Remote working due to the pandemic is no longer just a perk; it is now the norm for most businesses. According to a survey by the Malaysian Employers Federation (MEF), 61.7% of companies want to continue with a hybrid work arrangement – meaning they have the flexibility to work from home or anywhere they want. This arrangement is only made possible through a secured and reliable internet connection.
Traditional Remote Access VPN and Zero Trust Network Access (ZTNA)
VPN was developed to remotely access systems and resources on the network and simulate the experience of being back in the office. Once logged in, you have broad access to the network; however, it poses several cybersecurity dangers to employees and employers.
Contrastingly, Zero Trust Network Access (ZTNA) is based on the principle that any connection to your network should be viewed as hostile unless it has been authenticated, authorized, and granted access to resources.
The Differences Between VPN and ZTNA
1) Trust
VPN:
- Users are implicitly trusted and have extensive access to resources, which can pose severe security problems due to public and unverified Wi-Fi networks.
ZTNA:
- It serves each user and device separately – this is so only resources that the user and the device are entitled to access are accessible. Eventually, this lowers the risk of attack and secures data throughout the entire organization and every user, regardless of location.
- Monitoring device health before and after access to the resource is permitted. Hence, any change in device posture would result in the revocation of the application access.
2) Remote Connections
VPN:
- It provides a single point-of-presence on the network, which may cause inefficient backhauling of traffic from different locations, data centers, or applications via the remote access VPN tunnel.
ZTNA:
- Connection management is effective, safe, and transparent, despite the location of user and device, providing a seamless user experience.
- During Remote Desktop Protocol (RDP) sessions, it also enhances security measures to tackle RDP server vulnerabilities and mistakenly open RDP connections.
- Its authentication mechanisms would treat those attackers that leverage the exploits to identify themselves as trusted RDP users as hostile, functioning as a layer of protection against attacks.
3) Visibility
VPN:
- It is unaware of facilitating the traffic and usage patterns, causing visibility into user activity and application usage more challenging.
ZTNA:
- Micro-segmented ZTNA provides better visibility into application activities. Thus, it eases monitoring application status, capacity planning, licensing management, and auditing.
4) User Experience
VPN:
- Poor user experience.
- Increasing latency or negatively impacting performance.
- Experience connectivity issues.
ZTNA:
- Automatically establishes secure connections as needed, giving users a frictionless experience.
- Safeguards users’ data in the background.
5) Administration
VPN:
- Difficult for organizations to set up, deploy, enroll new users, and decommission departing users.
- Managing it on the firewall or gateway can also be complicated owing to various nodes, firewall access rules, IP management, traffic flows, and routing.
ZTNA:
- More streamlined, cleaner, quicker, and easier to deploy and administer daily.
- More adaptive in fast-changing environments.
In short, the “never trust, always verify” approach would be practical for companies with multiple resources that need to be shared remotely.
Sophos ZTNA is a cybersecurity solution that has been meticulously designed to make zero-trust network access simple, seamless, and safe. Recently, it won Frost & Sullivan’s Global New Product Innovation Award. It guarantees that users only have secure access to the resources they require. For more information on this, visit Sophos.com/ZTNA.