Recently, Ingram Micro was hit by a ransomware attack carried out by the group Safepay. The attackers exploited vulnerabilities in the VPN infrastructure. Users had wide access to internal systems, something we see more often in practice. Incidents like this beg the question: are VPNs still of this day and age?
With today’s technology, the answer in most cases is no. Access to a network as a whole is obsolete. What we want is controlled access to specific applications and their components. If an application is idle, it should not be possible to connect an employee’s device to internal systems.
This approach reduces the risks of abuse and provides greater control over who, what and when can be accessed.
ZTNA as an alternative
For organizations that want to unlock both legacy and modern applications without unnecessarily exposing their network, Zero Trust Network Access (ZTNA) is a logical solution. ZTNA no longer operates based on network access, but on identity, context and policy.
In this process, a user is only granted access to a specific application, and only if predefined conditions such as identity, device health or location are met.
An added benefit is that modern ZTNA solutions significantly improve user convenience. Integration with Single Sign-On (SSO) allows employees to access multiple applications with a single login, provided they support it. This fits seamlessly with the principles of Digital Employee Experience (DEX), in which ease of use, speed and security go hand in hand.
Examples of ZTNA solutions include Citrix Secure Private Access and Cloudflare Zero Trust. Cloudflare even offers a free entry-level version for the first 50 users, making it low-threshold to get started.
What if VPN is still necessary
There are situations in which VPN remains unavoidable, such as for accessing highly outdated systems. In that case, it is crucial to:
- limit access as much as possible to only necessary systems
- actively monitor user activity
- Automatically detect and block deviant behavior
So should it still be necessary to use a standard VPN, make sure monitoring is set up correctly. In the case of Ingram Micro, malware was spread through a pushed application via Group Policies. This means monitoring not only what users have access to but also some audit logging to monitor what is modified.
Our support
Are you currently still using a VPN solution to give employees access to internal systems? If so, now is the time to rethink the risks and look at alternatives. We help organizations with:
- analyzing the current access design
- Advising on appropriate ZTNA solutions
- Full implementation and adoption, including SSO and DEX optimization
Conclusion
In many cases, VPNs offer too much access and too little control. Modern alternatives such as ZTNA offer better security, greater ease of use and are more in line with today’s requirements.
Would you like to know what is possible within your organization? Or simply spar about what could be done better? Then contact us.