Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Remote working and cybersecurity: Why VPNs no longer make the grade

By Kurt Glazemakers, SVP Engineering, AppGate 

Remote working is far from a new trend but looks set to become an ever-increasing mainstay of how modern businesses operate. In response to the rapid spread of COVID-19 businesses have rightly prioritised the safety of their employees and working remotely has ballooned more than most businesses expected or prepared for. In fact, according to Gartner, 81% or more are now working remotely and 41% are likely to do so at least some of the time when they return to normal work.

The shift to mass remote workers was never meant to happen overnight. Naturally, this quantum shift, both solves and creates problems for even the most well-prepared business. Now issues such as maintaining network security across a distributed workforce – which has always been a security challenge – are amongst a new host of problems to solve. Without the right protection in place, remote working is simply not safe. With teams still needing to collaborate across geographies, businesses must ensure that any security solutions put in place not only protects employees but also maintains business continuity. This is true for any company but particularly for the financial services sector where compliance with regulations such as PCI DSS need to be closely adhered to.

The problem is, that tried and tested solutions such as Virtual Private Networks (VPN) are simply no longer making the cut when it comes to handling modern business challenges. For organisations that are serious about establishing secure and effective remote working, getting the right network security in place is vital, both for immediate and long term success.

The failure of the VPN

To understand why VPNs no longer make the grade it is worth reminding ourselves what it is that a VPN actually does. While VPNs do provide some measures of security and have served their purpose well in creating a basic level of security for point-to-point connection, they are out of their depth when it comes to the latest security approaches. VPNs were never intended for the level of remote working we are now seeing. Nor are they designed to handle the security threats that come from complex online environments made up of IoT devices, mobile networks and the flexible way that we now work. With the volume of today’s data, speed of access required and the scale at which businesses are working, they are unable to handle today’s business security needs.

What’s more, with VPNs, once a user is able to enter one element of the network, they then have full visibility of everything else – irrespective of whether they need to or not. This means that as soon as one user is compromised, it is extremely easy for attackers to gain access to the entire network. As was made evident by the National Cyber Security Centre when they discovered vulnerabilities in several SSL VPN products from companies such as  Pulse Secure and Palo Alto which ultimately resulted in attacks. In times of crises such as COVID-19, with the increased number of remote workers, the attack surface has drastically expanded. So once an attacker has access they can quickly spread across a network. In addition, with VPN ports always being open and ready for connections, they are increasingly becoming vulnerable access points to a network.

Time for an improvement 

Fortunately, there is a better way of enabling this ever-growing remote workforce to securely connect to their business’ network both quickly and at scale. To really combat the current security challenges faced by businesses today, especially in light of the sheer volume of people currently working from home amidst COVID-19, organisations need to ensure a zero-trust approach. This is something that VPNs are fundamentally unable to do. For solutions such as software-defined perimeters (SDPs) however, this is the foundation on which they are built.

Unlike VPN solutions, SDPs are designed to micro-segment network and application access, dynamically forming a one-to-one network connection between the user and the resources they are authorised to access. With an SDP system in place, only the resources a user needs are made available to them; all unauthorised network resources are simply made inaccessible.

To illustrate this, imagine a hotel with hundreds of rooms. With a VPN solution, any individual allowed through the main lobby is then able to access every single room. In contrast, with SDP solutions, the individual requires multiple keys to open the rooms which they are allowed to enter, any other door they don’t have a key for remains invisible to them.

As a result, zero-trust solutions such as SDPs make it significantly harder for attackers to spread across a network. Once a device or user is compromised, it can simply be sectioned off from the rest of the network, without impacting other users or business functions.

Keeping employees safe, secure and staying operational

For the financial services sector, working remotely is a new and challenging change. Navigating new regulations and a remote workforce while still maintaining a high level of security and business continuity will mean overcoming many hurdles. However, by moving towards a zero-trust approach with security and looking at the latest solutions on offer, businesses quickly and easily solve many of these issues. As SDP works across the traditional internal network as well as remote, businesses are able to enjoy its benefits once people return to working from the office again. Done right and security really can be the business enabler for today and tomorrow.