Skip to main content

Network perimeter management for the modern age: Four reasons to make the move from VPNs to an SDP

(Image credit: Image Credit: Centurylink internet)

Successfully protecting the network perimeter has always been an important task for businesses. But in recent years, it’s become an incredibly challenging one, too. From on-premise hardware to private and public clouds, applications and data are hosted in a range of locations – and businesses have to ensure secure access to these critical assets for a growing number of partners and third-party vendors, as well as staff.

The way we work now has complicated matters further. Even before the Covid-19 crisis, businesses were extending their operational reach to a growing remote workforce: research from 2019 revealed that 10 per cent of EU citizens claimed to work remotely. Now, with many nations under lockdown, more staff are working from home than ever before – and they’re all logging in from different devices, connections and locations. While the current state of affairs won’t last forever, it’s certainly likely that more employees will continue to work from home on a more regular basis, intensifying the challenge of protecting the network perimeter.

With all this considered, it’s now far more difficult to establish where the enterprise network actually begins and ends. And with that change comes risk – because the Virtual Private Networks (VPNs) of old are no longer adequate for protecting enterprises’ data and critical assets. If businesses truly want to secure their network perimeters in the age of remote working, complex ecosystems, and cloud hosting, they’ll need a suitably modern solution.

As the four reasons below illustrate, a software-defined perimeter (SDP) could be the answer.

1.            Security

Now more than ever, organisations globally are forced to make their employees work remotely there is an increasing cybersecurity threat from criminals exploiting unsecured systems. To keep businesses moving forward, employees quickly need always-on, anytime, anywhere access to their network while working remotely. This means data and applications must be made available beyond on organisation’s perimeters, increasing the risk and expanding the attack surface. Virtual private networks (VPNs), however, are insufficient to protecting data, operations, and customers.

VPNs leave businesses at risk for a breach because:

  • Adversaries can navigate east-west inside the private network once they pass through a VPN gateway
  • Internet-exposed VPN gateways are concentrators that are always under attack
  • Data from the VPN gateway to internal assets is typically unencrypted, making data on the wire vulnerable to man-in-the-middle attacks

Although VPNs do create a more secure connection to the network, they’re by no means impenetrable. An experienced hacker can compromise a VPN quite easily, and once access is gained, the attack can propagate laterally and at speed from server to server within the data center. Typically, a VPN represents a single point of failure: once it has been breached, there are no further security controls in place to stop the spread.

In order to prevent disruption, it’s essential that organisations establish a software defined perimeter that serves as the backbone for a Zero Trust security strategy. Thankfully, these critical pain points can be easily addressed with a consolidated network access solution that provides secure, segmented and audited access to cloud environments, applications and local services – the Software-Defined Perimeter (SDP).

With an SDP, it’s possible to control access to resources through user identity instead of IP address. This delivers Zero Trust security and ensures that access to appropriate data and applications is limited only to authorised users.

2.            Speed

Deploying a VPN is a time-intensive process, with a huge number of scenarios to consider, rules to write, and users to assess.

With an SDP, all that’s required is to push a packet onto a user’s device. SDPs can therefore be rolled out overnight to thousands of users, quickly providing the required security and saving valuable time for IT teams.

3.            Simplicity

VPNs are complex. They’re notoriously difficult to design, manage, and maintain – and every time a new user or VPN is added, a new firewall rule set needs to be written. For IT teams, this creates a never-ending to-do list; in a dynamic business environment, it’s impossible to ensure that all rules are up to date at all times.

SDPs simplify this task by streamlining security management across networks, users, and devices. Because SDPs are identity-based, they can scale quickly and react intelligently. Changing IP addresses, environments, and network topologies have no impact – and countless servers and endpoints can be added to the existing environment with linear, rather than exponential, effort.

The emergence of SDP has provided a holistic solution to remove the reliance on hardware across the entire security stack and to deploy, manage, and visualise network connections using only software. This enables the integration of powerful APIs, as well as the ability to analyse and visualise network traffic.

4.            Savings

VPNs are costly on two fronts. For a start, they’re typically based on expensive hardware. Their complexity also means that a dedicated team is required to manage them, with additional costs incurred every time an element is added. Although VPNs provide flexibility as they can connect multiple geographically distributed endpoints, data centres and virtual private clouds – however, it takes significant resources and growing expenses to establish and maintain these connections.

SDPs offer a significant cost improvement. They’re software-based and designed to work as an overlay on existing infrastructure, so there’s no need to purchase expensive hardware each time. And, since they’re easier to manage and scale, they significantly reduce the burden on the IT team – freeing them up for other valuable work. 

A solution for the future of network management

SDPs have not yet gained widespread popularity in EMEA; North America is leading the way in this regard. But whether in response to network expansion, increased remote working, or both, the vast majority of businesses across Europe and beyond currently have an urgent need to ensure their network perimeters are protected and managed appropriately.

From security to speed, simplicity to cost savings, SDPs outstrip VPNs in every sense that truly matters. Deploying SDPs will allow businesses to handle the threats that arise from a growing network perimeter with confidence – putting them on a strong footing to handle whatever challenges our new world of work brings.

Salvatore Sinno, Chief Security Architect and Director of Cybersecurity Innovation, Unisys (opens in new tab)

Salvatore Sinno is the Chief Security Architect and Director of Cybersecurity Innovation at Unisys. He has held chief security architect roles in the security industry, in the private sector and the UK public sector.