• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

The future of enterprise VPN

Allan Tan by Allan Tan
August 19, 2022
Center image by Shawn Stutzman from Pexels

Center image by Shawn Stutzman from Pexels

Back in 1996, a Microsoft employee developed peer-to-peer (also referred to as point-to-point) tunnelling protocol (PPTP) to provide a more secure and private connection between a computer and the internet. This is the precursor to today’s virtual private networks (VPN).

Not so secure

Are VPNs as secure as advertised? The privacy of VPNs was put into two on two occasions.

Edward Snowden, former National Security Officer (NSA) whistleblower and privacy advocate, says a VPN is a one-hop, single point of failure. He claims that both the service provider and the NSA can see a user’s activity.

In 2015, researchers Alex Halderman and Nadia Heninger wrote that breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.

With security high on the agenda of corporate leaders and their boards, should CIOs and CISOs rethink the use of VPNs, particularly with hybrid work a mainstay of everyday corporate life?

Threat Intelligence Cisco Talos Intelligence Group reported that on 24 May 2022, Cisco became aware of a potential compromise after an attacker gained control of the personal Google account of a Cisco employee.

“The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user.”

Cisco Talos

In February 2021, 21 million mobile VPN app users were swiped and advertised for sale. The data included email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps—SuperVPN, GeckoVPN, and ChatVPN.

So, despite these data points, why are VPNs still in use today?

Perhaps due to lack of awareness or lack of interest, VPN service remains a robust business with Researchandmarkets estimating US$44.6 billion in revenue in 2022 and reaching $S77.1 billion by 2026.

Clement lee

“While there were a few notable breaches, I won't consider those to be systemic and those were mostly due to human error, not technology. My opinion is the pandemic pushed many people to work from home (WFH), and the immense VPN usage made public VPN providers a natural and statistically skewed target,” said Clement Lee, APAC solution architect for Check Point Software Technologies.

"Some VPN providers had been hit hard in recent events, and while we can understand the pandemic is trying for everyone, all providers need exceptional vigilance, especially where private and confidential data is involved."

Clement Lee

Ian Lim, field chief security officer for Asia-Pacific at Palo Alto Networks acknowledged that the pandemic pushed VPN architecture to its limits.

“Scaling on-premises hardware solutions became an issue. Backhauling was a performance nightmare, especially for global companies. And most importantly, the security efficacy of hardware VPN solutions cannot meet the demands of a borderless workforce that wants to access any application from anywhere – be it on-premises, cloud, or SaaS,” he continued.

Are VPNs still relevant in 2022 in the context of hybrid/remote work?

Lee believes that as many organisations pivot into cloud technologies, VPN will continue to be relevant as it provides secure communications between a remote computing device to private infrastructures, regardless if it may be on a physical or cloud infrastructure.

For his part, Lim concedes that these (vulnerability) issues are not trivial for any organisation, especially given the fact that advanced attackers are capitalising on the weaknesses of this legacy architecture.

“Several ransomware and supply chain attacks took advantage of remote access vulnerabilities to gain a foothold in major companies causing significant downtime and reputational damage,” he added.

For the CIO/CISO/CTO, given the heightened risks associated with remote work, what is the appropriate strategy, including the use of tools like VPN, to ensure a secure connection between the workers and the enterprise network?

According to Lee, many solutions have proliferated through the pandemic.

“For example, Secure Access Service Edge (SASE) solutions aim to limit the risk involved with remote work and inadequate physical infrastructure capacities," he pointed out.

He is quick to point out, however, adoption of the zero-trust concept may be central to enhancing an organisation’s security posture. “Many organisations do not exercise strong endpoint controls and/or strong access control management,” he lamented.

While agreeing that zero trust holds the future to secure connectivity, Lim says early iterations of Zero Trust Network Access (ZTNA) have proven to be not well aligned to the zero trust principles of “scrutinise explicitly and continuous validation.”

After the connection is established, the ZTNA 1.0 access broker does an interesting thing; it gets out of the way of that user interacting with that application. In other words, it is not deeply inspecting the traffic, nor is it continuously validating that the interaction is still legitimate.

Ian Lim

Lim says the premise of Zero Trust is that implicit trust in your environment is a security risk. To mitigate this risk, you must scrutinise and continually validate digital interactions to ensure that they can still be trusted.

He believes that ZTNA 2.0 overcomes the limitations of ZTNA 1.0.

“ZTNA 2.0 connects all users to all applications through a centralised security mechanism that provides deep inspection and continually checks for suspicious behaviour within the digital interaction between the user and the application."

Ian Lim

The strategy going forward

Asked what it would take to achieve industrial-grade remote access? Check Point’s Lee interprets industrial grade as a robust and resilient system that can handle major data traffic and incursion attempts and are suited for critical infrastructure level or military use.

“The good thing is that established VPN technologies today are already field and battle proven through decades of refinement and industry collaboration. The newer frontier, beyond VPN, is all about areas such as access management, attestation, surveillance, and control. On an individual level, I recommend adding 2FA to your VPN accounts,” he opined.

Palo Alto Network’s Lim suggests that a security practitioner start adopting Zero Trust not only in remote access architecture but across the entire IT estate.

“Assume breach, scrutinise explicitly and continually validate digital interactions within your users, applications, and infrastructure. Establishing Zero Trust is an opportunity for CIOs to evolve their security posture to match the borderless workforce and advanced attackers of today,” he concluded.

Related:  IT at the core of government COVID recovery strategies
Tags: Check Point Software TechnologiesCisco TalosPalo Alto Networksvirtual private networkvpn
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams
  • Dropbox updates universal search and knowledge management product
  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe