ShareFor many years, you have been told by IT support staff, or in cybersecurity CLEs, to remotely access your office computer or servers, you should use an SSL VPN with MFA. SSL VPN and MFA are technological acronyms standing for Secure Sockets Layer (SSL), Virtual Private Network (VPN), and Multi-Factor Authentication (MFA). Since you are either using SSL VPN or have heard or read about it, you know that when you hear SSL VPN, that it is some sort of security and protection used for remote access when you are working from home or outside of the office. Additionally, you have at least a basic understanding that they help to protect your computer, computer network, and data from malware, ransomware, hacking, or some other malicious activity by cybercriminals.
Since the development of both SSL (Secure Sockets Layer) security protocol and VPN (Virtual Private Network) in the mid-1990s, both security protocols have seen many security enhancements over the years. However, during the past decade or more, cybercriminals have exploited vulnerabilities within these security protocols to launch cyberattacks and gain access to companies’ computer networks and data. Cybercriminals have capitalized on these vulnerabilities, costing businesses significantly.
As computer networks have morphed over the years to hybrid environments, termed “modern networks,” which may include private networks and servers, cloud servers, SaaS Applications, Hosted Email, etc., the model of remotely accessing the computer network with SSL VPN is no longer a good fit. Additionally, with the workforce changes since COVID-19 and the proliferation of remote workers, contractors, and third parties needing access to the hybrid networks, the SSL VPN solution does not satisfy and meet the needs of the IT and cybersecurity industry or that of a company’s workforce demands.
The standard of using SSL VPN for remote access has changed to a newer and improved security method and solution. The “Zero Trust” security model was first written about in a Forrester Research report in 2010 as a response to cyberattacks. Although not yet developed or in practice, the term “Zero Trust” meant that no user should be trusted by default at any access point. The access points being when the user wanted to gain access to a private network with Servers, Cloud-based Servers, or Cloud-based software. The user must be verified at each access point. Hence, this security model would ensure security, authorization, and integrity in hybrid and “modern network” environments.
Google began its development of their “Zero Trust” security model around the same period of time and the goal was to allow users to work securely from anywhere on any device and no VPN would be needed. Over the next decade, other manufacturers and developers also began their initiatives of the “Zero Trust” security model. By 2019, “Zero Trust Network Access (ZTNA)” was being used by Gartner analysts to describe this security model for “modern networks” and NIST (National Institute of Standards and Technology) had adapted the security model as a standard. The “Zero Trust Network Access (ZTNA)” security model did not rely on the location of the network, like SSL VPN does.
Computer networks today are “modern networks” with some combination of hybrid solutions of private or on-premises Servers, cloud-servers, SaaS Applications, Internet Access, Cloud-Hosted Email, and more. SSL VPN cannot keep the “modern network” secure at all these access points. “Zero Trust Network Access (ZTNA)” is a security model used in cloud-based security solutions that modernize VPNs. They protect against internet threats and credential compromises and allow users to connect to private and internet resources to do their jobs. The security model is typically based on device and identity trust scoring and maximizes data protection and privacy.
One of the “Zero Trust Network Access (ZTNA)” solutions is SonicWall Cloud Secure Edge. It is a cloud-based security solution and has many advantages over the SSL VPN security model. As your computer network changes to a hybrid network or “modern network” of private and cloud-based servers and solutions, your best-practice security model should change, as well. Replace your SSL VPN with “Zero Trust Network Access (ZTNA)!”
