The shift to remote work is forcing technology updates
By Lance Johnson, VP of Marketing at Trustgrid
In a recent survey, 98% of employees stated that they would like to work remotely (at least part time) for the remainder of their career. Another poll found that 80% of employees wouldn’t take a job that didn’t offer flexibility and that 30% of employees had left a job over flexibility issues.
In banks and credit unions around the country, alarm bells are ringing around the idea that the remote work trend is not just temporary. The volume of those alerts is loudest in organizations who are not equipped to secure the IT resources of a workforce that requires remote access at scale.
Banks handle some of the most important data in the world. With employees working anywhere, at any time, how do banks and credit unions ensure that both organizational and client financial data remain safe? The answer lies in the networks being used to access their applications and data.
While many are familiar with the advantages (and challenges) of VPNs for remote user access, many are less familiar with the concept of Zero Trust network access (ZTNA). For those who don’t know, ZTNA is the next-generation of end user VPN solutions. Designed for high security and compliance organizations, it provides a seamless way for remote users to connect to all IT resources, wherever they may reside.
Because of its security and compliance focus, ZTNA is ideal for industries such as banking.
Comparing VPN and ZTNA
The applications serving today’s typical banking organization live in both the cloud and bank-controlled data centers. The traditional network, centered around a data center, has now been extended to the location of every device and application outside of the data center. And while VPN has served as the primary way for end-users to access applications in the data center, it no longer covers the needs of infrastructure that mixes in public and private cloud applications.
With a large majority of web traffic now consisting of cloud services, banks and credit unions are now forced to seek a new remote work connectivity approach that tackles both the scaling issues of having up to 100% of a workforce concurrently using it AND the challenges around securely connecting to heterogenous, hybrid cloud environments.
At the time it was created, VPN was an answer to the day’s IT architectures and business challenges. Centralized data centers hosting applications needed to be accessed when employees were unable to be in the office. These connections needed to be encrypted and had to work over any internet connection. Expensive VPN appliances were deployed inside of each data center and VPN clients were configured on each end user device. And while they were able to handle these tasks (often in a sub-par fashion) for decades, the IT landscape around it has made significant changes.
Since then, the rise of cloud services has become mainstream but VPN wasn’t built to secure cloud applications. The number of users needing access has grown beyond just traveling executives but the requirement of expensive proprietary appliances supporting limited numbers of users has restricted its ability to be elastically scalable. And from a security perspective, it was never intended to give complete visibility into user activity and traffic.
In contrast, ZTNA is a connectivity solution that grants application access based on a user’s identity and related security policies. Unlike VPNs which grant access to large network segments where applications reside, ZTNA creates network micro-segments that form a direct connection between a user and an application. These micro-segments eliminate the need to backhaul all traffic through an expensive on-premise VPN appliance, minimizing common VPN performance problems, and removing the need to add additional on-premise hardware appliances to support more users.
Additionally, the protections of ZTNA make no distinction between a user’s location. On-premise users and remote user connectivity are treated the same. All application access must be authenticated and authorized according to a user’s identity and related security policy before traffic is passed. Devices use open source agents or agentless portals to ensure that every mobile or desktop device is supported. All of this results in a seamless, consistent application of security policy and user experience across the entire organization. And because this access is tied to a user’s identity and applications are accessed individually, reporting of all access-related events is easily aggregated for compliance purposes.
Banking has been one of the last great industries to fully embrace remote work. High compliance and security requirements coupled with preference for face-to-face communications means there has been little desire to enable large swaths of employees to work remotely. But as the rising tides of change in both technology and office dynamics have moved the needle on what is required to maintain productivity, many are exploring ways to update their technology to match the needs of its business realties.
ZTNA presents one of those opportunities and provides a future-proof way to improve flexibility and cost structures while greatly increasing security.