Why it is time to replace VPN with ZTNA

Replace VPN with Zero Trust Network Access

Networking is a passion for me. My journey started in the 90s. While most of us “packet wranglers” favored routing and LAN switching, I was one of those contrarians who dived deep into the edge of networking, remote access VPNs and the wide area network.

Granting access to line of business applications over dialup, Internet, and a wide range of PSTN technologies like frame relay, ISDN, private line and then MPLS was what excited me most! One of my favorites? VPNs. This is a technology with roots which start in 1996. Configuring a PPTP tunnel to the tune of the “Macarena” was one of the first networking adventures I had in my career. Yeah, I am aging myself here. I’ve been hanging out with VPN for a while.

Back then, VPN was a great technology. It provided remote access to all the goodness of the corporate data center where your applications lived. It was just like being on the corporate network behind the firewall. What is not to like? I could get all the applications and data I needed to do my job! Awesome right? Well, like all great things, the party ended! Technology is always on the march forward!

In the cloud era, our applications no longer live in the data center. They live in all four corners of the Internet with technologies like SaaS, PaaS, and IaaS. We’ve become borderless. And that puts a lot of pressure on our Macarena dancing friend, VPN, because to secure traffic, it needs to send it back to the security stack in my data center. And when VPN does this, it is adding latency and complexity and worse, risk to the business. Speaking of risk, what about third-parties or contractors? Should we really place them directly on the network? Taken together, something needs to change. How do we upgrade you, VPN? Can we get you dancing to a new tune?

What if we take a different approach? A more modern one. Maybe we start with cloud and then blend in some ideas from John Kindervag and Dr Zero Trust, Chase Cunningham. Create a network of networks riding on top of the cloud giants such as AWS, Azure, and Google Cloud.⁽¹⁾ Build points of presence with security treatments which are as close as possible to the user, the application or the data required to run the business. What if we rethink the secured delivery of applications?

Enter Zero Trust Network Access or ZTNA from HPE Aruba Networking. It addresses the challenges of our borderless era. It’s like a secure series of bridges connecting our archipelagos of data! How does it work? It starts by removing the need for the employee or user to be on the network. It also allows agentless access by third-parties or contractors via cloud portal. Or you go further with an agent on the client device.

How does it secure access? With identity at the center. Who is this and what do they need access to? We then can ask other questions. Maybe we want to know more about the device? What state is it in? Does it have the latest set of patches? Is a software firewall engaged? Or maybe we want to ask about time of day or location? With ZTNA, all this is possible thanks to adaptive trust: Provide the least amount of access and then continuously verify based on business policy.

The outcome? The formation of a foundation for secure networking for the age of cloud.

Connect to all your applications and data wherever they are without the risk of placing users and devices directly on the network.
Reduce the cost and complexity to secure VPN.
Best of all—implement application access based on business policy vs IT best effort.

So, don’t keep dancing like it is the 90s with VPN. Make the move to HPE Aruba Networking SSE ZTNA!

To learn more, watch my lightboard video on Replacing VPN with ZTNA.