosted or “on prem” scenarios, and for those organizations remote access VPN connectivity for users will continue to important.
It’s easy to imagine organizations migrating to cloud-hosted solutions for everything going forward, but the reality is that many legacy, on-prem applications aren’t easily ported to the cloud, or are massive sunk costs for organizations potentially costing millions to acquire.
LW: What about SMBs; how does a traditional VPN service fit as cloud migration deepens?
Clements: The current incentives are heavily in favor of more cloud migration and less on-prem deployments. After all, why deploy and maintain servers and infrastructure gear along with the staff to support them if off-the-shelf cloud services meet your needs at far less cost? This makes a traditional VPN make less and less sense unless a organization has a specific need.
Clements: For enterprises and SMBs both you are looking at the traditional market players in the space. Enterprises are likely Cisco, Juniper, Palo Alto, or Check Point. For SMB you see more SonicWall and Fortinet. In each case, these are usually multifunction devices that function as firewalls, IPS, gateway anti-malware, or content filtering.
LW: What differentiates the top suppliers; what’s distinctive about each one?
Clements: Enterprise offerings typically skew more configurable, extensible, and interoperable, while SMB players can be more straightforward to set up and configure.
LW: Can you frame the competitive dynamics?
Clements: Pricing and features are typically the biggest factors in a customer’s decision on what vendor to choose, although many times organizations default to either what they know or what their MSP supports . . . In competitive situations pricing can sometimes vary significantly, though it depends on the customer’s leverage with their vendor.
LW: What role will VPNs play, going forward, as we move deeper into an interconnected digital ecosystem of cloud-centric services and remote endpoints and devices.
Clements: One place VPNs will continue to exist is in cloud platforms themselves. Organizations with the need to manage VMs on cloud platforms will still likely leverage built-in VPN services in those platforms to perform administrative tasks. Otherwise, I think they’ll be limited to the site-to-site or legacy on prem application scenarios discussed earlier.
LW: What are the main differences between how VPN services are delivered in the U.S. vs Europe?
Clements: From a corporate standpoint, VPN is mostly a standardized offering using similar authentication and encryption methods. If we are talking commercial VPN services offered to the public, Europe can offer stricter data protection requirements based on the provider’s legal jurisdiction due to GDPR requirements.
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
Leer másThe Last Watchdog