SoylentNews is people
SoylentNews
VPNs are a way of stitching together separate networks, often physically separate ones, such that they resemble a single logical network. They are (mis-)used heavily these days on the mistaken premise that the network inside any given firewall is somehow secure and the network outside that firewall is somehow less secure. The idea of not trusting the network at all, the foundation of several of the services developed in the 1980s under MIT's Project Athena, such as Kerberos, is returning. Zero Trust is the new name for the networking concept in which no part of the network is considered secure, whether inside or outside a firewall. The pendulum is swinging back and multiple articles this year cover the fact that Zero Trust Networking is trending.
VPNs are part of a security strategy based on the notion of a network perimeter; trusted employees are on the inside and untrusted employees are on the outside. But that model no longer works in a modern business environment where mobile employees access the network from a variety of inside or outside locations, and where corporate assets reside not behind the walls of an enterprise data center, but in multi-cloud environments.
Gartner predicts that by 2023, 60% of enterprises will phase out most of their VPNs in favor of zero trust network access, which can take the form of a gateway or broker that authenticates both device and user before allowing role-based, context-aware access.
Is this a case of what's old is new again or merely a case of being so obvious that no one bothered to mention it and thus it got forgotten because it largely went unsaid? VPNs have a place, but the way in which they are often used amounts to just more snake oil. Many have long pointed out that if a product or service cannot exist online without a firewall then it should never have been connected to the network in the first place.
See also
SC Magazine: Kill the VPN. Move to Zero Trust
Zscaler blog: Zero trust is shaking up VPN strategies
Business Wire: New Research Reveals Widespread Movement to Replace VPNs With Zero Trust Network Access
Techzine: 'Companies want to replace VPN with Zero Trust Network Access'
(Score: 4, Informative) by arslan on Wednesday December 18 2019, @09:40PM (1 child)
Didn't read TFA, just the TFS, and I'm confused too. I've heard a lot about zero trust but mostly with respect to networks zones, i.e. the concept flattening the DMZ and private internal zones behind the corporate firewall and just treat everything as untrusted - even behind the corporate firewall which we will not remove just because we do zero trust.
It is a sound concept in that if everything is zero trust, developers are forced to bloody think about security instead of assuming internal network behind corporate firewall will protect everything. Of course that doesn't stop millennial startups or con-sulting firms like Gartner to push products, buzzwords and services.
I'm not clear how VPNs figure into this - you still need VPNs to allow you to be part of the network, tunneling through another, even if it is a zero trust network inside and outside. Security isn't just a single layer thing, going zero trust doesn't mean you strip out everything else like your firewall.
(Score: 4, Funny) by driverless on Thursday December 19 2019, @05:22AM
That's because it's Gartner marketing gibberish:
So they're telling you that enterprises are phasing out VPNs in order to replace them with words-describing-a-VPN-but-not-calling-it that.
Thankyou, Gartner [imgur.com], you're really giving us value for money on our $50,000 annual subscription.
Next up from Gartner, users are phasing out web browsers in exchange for remote-markup-with-embedded-content-viewing-applications. Full reports starting at $3,000.