What is remote access VPN?
A remote access Virtual Private Network (VPN) allows users working remotely to access and use applications and data residing in the corporate data center,headquarter offices, and cloud locations, often encrypting all user traffic.
Remote access VPNs worked well when corporate data and applications lived solely in the data center, but as decades have passed, remote access VPNs have become increasingly vulnerable to cyberattacks, allowing attackers to infiltrate corporate networks and cloud resources, and to move laterally.
How do remote access VPNs work?
Remote access VPNs create virtually 'private' tunnels between an organization's network and a remote user, regardless of the user's location. Traditionally, remote access VPN was the gold standard for remote security, as encrypting the traffic between user and data center was enough to keep yesterday's attackers from viewing and obtaining sensitive information. This allowed users to securely access and use their organization's network and applications as if they were working on-site, at headquarters.
That said, by today's standards, VPNs are incredibly vulnerable as attackers often use them as a means to infiltrate and move laterally across an organization's entire network. As we explore further, you'll see why there's a need to sunset VPN use for a more robust, cloud-delivered security solution.
Why are remote access VPNs becoming obsolete?
The days of network-centric security are over. For almost three decades, enterprises have relied on castle-and-moat methods to connect users to the network, and by extension, the applications running on it. But the way users work has changed, and with applications moving to the cloud, the perimeter has extended to the internet, rendering network-centric solutions, such as remote access VPNs, obsolete as they suffer from these modern pitfalls:
• VPNs place users on-net, which increases risk
• VPNs provide a poor end-user experience
• Inbound connections create opportunities for DDoS attacks
• VPNs require appliances, ACLs, and firewall policies
• No ability to provide application segmentation
• Lack of visibility into app-related activity
Why is a SASE approach better than remote access VPN?
SASE is a framework identified by Gartner as the way to securely connect entities such as users and devices to applications and services when their locations may be anywhere. In its 2019 report, The Future of Network Security is in the Cloud, Gartner defined the SASE framework as a cloud-based security solution that offers "comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic, secure access needs of digital enterprises."
The top three benefits of adopting a SASE architecture in lieu of a remote access VPN include:
• Reduced risk
• Improved user experiences
• Lower costs, complexity, and management
Why is zero trust network access (ZTNA) preferred over remote access VPN?
Zero trust network access (ZTNA) takes a user- and application-centric approach to private application access, ensuring that only authorized users have access to specific private applications by creating secure segments of one between individual devices and apps. That means no more network access, no more lateral movement. And rather than relying on physical or virtual appliances, ZTNA solutions use software to connect apps and users to the cloud, where brokered micro-tunnels are stitched together in the location closest to the user.
What is Zscaler Private Access (ZPA)?
Zscaler Private Access (ZPA) is a cloud service from Zscaler that provides seamless, zero trust access to private applications running on the public cloud or within the data center. With ZPA, applications are never exposed to the internet, making them completely invisible to unauthorized users. The service enables applications to connect to users via inside-out connectivity versus extending the network to them. Users are never placed on the network. This zero trust network access approach supports both managed and unmanaged devices and any private application—not just web apps.
Why is ZPA superior to remote access VPN?
In contrast to VPN, ZPA is a more modern, robust security solution offering the following benefits:
- Better user experiences
- The ability to segment by application, not network
- The internet can be your new, secured corporate network
- Automation simplifies security
- Users are never placed on the network nor exposed
- App invisibility due to inside-out connectivity
- Fully cloud-delivered zero trust network access
- Built for both on-prem and remote users