Let our specialists show you how ZPA can quickly and securely transform your operations with zero trust network access.
A virtual private network (VPN) is an encrypted tunnel that allows a client to establish an internet connection to a server without coming into contact with internet traffic. Through this VPN connection, a user’s IP address is hidden, offering online privacy as they access the internet or corporate resources—even on public Wi-Fi networks or mobile hotspots and on public browsers such as Chrome or Firefox.Read our 2023 VPN Risk Report
Point-to-Point Tunneling Protocol, thought to be the genesis of secure wireless data transfer, was released in 1996. Before PPTP, securely exchanging information between two computers required a hardwired connection, which was inefficient and impractical on a large scale because of the amount of physical infrastructure needed. Therefore, if the security offered by a wire was unavailable, any data being transferred was left vulnerable to attack or theft.
With the development of encryption standards and the evolution of the bespoke hardware requirements to build out a secure wireless tunnel, PPTP eventually evolved into what it is today: the VPN server. Able to be applied wirelessly, it saved hassle and costs for businesses in need of secure wireless information transfer. From here, many companies went on to build their own physical and virtual VPN services, including Cisco, Intel, and Microsoft.
A VPN works by taking a standard user-to-internet connection and creating a virtual, encrypted tunnel that links the user to an appliance in a data center. This tunnel protects the traffic in transit so that bad actors using web crawlers and deploying malware can’t steal any of the user’s or entity’s information. One of the most common encryption algorithms used for VPNs is Advanced Encryption Standard (AES), a symmetric block cipher designed to protect data in transit.
Most often, only authenticated users can send their traffic through the VPN tunnel. Depending on the type of VPN or its vendor, users may have to reauthenticate to keep their traffic traveling through the tunnel and safe from bad actors.
VPNs exist to provide convenient security that can serve a smaller-scale need or purpose. Here are some examples of VPNs:
Cloud VPN: VPNs can be deployed on top of virtual machines in order to “cloud-enable” them. This takes the hardware capability of a VPN and (artificially) adds cloud functionality, such as greater scalability and endpoint protection. While these may be more useful for extended enterprises than a typical standalone VPN appliance, they may still lack the flexibility to support a remote or hybrid workforce at scale.
Personal/Mobile VPN: Companies such as ExpressVPN and NordVPN offer downloadable VPN apps so users can keep data secure on their personal devices. This is a good measure to have in place if you’re browsing the web on insecure Wi-Fi networks. Some free VPNs are available to help keep your devices secure, but they’ll later become paid.
Remote access VPN: These VPNs are designed specifically for users working from outside of the office in a corporate setting. They’re typically deployed within a company’s data center but can be extended (at the cost of web and/or app performance) to protect remote users from malware and other threats. These became extremely common after the onset of the COVID-19 pandemic.
A VPN is an adequate means of securing branch or remote employees on a smaller scale. When a few employees were on the road or connecting from a coffee shop, companies could leverage a VPN service to deploy VPN client software that would let a remote user establish a secure connection from an endpoint sitting outside the network perimeter.
Back when everyone went to the office, companies would even employ site-to-site VPNs as a means of connecting two networks, such as a corporate network and a branch office network. In this way, VPNs can serve a variety of use cases, particularly as they pertain to keeping remote and branch office users away from internet traffic. As the remote workforce has taken shape, however, more and more companies are realizing that VPNs aren’t as secure as they need to be.
In professional settings, companies use VPNs as a means of securing users who are working remotely and using mobile devices or other endpoints that may not be deemed secure. For example, businesses may issue Windows or Mac laptops to enable their employees to work from home when necessary. Of course, this notion is now widespread in the wake of the COVID-19 pandemic.
Businesses deploy VPNs to let remote users securely access corporate resources through their home networks. Most internet service providers (ISPs) have good security protocols in place to protect non-sensitive data flowing through home networks. However, when it comes to sensitive data, home Wi-Fi security measures aren’t strong enough to protect it on their own, necessitating the use of VPN protocols by businesses to keep this data secure.
By leveraging a VPN provider, companies will use these protocols to shut off the default flow of traffic from router to data center and will instead send the traffic through an encrypted tunnel, which protects data and secures internet access from users working remotely, reducing the company’s attack surface—albeit on a smaller scale.
VPNs can simplify security for a business or even an individual. At their core, they're designed to:
Despite the promise of these benefits, however, VPNs come with their share of hindrances that can create headaches for IT departments or even increase risk. VPNs:
Much of the trouble with traditional network security lies in inefficient and insecure VPN infrastructure, because:
Even the best VPNs aren’t able to secure all online activity, as some of their encryption protocols may not be able to stand up to today’s advanced threats.
VPNs can provide secure tunnels to an organization’s data center, but these tunnels are liable to throttle the network due to the increased bandwidth and functionality needed to securely send traffic from a home network to a piece of hardware in a data center. Both performance and user experience can be significantly hampered, and what’s more, users may have to repeatedly log in to the VPN, leaving them frustrated.
As organizations get accustomed to hybrid workforce models and cloud adoption becomes the norm, it becomes clearer that an old-fashioned firewall approach is too slow for the cloud and zero trust.
Instead, you need a modern, digital-first solution tailored for the era of the cloud and mobility—a cloud-based security solution that decouples security from the network, with policies enforced anywhere apps reside and everywhere users connect.
Moving security off the network and into the cloud effectively places the full network security stack everywhere your users go. Protections are applied consistently, offering the exact same security measures in branch offices, users’ homes, airport terminals, or corporate headquarters.
Compared to traditional network security, the ideal cloud-based security solution provides:
Moving to a complete cloud-delivered security stack ensures your users can enjoy fast, safe, policy-based access to third-party and private applications. Be wary though—many security companies advertise cloud-delivered, cloud-ready solutions, but these tend to be retrofitted, virtualized legacy appliances. Only Zscaler offers security built in the cloud, for the cloud
Zscaler Private Access™ (ZPA™) is a cloud-delivered, zero trust network access (ZTNA) service that provides secure access to all private applications, without the need for a remote access VPN. ZPA delivers a zero trust model by using the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced business policies to create a secure segment of one between an authorized user and a specific named application.
ZPA’s unique service-initiated architecture, in which App Connector connects outbound to the ZPA Public Service Edge makes both the network and applications invisible to the internet. This model creates an isolated environment around each application rather than the network. This eliminates lateral movement and opportunity for ransomware spreads.
The short answer to this question is no. A remote access VPN works by creating virtual tunnels between an organization's network and a remote user, regardless of the user's location. This allows a user to access resources on the company’s network from any IP address, and it’s one of the most commonly used means of access control when it comes to users working from remote locations.
Remote access refers to an employee accessing resources offsite by any means, not just through a VPN client. Such access can be secured with remote access VPN solutions, but this can also be done with two-factor or multifactor authentication (2FA or MFA), zero trust security, and more—anything that will create secure connections for remote employees and keep hackers out.
With the way users work having changed, and with applications moving to the cloud, the perimeter has extended to the internet, rendering network-centric solutions such as remote access VPNs obsolete due to the risks, latency, and inefficiency they introduce.
By today's standards, VPNs are incredibly vulnerable as attackers often use them to infiltrate and move laterally across an organization's entire network. In the next section, you'll see why there's a need to sunset VPN use in favor of a more robust, cloud-delivered security solution.