Could the short-term future of enterprise cybersecurity lie in VPNs, a decade-old technology?
When we talk about cybersecurity, we often talk about the need to deploy sophisticated solutions to combat increasingly sophisticated attacks. As machine learning, artificial intelligence, quantum computing, and other emerging technologies gain ground in the enterprise market legally, so too do bad actors seeking to use them in cyber-attacks. One only has to look at the case of the senior executives fooled by AI into transferring significant sums of money to see how these threats are already in use.
Wouldn’t it be ironic if part of the solution in combating cyber threats lay in a technology that has been in use for more than a decade? In the rush to deploy the latest security tools, it could be that enterprises are overlooking an essential element of their cyber defences – the virtual private network (VPN).
The rise, fall and rise again of VPN
Go back six months, and it’s likely that the suggestion VPNs could be a cornerstone of enterprise cybersecurity would have been dismissed. Its use was somewhat limited – the majority of users fell into fairly niche categories – business travellers who need to connect to corporate networks while on the move; those seeking better entertainment options; citizens with privacy concerns, particularly when trying to overcome government censors.
It wasn’t a small market – estimated to be worth $25 billion in 2019 – but with a relatively specific customer base, growth might have been in short supply.
Then coronavirus hit.
Since March 2020, there has been an explosion in the widespread use of VPNs with at least one provider, NordVPN, reporting a 165% surge in users globally as businesses sought ways to keep decentralized employees connected to corporate networks without leaving enormous gaps for attackers to exploit.
While this security awareness should be applauded, the VPN rush is not without its challenges. Never designed with a pandemic situation in mind, VPNs are resource intensive. While usage was manageable when only a small portion of employees were using a corporate VPN at any one time, enterprises started struggling to maintain a frictionless and seamless experience when every employee is trying to log in. This is causing huge bottlenecks and putting significant pressure on corporate infrastructures, not to mention worker productivity.
Adapting VPNs to the ‘new normal’
Businesses need to resolve this challenge as they settle into a new normal. Even if workers return to offices, it is unlikely that many will accept being forced into a central place of work eight hours a day, five days a week.
At the same time, businesses are operating in the Bring Your Own Device (BYOD) era, with employees using personal devices to access corporate apps and services. This is combined with the increasing use of home networks – automatically less secure, thanks to weak passwords, distributed connections and, the increased use of shared connective environments by IP providers. Therefore, enterprises must adopt zero-trust models, whereby everything is a threat until proven otherwise.
All this points to the likelihood that consistent VPN usage will increase, to the extent that the market could grow to be worth US $70 billion by 2026.
So how do companies meet their security needs without hampering employee productivity? There are short term and long-term solutions. In the short term, the answer lies in embedding VPN functionality into secure remote working solutions, creating a protected pipeline from core systems and networks to users on their endpoint devices. This is critical – by combining multiple forms of defense, businesses can mitigate attacks from poorly protected domestic networks or infected personal devices.
To remove the bottlenecks, however, there needs to be another element – the introduction of cloud. Deployed properly, cloud-enabled solutions reduce the demand on corporate networks that connect devices to on-premises environments.
Of course, this must be done strategically and securely. Whatever decisions were made in the early days of the pandemic – when organizations rushed to add flexible capacity to elevate stretched data centers – businesses need to go back and ensure that they are deploying data in the right environments, and only using cloud solutions where appropriate.
And the long term? Invest in truly secure collaboration and remote working tools that reduce the need for VPNs, thereby freeing up the demand on corporate infrastructure and eradicating productivity bottlenecks. All without compromising security.
Trusted technology in uncertain times
No one knows what the future holds, which makes planning for it impossible. However, organizations will have seen how their working patterns and approaches are changing. When combined with the restrictions of life today, they need to adopt processes and technologies that cater to requirements that can seem conflicting.
Rather than rushing to invest in the latest emerging-tech-based security solution, enterprises should consider how they can deploy existing technology more effectively in the short term. Combining cloud solutions with VPN-enabled remote working tools that are deployed in a zero-trust approach, will give enterprises a robust, resilient cybersecurity setup that can meet the demands of the new normal until they are in a position to deploy truly secure collaboration and remote working tools.