VPN is Finally Dead: The Rise of the Software Defined Perimeter
AT&T, Coca Cola, and Google have all made the news recently with their plans to move away from perimeter based security solutions to cloud-based, virtualized infrastructures. Why? If you look at the IT security headlines of 2014, in which major retailers had millions of credit cards stolen, healthcare providers had almost 100 million records stolen, and major corporations like Sony were brought to their knees by hackers, it’s clear the good guys are losing. Forward thinking organizations like Google understand this problem clearly, and also have the luxury of having an IT budget large enough to completely overhaul their entire infrastructure in order to make this change.
We recently conducted a survey with TechValidate to look at the state of network security today and the results may surprise you. 91% of respondents shared that VPNs are still the main form of security for controlling network access, despite the fact that VPN technology was created almost 20 years ago. And a majority, 51%, noted that their access control technology was greater than three years old, and 11% said it was more than 10 years old.
Today’s network landscape is one of incredible complexity with distributed applications, people, and data. Companies have taken the standard method of protection, the trusted private network, and applied hundreds or thousands of firewall rules and complex topologies to manage the chaos, while the relationship between the lower layer network and its users and applications is ever weaker. Our expanding ecosystem has made the perimeter porous and irrelevant. In the meantime, our networks are infested with unsanctioned, insecure devices – smartphones, tablets, laptops and portable storage media. To complicate matters, in an increasingly distributed work environment, cyber threats are just as likely to come from inside the organization, as they are from the outside.
So how should we think about security today?
What’s needed is a new model – one that eliminates the notion of the perimeter and does not assume anyone, at any time, is a trusted user. One that understands contextual information such as “where is the user?”, “what device is he/she using to connect?”, and “at what time of day?”. This data needs to be incorporated into context-specific access rules and authorization checks and used to limit access to resources to better protect from inside and outside threats. Cryptzone is delivering just that with AppGate. AppGate Secure Access enables organizations to adopt a software defined perimeter approach for granular security control.
AppGate Secure Access makes the application/server infrastructure effectively “invisible.” It then delivers access to authorized resources only, verifying a number of user variables each session—including device posture and identity—before granting access to an application. Once the user logs out, the secure tunnel disappears. Additionally, when a new device is on a public network, or a device that failed to log in tries to connect, additional security requirements (such as multi-factor authentication) can be enforced, or access can be denied.
With AppGate Secure Access, the full security posture—including device, location, time, group, configuration and more—are used by the policy engine to dynamically define access to applications. AppGate Secure Access does not depend on a traditional network perimeter model or require specific hardware, therefore it can be used across cloud and hybrid environments by leveraging software defined virtualization techniques. So even if you’re not Google, and don’t have the luxury of completely overhauling your entire infrastructure, you can apply Google’s same security principles to your existing infrastructure.
By making the entire infrastructure invisible as a default setting, and then delivering access only when the user and device are authenticated—and only for that specific session—Cryptzone provides true agile security. We are delivering the next generation of security for today’s global and distributed business, without requiring a huge investment in order to achieve scalable, one-to-many security.