Why VPNs and Passwords Aren’t Enough

Sometimes it’s the littlest things that can make the biggest difference. Take passwords, for instance. While few would argue against the necessity of choosing a strong password, many companies and employees continue to ignore best practices in password creation—or perhaps they are simply unaware of what this requires. Instead, people often choose easy-to-guess, predictable passwords. This reality has plagued data security since the birth of digital login credentials. However, when you consider the fact that the FBI estimated 4,000 ransomware attacks are carried out each day, certainly passwords are essential. But are they enough?

The truth is that when it comes to data security, even the most complicated, random and continuously changing passwords are rarely enough. And most data security professionals are more than aware of this truth. Unfortunately, too many remain confident that their data is secure; assuming that even if passwords are weak, their virtual private network (VPN) has them covered regardless. Unfortunately, this is not the case. Here’s why.

Hackers Have Become More Sophisticated

Many IT administrators wisely prioritized fortification of their organization’s network and bolstered data security with additional enhancements that go beyond password protection. The question, though, is which security enhancements are the most effective in the current environment, given how rampant and sophisticated ransomware attacks have become? VPNs have traditionally been the go-to solution for data access and security but in recent years, VPNs have proven to be unreliable. In fact, research conducted prior to the COVID-19 pandemic (and the phenomenal increase in ransomware and other bad actors) showed 62% of those already leveraging VPNs cited inadequate security as their top pain point. What’s more, nearly 40% of those responsible for keeping malware and ransomware from penetrating their network believed that, in fact, they’d already been breached. 

Clearly, even paired with passwords, VPNs can’t give networks the data security protection they need. A tighter system is required that permits users to access only the apps that IT has authorized them to use, rather than giving them free rein to a slice of the entire network. Only this type of zero-trust architecture eliminates the ability for any lateral attacks. This is why software-defined perimeter (SDP) solutions are widely replacing outdated VPNs. With SDP, encrypted micro-tunnels protect data as it flows directly between users, sites and clouds using application-level datagram transport layer security (DTLS) and randomly generated non-standard user datagram protocol (UDP) ports, rendering tunnels and servers alike invisible to hacking tools.

The Need for Simplicity

While they do provide an additional layer of protection to boost the power of passwords, VPNs have introduced another problem: Complicated configuration, deployment and management. SDP gets around this with the ability to easily install and connect the software with smooth integration into whatever networking infrastructure you’re currently using. SDP avoids appliance installation and maintenance and operates without access control lists (ACLs) or configuration headaches of a firewall. Additionally, no matter where users are based, they can connect to their micro-tunnels from anywhere, making remote-user management a breeze.

Costs Can Spiral Out of Control

Once you acknowledge that passwords are far from foolproof and that additional tools are necessary to enhance data security, cost also comes into play. VPN can be costly as they require dedicated VPN appliances. VPNs may also require that customers pay cloud vendors a VPN connection fee for each hour of use, which can quickly result in big bills. Unlike these expensive, outdated tools to enable connectivity to more than one site, SDP requires no such dedicated appliances, cloud vendor fees or direct links, resulting in significant cost savings.

Performance Is Important

VPNs present other performance issues and speed challenges due to intermediate brokers. With SDP, micro-tunnels offer direct connection and superior performance. Since IT can configure gateways on any commodity hardware, optimal speeds can be reached which enable users to add or remove resources as needed. With the ability to connect from anywhere and micro-tunnels that can be made redundant and highly available (HA) with built-in failovers, SDP solutions result in much higher performance than VPNs can provide.

Don’t get me wrong—passwords certainly have their place in a company’s data security arsenal. But if used alone (and even when paired with VPNs), they just aren’t enough. Among the available solutions, only SDPs allow users to construct lightweight, discreet, scalable, high availability “secure-by-app” connections and multi-site connectivity between cloud environments, remote sites, on-premises and/or edge devices. SDP solutions trump VPNs by their very design, as the former was engineered specifically to augment the way people live and work today. When you combine SDP with effective passwords, the result is virtually impenetrable data protection.