If You’re Still Trusting VPNs, We Need To Talk.


Chuck Thibert

Chuck Thibert

Jul 9, 2020

·

4 min read time

If You’re Still Trusting VPNs, We Need To Talk.

Remember the late 1990s?

That was a simpler time, especially where network security was concerned. Most businesses ran just a handful of enterprise applications on company-owned computers, all wired into an on-premise datacenter. Employees were full-time and permanent. And to connect everyone securely? All you needed was the new virtual private network (VPN) technology.

Twenty years later, of course, everything in technology has changed. But the VPN? Yeah, not so much. While enterprise computing is now supporting a vast global network of third parties in the cloud, security is still being entrusted to technology that’s still essentially the same as it was two decades ago. Two. Decades. Ago.

Enterprise can’t go on this way.

But in many cases, it’s still trying to. In spite of weekly news reports about massive data breaches resulting from VPN connectivity, organizations around the world are continuing to rely on technology that never envisioned today’s brutal realities of state-sponsored, highly funded, and highly focused global cyber attacks.

VPNs provide site-to-site connectivity and remote access to your company’s internal resources. Through a VPN, a remote worker uses their login credentials to get a predetermined level of access to your network, much as an onsite worker would. It’s a simple and elegant solution. And for years, VPNs were the obvious choice for secure and affordable external access.

But today, your data is being accessed in ways that couldn’t have been imagined 20 years ago. You’re now dealing with untold numbers of remote workers and third-party vendors, all of whom need to be granted a particular level of access. On top of that, your internal and external workers are connecting through a variety of personal or public devices that probably don’t comply with your corporate standards.

Suddenly, your attack vectors are going exponential. And the shift of applications to the cloud means that there’s no longer a clear delineation between what’s inside and outside your network. The resulting risks are now well known: Data theft. Man-in-the-middle attacks. Split tunnelling. Password attacks. Viruses, worms and Trojans.

VPNs were designed for a secure perimeter model that simply no longer exists.

To patch the holes in that perimeter, companies are using add-on solutions like software-defined perimeters (SDPs). They’re also carrying on with the low-tech solution of scolding, delivering frequent lectures on the importance of clearing browsers and deleting documents from unmanaged computers. But trusting enterprise security to busy, distracted humans is a really bad plan. And, as we see time and time again, it doesn’t work. According to the IDC, more than 40% of data breaches come from authorized users accessing unauthorized systems. Plus, some of the vulnerabilities have come from the VPNs themselves. This past spring, the U.S. Department of Homeland Security issued warnings about security flaws in VPNs from a group of vendors that included the likes of Cisco and Palo Alto Networks.

So, what’s the answer?

Respected industry leaders are emphasizing the importance of making VPNs just one component in a robust corporate security posture. That’s definitely one approach. But as the complexity of digital enterprise continues to grow, the time has come to look for a better solution, one that doesn’t involve shoring up outdated technology.

Tehama is that solution.

Tehama was built from scratch for the realities of a future where even greater security threats are inevitable. Our SaaS solution takes human weakness out of play, offering a secure workspace that complies with the highest global standards, including SOC 2 Type II, GDPR and NYDFS 23 NYCRR 500.

Tehama provides clean end-user compute white rooms where all activity is recorded.

Here, access is controlled from a dashboard with a single sign-on and a zero-trust default. In just minutes, you can onboard remote and third-party users to collaborate on Microsoft Windows or Linux virtual desktops.

VPNs have been with us for a generation, and that familiarity has created a level of trust and comfort that is completely at odds with reality. To do business securely today, enterprise can’t continue relying on a patchwork of security solutions. It needs the purpose-built security of Tehama.


Shape line

Read More

Overcoming the challenges of securing & scaling today’s hybrid workforces

Overcoming the challenges of securing & scaling today’s hybrid workforces

With cybersecurity incidents on the rise, CISOs have a lot keeping them up at night these days. Not only does their job description usually call for long hours to ensure the timely, efficient delivery of secure applications and data to stakeholders, the ongoing pressure of an evolving threat landscape can lead to near-constant stress, and even the fear of getting fired according to a recent survey, which can impact both their mental and physical health. Additionally, there are other outside factors compounding the situation including the complexity associated with juggling the increasing number of endpoint device types (i.e. smartphones, tablets,…
The costs and likelihood of cyber attacks are rising quickly. Here’s what to do about it

The costs and likelihood of cyber attacks are rising quickly. Here’s what to do about it

When cybersecurity firm Mimecast discovered in early 2021 that its systems were compromised, it wasn’t because hackers targeted the company itself. Rather, one of its suppliers had been. And not just by any hackers, either. The culprit in this case, according to experts? The APT29 entity, a group often associated with Russia’s Foreign Intelligence Service (SVR). That’s just one example of the increasingly complex array of existential threats faced by modern organizations – and the threat landscape is only getting worse. Not only do the costs of a cyber attack or data breach rise practically by the day, but so…
If your business continuity plan doesn’t include cybersecurity, we need to talk

If your business continuity plan doesn’t include cybersecurity, we need to talk

In an era of constant change and upheaval, would any organization dare to carry on without a business continuity plan (BCP)? Well, apparently, yes. In a 2020 survey by Mercer, more than 27 percent of respondents admitted to having no BCP in place. And nearly 24 percent said they’re still working on it. That means more than 50 percent of those companies have no clear idea of how they’ll keep operating in the event of a disaster, and no list of things to do if there’s a hurricane, a fire or another pandemic. In other words, they’ll have to make…
/wp-content/uploads/2021/08/subscribe-background.jpg
#690FFA
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!