Corporate networks: why VPN needs to go

By Markus Nispel, CTO EMEA at Extreme Networks.

  • Monday, 16th October 2023 Posted 1 year ago in by Phil Alsop

Shifting to a hybrid and remote workforce was a rush job. As most businesses were forced into unknown waters by the pandemic, they had to cut corners and employ temporary workarounds to areas such as network design and security. The widespread deployment of VPNs is a good example of this. It was never intended to be a long-term fix, certainly never a permanent one, yet it remains the go-to solution for most enterprises with a hybrid and remote workforce.

However, the time has come for a more permanent replacement.

It’s time to solve the challenges of the pandemic retroactively by using remote networking as a driver for corporate network design. In other words, ‘scaling to one’ and adopting a single and secure solution aligned with the principles of a Zero Trust Architecture that can increase security and make the company’s networking experience consistent everywhere, for everyone.

From WAN to VPN

Employing remote workers is now standard practice amongst enterprises, and the hybrid workstyle has become a norm, but this change was already underway before the pandemic. Even so, there were too many conflicting priorities at the time. And like any other rushed job, the process left behind patchwork solutions and gaps along with inconsistent policies.

Tasks and communications previously contained within a traditional corporate network were extended beyond the office, but a traditional WAN infrastructure was never made to support a virtual, cloud-based workforce. The solution was VPN. At the same time workloads and applications have moved to the cloud which made the use of VPN even more questionable.

This created a security nightmare for IT teams.

The UK editor of CSO, Michael Hill, confirms that ‘VPNs are insufficient for the remote working and hybrid landscape, and an overreliance to secure large numbers of employees working from home poses significant risks.’

Hill goes on to say that ‘With remote and hybrid working set to be the norm, it’s vital that organisations not only recognise the shortcomings and risks of VPNs in the remote working era but also understand how alternative options can better secure the future of remote and hybrid working.’

In short, VPNs represent a significant security issue. Unfortunately, it’s not the only issue.

Network design

The extension of our workforce’s location along with the multi cloud and SaaS application landscape in today´s Enterprises also requires an entirely different approach to network, applications, bandwidth, and policy management. A traditional WAN with VPNs means the network is too inflexible and rigid, slowing down processes and making experiences variable depending on where the employee chooses to work.

Access is also a significant issue. The security risk it poses means that IT has to work much harder to control traffic, which makes permission and access logistical nightmares on both ends.

This is not sustainable.

We need to unify campus, office and remote networks. There needs to be a single zero-trust solution that works the same for every employee, regardless of their location and application they need to access. Instead of having one network for the office and bolting another one on top for remote workers, enterprises need to adopt a singular system that can handle the challenges to security, traffic, bandwidth – and most perhaps most importantly, in this economy, efficiency.

Essentially, it must be secure without sacrificing useability and speed.

From VPN to SD-WAN

There are many excellent alternatives, and one of them is called SD-WAN. A VPN depends on a router-centric model to distribute the control function across its network, and the routers direct traffic based on the IP addresses and access-control lists (ACLs).

On the other hand, software-defined Wide Area Networks (SD-WAN) depend on the software and centralised control functions able to route traffic across the WAN better by handling the traffic based on priority, security, and quality of service requirements.

The solution was designed to replace physical routers with cloud-based, virtualised software that offers a network overlay and manages application-level policies. In addition, it can automate the ongoing configuration of WAN edge routers and run traffic over a hybrid of public broadband and private MPLS links.

The result is a scalable edge-level network that looks and operates the same regardless of user and location, and the edge can be extended to an employee’s location, making it far more secure and easier to use.

Conclusion

VPN has served its purpose, and now it's time to replace it with a purpose-built solution. It was never intended to support the dynamism of the modern workforce. As AI and automation push technology innovation speeds to new heights, the demands on the corporate network will only increase.

Alongside this demand will be the need for better security. Cyberattacks continue to flood the news with greater and greater frequency, and organisations must recognise the need to secure the vulnerabilities in their networks before it’s too late.