The risk of VPN
Zero Trust is not a single technology or architecture, but a set of principles to help you improve your business security posture. Minimizing the network attack surface should be the first item on your Zero Trust journey. The goal is to protect your most valuable digital assets, such as customers and employee data, mission-critical applications that play a central role in your business, and infrastructure used to support the day-to-day work of employees.
Remote work, even post-pandemic, is expected to continue growing. Traditionally, companies relied on virtual private networks (VPN) to secure access to internal network resources. However, VPN is no longer good enough to secure remote work. For instance, VPN gives remote employees full network access to corporate resources when they login. The lack of verification and unrestricted access could be exploited by a hacker to steal a wealth of sensitive data. As a result, VPN solutions undermine the principle of Zero Trust. A Zero Trust model calls for users to be given only access to the data and resources they need to do their work, and nothing more. This is where HPE Aruba Networking ZTNA (Zero Trust Network Access) excels.
HPE Aruba Networking ZTNA ensures secure access to all applications and business tools employees need, no matter where they connect from. Our ZTNA solution replaces the VPN appliances with a lightweight software called a connector.The connector provides access to your private applications regardless of where they are located, on-prem or the public cloud. The connector reduces the attack surface by publishing your business applications only to HPE Aruba Networking SSE (Security Service Edge), not the public Internet. Moreover, the connector only requires outbound connections to HPE Aruba Networking SSE, so there is no need for the IT admin to open inbound firewall ports to the connector.
So, how does our ZTNA solution work? When a remote employee requests access to an application via an agent or user portal (agentless), HPE Aruba Networking SSE mediates and terminates that initial user request. In our solution, there are no passthrough connections allowed to your private applications. HPE Aruba Networking SSE will also validate the user’s identity and based on the policy, connect them securely to applications without granting access to the corporate network. At a granular level, users only have access to the applications needed to do their work, which is key to successfully implementing Zero Trust.
HPE Aruba Networking consolidates many SSE (Security Service Edge) capabilities, such as Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Digital Experience Monitoring (DEM) into a single admin console. Our ZTNA solution is a modern platform, easy to configure and manage, that provides far better protection than legacy VPN solutions.
To learn more about the risk of using VPN and how you can accelerate your Zero Trust journey with HPE Aruba Networking, please check out my lightboard video.
Other resources: