Is it Time to Give Your Corporate VPN an Upgrade?

You probably have a VPN that allows your staff to access work-related resources from home.

However, changes in the security landscape mean it may now be time to upgrade your VPN to something more secure.

Hybrid Working Increases Your Attack Footprint

Hybrid working has become the norm. More staff are being allowed to access their organisations' networks remotely, more often, for longer, sometimes from poorly-patched or poorly-protected devices.

This increases the chances that a member of staff will have their device compromised, giving attackers access to their employer's network.

Once in, attackers can scan for vulnerable systems, steal data and potentially hit the organisation with a ransomware attack.

Upgrading your VPN to a more modern version can help reduce these new risks.

Ways to Improve Your VPN's Security

It's Not Just VPNs That Need A Security Upgrade

The traditional perimeter approach to security - where users and devices in the organisation's office(s) are trusted, is past its sell-by date.  

It lets office-based users and VPN users connect to hostnames and ports they have no need to access. It gives IT teams almost no visibility over what's happening on their network after users and devices connect.

It assumes anything connected to the office LAN or VPN is malware free. It assumes that no departing employee would join a rival firm and try to take data with them.

In a small organisation, with a handful of trustworthy employees and well-secured devices, this traditional approach may work fine. In medium-sized organisations, it's a disaster waiting to happen.

So technology suppliers are now trying to nudge their customers towards something more secure.

You'll Be Hearing A Lot About Zero Trust Over The Next Few Years

Tech vendors seem to have settled on 'Zero Trust' as the poster child for this new approach to security.

You don't need  Zero Trust Network Access (ZTNA) to roll out end-point anti-malware scanning, end-point removable media control, cloud-based malware checking, or many of the other VPN improvements we've mentioned above. However, it's common for Zero Trust / ZTNA to be used as a convenient shorthand for a modern approach to security that often include such measures.

ZTNA is really about granting granular network access permissions to users/devices based on what they need to do their job, then limiting network access based on that.

However, most ZTNA solutions include end-point functionality, because it's not sufficient to trust a user's good intentions. You have to guard against users being tricked by phishing emails and having their access misused by malware.

ZTNA Can Help You Avoid Advanced Persistent Threats

One of the reasons for restricting network access is that hackers often compromise a single end-point, then use that as an entry point from which to traverse the network, leaving behind malware on dumber networked devices such as printers and IP phones, which aren't patched often, aren't scanned for malware and aren't checked for suspicious log entries.

These devices can phone home, allowing an attacker to reinfect a network, even if the network manager has neutralised the original compromised end-point.

ZTNA Protects Even If Your Anti-Malware Scanning Isn't Foolproof

Your users' end-point anti-malware scanning will probably catch MOST malware your users encounter. Unfortunately, it may not catch every last attack.

By restricting what users can do once connected to your network to closely match each user's needs, ZTNA attempts to limit the damage a compromised device or user-account can cause.

Find Out More About ZTNA

Our Zero Trust Network Access service can replace your basic VPN with a modern secure remote access solution with end-point protection.