Telecommuting and cybersecurity: is VPN enough?

Whether it’s SSL or IPSec technologies, VPNs have saved many companies that had to place many of their employees at remote work in March 2020. The technology is relatively simple to implement and has made it possible to protect networks. Remote access of hundreds, sometimes thousands of employees. Like all security vendors, WatchGuard faced an unprecedented influx of requests at the beginning of the first lockdown. “Our customers have asked us a lot to increase the number of open VPNs on their firewalls,” explains Pascal Le Digol, Country Manager France at WatchGuard. “For the last ten years or so, we have not restricted the number of VPNs based on the number of licenses. The maximum limit is dictated by the power of the enclosure. Therefore, customers wanted to upgrade their boxes to cope with the influx of new connections or the addition of virtual firewalls. “

VPN is now a mature approach, with two technologies running IPSec and SSL globally. Considered the most secure, the IPSec protocol offers a very high level of security with the encryption of each data packet. It also has the disadvantage of being a specific protocol that is sometimes not available in certain hotels, because the firewall is not configured to allow it. This is where SSL has the advantage of using the same port 443 as HTTPS, a protocol that goes everywhere. This is why many of our customers prefer SSL, which is easier to implement and with lighter client software that loads fewer machines.

More and more companies are opting for the SD-WAN approach, replacing their traditional MPLS networks, using simple Internet links protected by security bricks in the cloud.

For Pascal Le Digol, apart from the authentication phase before establishing communication, a VPN has little impact on unified communications: “a VPN can induce a bit of latency, and especially jitter., But with current connections, VDSL and fiber and current machines, the VPN does not cause any more problems of this type ”.

Le VPN, a reliable but not foolproof solution

VPN is a remote access solution that works well, but it should also be used with some caution. For the expert, you cannot implement a VPN on a large scale without surrounding yourself with precautions and implementing a number of best practices, especially on the user side. “You absolutely must not implement a VPN on a personal machine that is not previously secured by the company. It has absolutely no guarantee that your partner’s personal machine is no longer carrying extremely dangerous malware. Similarly, a simple username / password is not enough to protect access effectively. The implementation of MFA (Multi-Factor Access) in VPN access is absolutely essential. “

Once the VPN is in place, SMBs tend to forget about security concerns. However, the VPN is a weak link that attackers often take advantage of.

– Pascal Le Digol, France WatchGuard National Director

“This is an evolution that SMEs must follow today, and we are raising awareness among companies to support them in this direction. Many of them have established teleworking in case of disaster and these remote accesses are today the weak link that is very often exploited by attackers. »Many SMEs that installed VPNs at the beginning of the health crisis have not touched them since then and many consider that the level of security of companies has clearly fallen since this crisis and that it is now necessary to reinforce the temporary solutions deployed in the emergency.

Zero trust, the future of VPN

Cybersecurity experts now agree on the architecture that will succeed the VPN, this is what is called ZTNA, an acronym for Zero Trust Network Access. “The ZTNA concept is changing the way we build these VPNs for mobile users,” said Hector Avalos, vice president of sales for Europe, Middle East, Africa and Russia at Versa Networks. “The user, of course, must be authenticated and their exchanges encrypted, but the most important thing in terms of security is that the user does not have access to anything by default. These are additional rules that will allow to identify the user, his terminal, in particular to know if his laptop has the latest version of the company’s antivirus. Then, we check that you have remote access rights to the application you want to access. “

“We perform a micro-segmentation of the application that grants this access at that moment. The specialist points out that said ZTNA service can be delivered in the cloud with multiple advantages. On the one hand, the setup is very fast: thousands of new users can connect via a cloud service. The health crisis has demonstrated the ability of cloud solution providers to expand their services and this ability to expand is equally relevant in the normal operation of a company, whether for a change of provider or for another merger or acquisition that requires quick access. to a large number of new employees.

Quick to set up, the old VPN has been a lifesaver for companies that have had to telecommute many of their employees. Now it remains to shield this infrastructure.

This elasticity of the cloud is also a good way to get rid of the problem of sizing firewall boxes once and for all. It is the service provider of the ZTNA who adjusts the power and bandwidth assigned to the company according to the number of users for which the company has subscribed to the offer.

From VPN to SD-WAN, there is only one step …

Using simple and secure internet links is a common practice to connect nomadic or telecommuting employees to the company’s information system, but the approach is increasingly being used to interconnect sites, albeit often branch offices, but today it is a much larger site through the so-called SD-WAN. (Software Defined WAN) networks. The reason is obvious: the cost of an Internet connection is much less than that of a dedicated MPLS link. “This battle between MPLS and VPN already existed at the end of the 90”, remembers Pascal Le Digol. “The MPLS had won then, because the companies preferred to entrust the responsibility of the network to their MPLS operator. With fiber, the speeds that the Internet offers, the advent of SD-WAN, and the proliferation of resources placed in the cloud, we are coming to a time when companies are rethinking their choice of MPLS. “

“It is a simple change towards VPNs. Scales are moving on the SD-WAN side for cost reasons, but also because the enterprise application environment is rapidly evolving. The rise of SaaS applications and the migration of IT resources to the public cloud make obsolete the traditional network approach based on fixed MPLS links that force users to go through the company’s Internet access to access applications on the cloud.

Traditional VPNs have limited capacity. This problem goes away with a ZTNA offering in the cloud.

– Héctor Avalos, Vice President of Versa Networks

Versa Networks is one of many players betting on the success of the SD-WAN approach, including VMWare, Fortinet, SilverPeak, Cisco, and Palo Alto Networks. Héctor Avalos underlines the interest of migrating from an MPLS network to an SD-WAN architecture: “currently, corporate MPLS networks and VPNs configured for mobile users and the interconnection of small remote sites are completely independent. What we propose is to allow an interconnection of SD-WAN networks and this part of Cloud Delivery, access to the cloud. In this way we offer a single portal that allows the company to manage the performance of its applications, but also all nomadic accesses ”.

In general, this movement towards SD-WAN networks and zero-trust access security converges in a more global security architecture called SASE (Secure Access Service Edge), in which we find these SD-WAN and ZTNA bricks, but also Firewall as a service, DNS security, CASB to protect cloud content or even SWG secure access gateways.

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button