A VPN (a virtual private network) is one of the best technologies you can employ to protect your privacy and data. We’ve been recommending them for years. You’ll find many VPN reviews on Technadu that compare the features and performance of various VPNs so that you can choose the best one to suit your needs.
However, new approaches to networking are emerging, and they may have an effect on the future of VPNs, Software Defined Perimeters (SDP), and Zero Trust Network Access (ZTNA).
A Recap of How VPNs Work
A VPN creates a virtual tunnel over the internet, using encryption to hide the data packets flowing between you and your destination from prying eyes. Think of it as having an incredibly long Ethernet cable, that essentially gives you a local area network connection to a remote network.
There are two main types of VPN you’re likely to use. The first and most common VPN type is the private, subscription-based VPN services we use to protect our privacy and hide our locations and IP addresses. The second type is a VPN tunnel used to connect remote workers to their company’s local network, letting them communicate securely and use LAN assets such as intranet servers as if they were on site.
SDP and ZTNA have the potential to change the use cases and needs for VPN technology – but to understand why we need to look at each concept in turn.
What Is SDP?
A software-defined perimeter is a new approach to network privacy and security that offers a different philosophy to keeping unwanted people off your network and out of your servers.
Usually, a malicious actor can trace out the physical network you’re using by (for example) pinging network addresses. Your network infrastructure was never meant to act as passive security. Yet the way things work today, there’s an assumption that you should have access to everything when you’re on the local network. Over time, complex access control solutions have been tacked on to the traditional hardware-defined network perimeter, but SDP makes that all obsolete.
In an SDP scenario, the actual network hardware doesn’t matter. The administrators of the network can draw a virtual perimeter around devices and users all over the internet. So, a virtual server in the cloud and the people in your office are included, but not necessarily the visitors connected to your WiFi.
What Is ZTNA
ZTNA is closely related to SDP, in the sense that an SDP makes it possible to practice zero-trust. “Zero-trust” simply means that trust is never assumed or implied. For example, in a hardware-defined network perimeter, those inside are assumed to be trustworthy. That assumption is part of the network’s DNA. Yet, this breaks down quickly in modern use cases.
Public WiFi, such as in a coffee shop, exposes all connected devices to each other. If you have the WiFi passcode, you also have the encryption key. So unless connected devices have properly configured firewalls or VPNs, the network’s nature betrays them.
With ZTNA, this is not the case. Being inside the network perimeter affords you no special privileges. You only have access to the things you are supposed to. This usually means only specific applications and services related to your role. You don’t get to see the network infrastructure. You don’t know if the “local” server is next door or on the other side of the world. Most importantly, identities are not linked to something like your locations or hardware.
The ZTNA approach promises to strongly curb network intrusions, which is especially salient in this age of privacy and data breaches.
How Could SDP and ZTNA Improve on VPNs?
While VPNs are an amazing, powerful technology, they are also “dumb” in the sense that there are security issues at the ends of the pipeline. If someone were to get your company VPN credentials, then it’s as good as letting them hook up to an empty network socket in your own building. They’d have access to shared network drives, servers, internal websites, and more – a real playground for hackers or spies.
In this sense, a VPN is inferior to SDP and ZTNA because it doesn’t have the flexibility and built-in assumptions of that approach.
Will SDP and ZTNA Replace VPNs?
In my view, the days of the corporate VPN may very well be numbered and could be replaced with application-specific, cloud-integrated zero-trust methods instead. When it comes to the sorts of VPNs we all use on a day-to-day basis, well, we think they’ll be relevant for a long time yet.
The use case for these doesn’t really benefit from SDP and ZTNA. What we want is a tunnel that carries our entire internet connection. It’s an unsophisticated need, for which VPNs are still just fine. However, our home network hardware – such as the router through which your entire home network may be exposed to the outside world – may very well benefit one day from this virtual approach to deciding where the perimeter of a network really is.