? editor ’ s question
Traditional VPN and direct-link approaches to communications and security are fatally ill-equipped to face today ’ s security demands . he network perimeter
T continues to evolve – perhaps never more so than over the past year as the way we work , learn , shop and live changed so dramatically . We were fortunate to be able to leverage mobility , cloud computing , the Internet-of- Things ( IoT ), Edge Computing and other innovative , advanced technologies to enable most of the necessary changes .
However , the road to today ’ s new compute paradigm was not without its bumps . It is a road that remains rather bumpy for many – especially when it comes to security . Or more specifically , securing the network perimeter .
The past year has proven without a doubt that traditional VPN and directlink approaches to communications and security are fatally ill-equipped to face today ’ s security demands . Current VPN and direct link approaches are cumbersome to maintain and open the entire network to lateral movement .
What is required is an ‘ unVPN ’ – i . e . a solution that takes a more secure
DON BOXLEY , CEO AND CO-FOUNDER , DH2I approach , giving users app-level access rather than network-level access , thereby reducing the attack surface . And it should do all of this with the most secure and performant approach to create a Software Defined Perimeter ( SDP ) to grant connectivity to distributed apps and clients running across multiple sites , clouds and domains .
Of course , not all SDP solutions are created equal . First and foremost , today ’ s enterprise IT executives should seek a solution that ensures a Zero Trust architecture by permitting users to access only authorised apps , not a slice of the network , thereby eliminating the ability for any lateral movement .
Ideally , data should flow directly between users , sites and clouds using application-level DTLS encrypted microtunnels and Public Key Authentication . The SDP solution should also only use randomly generated non-standard UDP ports , making the tunnels and servers untrackable and invisible to port scanners and other hacking tools .
Configuration and management should be uncomplicated . The software should integrate into any existing networking infrastructure . With no appliances to install , configure or maintain , you will get a vastly simplified deployment with no ACLs or firewall configuration headaches . And remote users can easily connect to their tunnels from wherever they are .
Last but not least , traditional networking tools for multi-site connectivity can be complex and expensive to maintain – especially for the cloud . SDP does not require a dedicated VPN appliance . So , for cloud connectivity there is no requirement to pay cloud vendors an hourly VPN fee to allow clients to connect . That means , costly direct links and VPNs can be phased out for even more savings . www . intelligentciso . com
29