In a 2023 study from Security.org, almost 70% of respondents reported using a VPN, either for business or personal use. This number has fluctuated over the past few years, with the divide between personal and enterprise use changing largely with the COVID-19 pandemic.
Prior to the COVID-19 pandemic, when most employees worked full-time from an office location, the typical enterprise organization did not have extensive support for remote workers. However, with the onset of COVID-19, many enterprises leaned on VPNs in ways that they had not in a multitude of years and exposed the flaws and aging elements of the feature that used to support a rarely used “perk” of remote work.
How have the last three years changed the enterprise VPN? Is it doomed to be replaced by a newer, more remote-friendly technology, or is it primed for a comeback? Read on to find out where the VPN goes from here.
How VPNs enable efficient remote working
With the accelerated shift to remote work, many organizations fully relied on VPNs to support remote employees and their ability to access corporate resources from home. According to OpenVPN, 68% of companies have either started using VPNs for the first time or increased their use since the onset of the pandemic.
With this resurgence, however, VPNs largely solidified their reputation for being clunky and difficult to use and for creating a sluggish experience for the user. Absolute data shows that VPNs may only be working effectively on 72% of devices, on average. Rather than boost productivity, outdated solutions created productivity challenges for users and massive support challenges for IT teams. For IT and security teams, this is completely unacceptable given the existing increased risks at play in today's work-from-anywhere world.
As we move through 2023 and beyond, how can organizations evolve and “rebrand” the VPN to emphasize the continued importance of this long-standing security tool? Even further, how can they ensure that they have the right tools to deliver both maximum security and productivity in the work-from-anywhere era?
The VPN is Being Re-imagined in the Hybrid Work Era
The way we work has changed dramatically; allowing employees to work around their lives is the new norm. This means that the changes in the office infrastructure, centered around hybrid environments, are here to stay. Gallup projects that about 75% of remote-capable workers will be hybrid or fully remote over the long term. No matter what tools you’re using to protect sensitive information and employee privacy, you likely can’t keep employees from logging on to public Wi-Fi, using less-than-stellar security practices on enterprise devices, or a combination of the two.
Is the VPN Dead?
To address these challenges, companies are investing more than ever in zero trust and zero-trust network access (ZTNA) strategies instead. In fact, Gartner predicted last year that 60% of organizations will embrace zero trust as the starting place for their security strategy by 2025. Because of this, many say the corporate VPN is dead - replaced by more modern, cloud-based solutions that come in bundled, cost-effective packages for enterprise IT teams.
VPN and Zero-Trust Network Access (ZTNA)
Historically, it’s been redundant for ZTNA and VPN strategies to exist simultaneously, with many opting for a more holistic ZTNA strategy over a VPN solution. But the journey to adopting a zero-trust security approach can be a long and complex one, and so it’s in the best interest of IT executives to find the right VPN to keep in their security toolbox. We'll likely always need a VPN's ability to ensure continuity and add another layer of security and peace of mind as we send our employees to work across the world.
Any security professional should constantly question whether their investments are doing what they should be and if other tools can provide more. From a cyber risk perspective, it's irresponsible to leave space for one single point of failure. Decision makers should question all connections and activities through a security lens. In terms of the VPN, organizations can greatly benefit from layering this historic tool on top of zero trust and ZTNA strategies.
The resurgence of the VPN
While it’s true cybercriminals will always be innovating, it’s up to us as security professionals and providers to do proper research and weigh the pros and cons of the hundreds of security solutions out there. When it comes to the resurgence and continued use of the VPN, IT teams should seriously consider how their workforce will evolve over time and understand that a VPN may be a smart and necessary investment to make to protect sensitive data, provide employees with network continuity and security – and most importantly leverage the technology as a pathway to a modern security portfolio.
Samir Sherif is the CISO of Absolute Software.