VPNs Persist Despite Zero-Trust Fervor – Dark Reading


Zero-trust initiatives may be on the security roadmap for most enterprises today, but remote-access architecture today is still highly dependent upon virtual private network (VPN) technology.

Newly published data shows that approximately 90% of organizations still utilize VPN in some capacity to secure remote access for their users. Meantime, across a broad population of IT and security practitioners, fewer than one in three say they have plans to — or have begun to — roll out zero-trust network access (ZTNA) to supplant VPN.

The results are from a survey conducted by Sapio Research, which reached out to 1,025 IT respondents, focusing the bulk of the survey on the 410 who were aware of both VPN and ZTNA. The study shows that among that group, a full 97% reported that adopting a zero-trust model is a priority for them. Slightly over half of those aware of both VPN and ZTNA said they’ve begun to roll out zero-trust solutions.

ZTNA is a term Gartner started championing in 2019 to describe in broad strokes a range of products and services that create logical access boundaries around applications or sets of applications using a combination of identity- and context-based factors. The firm predicted at the time that by next year, 2023, approximately 60% of enterprises will start phasing out their VPNs in favor or ZTNA.

“VPNs are just a band aid on a fundamentally broken network security model. And ultimately this has to be replaced,” Neil MacDonald, vice president and distinguished analyst for Gartner, said in a recent analysis of zero-trust strategies in 2022. “We need to invert the model. Instead of connecting and then worrying about authentication, we need to authenticate first, then connect. This is where you see many of the tenets of zero-trust networking coming in.”

The Problem With VPNs

One of the biggest problems with VPN technology is the fact that it “allows for network-level access to an enterprise,” explains Deloitte’s Andrew Rafla, who leads the consultancy’s zero-trust offering.

In contrast, ZTNA restricts remote users’ access to only the specific applications and assets they need and nothing more, says Rafla. ZTNA is one important component of a broader zero-trust architecture, he says, which also should include a centralized and federated identity store, privileged access management controls, data protection, network segmentation, device security, and telemetry and analytics.

“General cyber hygiene fundamentals should not be overlooked as well; in order to realize the true benefits of the zero-trust model, an organization should have a solid grasp on its IT asset management, configuration and vulnerability management, and data classification,” Rafla says.

Given these weighty requirements to truly grab the zero-trust brass ring, it should come as no surprise that many organizations can feel overwhelmed by it all. Over two-thirds of current VPN users report in this survey that implementing a ZTNA strategy is a large to very large undertaking.

The biggest constraint for VPN-dependent organizations that keep them from transitioning to ZTNA are cost/budget constraints, which was named by 62%. Approximately 13% of them say zero trust is confusing and they don’t even know where to start.

Interestingly, though, among those who have adopted ZTNA, the implementation timeframes may not be as scary as those clinging to VPN may think. The study shows that the mean time to deployment was about 11.5 months. This may be a good lesson in the fact that an organization can and should roll out zero-trust components in a phased manner, and that ZTNA for remote access may be an accessible first step in the journey.

Source: https://www.darkreading.com/remote-workforce/vpns-persist-despite-zero-trust-fervor



What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.


Read More

How to Pick a VPN for Torrenting – How-To Geek


When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More