Why Zero-Trust Network Access Is Replacing VPNs for Security

December 21, 2020

Any enterprise with remote employees relies heavily on secure and reliable access to systems and applications – with flexibility as to what device, location, and time that access is granted. Traditional security approaches expose IP addresses and increase risk because of an implicit trust model. Zero-trust network access is rapidly being adopted to combat these vulnerabilities.

Zero-trust network access conceals the IP address and grants access on identity-based authentication. It can be adapted to allow access only to specific applications or data and give that access only on a particular device or in a certain location or time. It gives security teams more control and flexibility in protecting systems and data.

Zero-trust network access is an approach to security, rather than a particular product. IT can be implemented in a variety of ways, but enterprises are increasingly moving towards this approach as they replace (virtual private network) VPN infrastructure. It’s part of a broader architecture that embraces secure access service edge (SASE) concepts.

Challenges With Traditional Models

In the past, enterprises have depended on the internet to provide users with access, either using a VPN or a direct access through the cloud. This method exposes IP addresses, which makes users and their equipment vulnerable to attack because it implicitly trusts devices and users.

The accelerated removal of employees to remote work has exposed all the vulnerability associated with traditional security approaches. An employee may be working unsecured devices, accessing unsecured WiFi, and utilizing applications through the internet. Meanwhile, VPN is designed for corporate settings, not cloud environments, and can be challenging to manage and troubleshoot.

New Ways of Defining Access

The absence of a security perimeter requires users to change how they think of connections. Zero-trust network access bases access on identity and context, hiding resources and providing access to a trust broker. That trust broker behaves as a mediator between the authorized user and the specific application they need to access.

This approach also separates access to the network from access to enterprise resources because the internet cannot be regarded as a trusted point of access. IT teams have centralized control with the flexibility to provide users with appropriate access according to the device, time of day, and their role. It also provides access for internet of things (IoT) devices as enterprises continue to expand their fleets of edge-based services.

Zero-Trust and SASE

Zero-trust network access is expected to play a key role in the adoption of SASE services. SASE is the basis for architectures that converge network and security functions at the edge. Zero-trust network access fits well with software as a service (SaaS) and IoT because they require network security at the edge. With no hard security perimeter and the need to assume any transmission could be malicious, zero-trust network access will be an essential component of securing the edge.Zero-trust network access is expected to be increasingly applied in enterprise IT as teams replace VPN access and look to secure remote workers’ devices and access. To learn more about this security approach, contact us at Access Tech.

For more insights on this topic: