A new report has found that interest in software-defined perimeters (SDPs) as an alternative to VPNs has exploded since COVID-19 forced more than half of the US workforce to go remote. The report, based on a survey of IT professionals performed by software company NetMotion, found that VPNs, which have long been the standard way to securely connect remote workers to corporate computing assets, are starting to cause trouble for newly remote workers and organizations alike.
For starters, 89% of remote workers have reported issues accessing data and applications needed to complete work at home, and with 87% of organizations saying they’re still using VPNs, there’s certainly some overlap.
From an IT perspective, VPNs are a huge blind spot, the report said. “For most IT teams, it’s almost impossible to get visibility into the devices, networks, and activity of these remote workers–certainly much less than when an employee is in a company office.” Sixty-four percent of respondents said that they’re unhappy with the level of visibility they have into remote workers, to which NetMotion said SDPs are the ideal solution.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
Software Defined Perimeters (like VPNs) are a method of remotely connecting to an organizational network and “extending the perimeter” of that network’s security and infrastructure around the remote worker.
Where they differ from VPNs is in their zero-trust security backbone, which provides a high level of visibility into who is connected, what machine they’re connecting on, and where that machine is located. Zero-trust architecture that goes into building SDPs includes least privilege security, which gives users the bare minimum access to resources needed to accomplish their task, preventing an intruder from moving laterally inside a network.
VPNs don’t offer that level of security and are instead a direct connection to business networks through an encrypted channel–a malicious actor that gains access has the ability to go wherever they like, within the limits of the permissions of the account they’ve stolen.
Ninety-seven percent of respondents to the survey believe that remote workers are a higher cybersecurity risk than in-office employees, but despite what seems to be a multitude of reasons to ditch VPNs, the report also found that 45% of respondents think their organization will still be using a VPN for the next three years.
The reason for the disconnect, NetMotion said, is the high number of on-premise applications that organizations still use, with more than three quarters of respondents having at least four on-premise apps.
SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)
A report from the Cloud Security Alliance (PDF) indicates that SDPs are equally capable of securing both cloud-based and on-premise applications, but NetMotion said in its recommendations in the report that businesses planning to migrate to SDPs should still maintain a VPN “to ensure security and positive user experience.”
NetMotion’s report was published in conjunction with the release of its new platform, which combines its SDP and VPN into a single product.