SoylentNews is people
SoylentNews
VPNs are a way of stitching together separate networks, often physically separate ones, such that they resemble a single logical network. They are (mis-)used heavily these days on the mistaken premise that the network inside any given firewall is somehow secure and the network outside that firewall is somehow less secure. The idea of not trusting the network at all, the foundation of several of the services developed in the 1980s under MIT's Project Athena, such as Kerberos, is returning. Zero Trust is the new name for the networking concept in which no part of the network is considered secure, whether inside or outside a firewall. The pendulum is swinging back and multiple articles this year cover the fact that Zero Trust Networking is trending.
VPNs are part of a security strategy based on the notion of a network perimeter; trusted employees are on the inside and untrusted employees are on the outside. But that model no longer works in a modern business environment where mobile employees access the network from a variety of inside or outside locations, and where corporate assets reside not behind the walls of an enterprise data center, but in multi-cloud environments.
Gartner predicts that by 2023, 60% of enterprises will phase out most of their VPNs in favor of zero trust network access, which can take the form of a gateway or broker that authenticates both device and user before allowing role-based, context-aware access.
Is this a case of what's old is new again or merely a case of being so obvious that no one bothered to mention it and thus it got forgotten because it largely went unsaid? VPNs have a place, but the way in which they are often used amounts to just more snake oil. Many have long pointed out that if a product or service cannot exist online without a firewall then it should never have been connected to the network in the first place.
See also
SC Magazine: Kill the VPN. Move to Zero Trust
Zscaler blog: Zero trust is shaking up VPN strategies
Business Wire: New Research Reveals Widespread Movement to Replace VPNs With Zero Trust Network Access
Techzine: 'Companies want to replace VPN with Zero Trust Network Access'
(Score: 5, Insightful) by The Mighty Buzzard on Thursday December 19 2019, @03:15AM (2 children)
See, this is what happens when you let professors teach this shit instead of folks who actually do it for a living. Zero Trust never actually went away. It's been being practiced by us older folks who knew our asses from a hole in the ground, and anyone we taught, the entire time. VPNs are handy for one layer of defense out of many but that's all they ever were.
If you want to be an admin, there is no such thing as too paranoid.
My rights don't end where your fear begins.
(Score: 2) by canopic jug on Thursday December 19 2019, @05:55AM (1 child)
See, this is what happens when you let professors teach this shit instead of folks who actually do it for a living. Zero Trust never actually went away. It's been being practiced by us older folks who knew our asses from a hole in the ground, and anyone we taught, the entire time. VPNs are handy for one layer of defense out of many but that's all they ever were.
Nah. Those are just M$ resellers that got onto the faculty via hefty "donations" from Redmond to both the institutions as a whole and individual researchers working on a PhD. Notice all the buildings named after Bill or all the "... and M$ Research" by lines on articles. The latter, especially, appears to be just money thrown at a starving student in exchange for pretending to share credit in the work. Actual researchers are becoming very, very rare because few are replacing the old ones. Most of the visible ones are very old now, say Dan Geer or Eugene Spafford. However, there is the problem that if the situation goes on long enough some people in some places will start to mistake the M$ resellers for university employees, because one of the tricks is to get them onto the university payroll.
But yeah, zero trust has been around since at least the 1980s when it didn't have a name and was just the normal way of going about building things on the net. The articles are mostly bullshit and marketing hype, I can barely read them because my filter keeps kicking in. The interesting part is that there are so many from different sources spread throughout this year. However it looks like the startups and other bullshitters have started to produce a positive impact through raising awareness of the old, established concept in this new, post-knowledge era by giving it a proper name. The hype has been thick on this topic since this spring though, so it is very easy to just roll one's eyes.
Money is not free speech. Elections should not be auctions.
(Score: 3, Funny) by The Mighty Buzzard on Thursday December 19 2019, @01:34PM
That was never in question for those of us in Gen-X. We can "whatever" and eye roll at the same time without even trying. Damned good thing we can too with all the call for it there is lately.
My rights don't end where your fear begins.