Click to learn more about author Don Boxley.

The number-one enterprise pain point, according to new research on those who used a VPN for network access and/or security measures, is inadequate security. This was the finding based on new research, conducted for DH2i prior to the COVID-19 stay-at-home guidance, that explored the Pre-Pandemic State of Virtual Private Networks (VPNs).

While this stat in itself was no surprise, our anonymous survey of IT professionals across small-, mid- and enterprise-sized organizations also contained an eye-opener. Almost 40 percent of those responsible for keeping ransomware and other malware from penetrating their network, believed that in fact, their network already had been breached. My hunch is that this number is very likely even higher, as some respondents would probably prefer not to admit this distressing fact, even to themselves.

Let’s review the fuller findings of this research, which reveal the myriad challenges that IT professionals face who are charged with deploying and managing VPNs. I’ll also share a potential solution that could overcome these challenges and respond to the desired new capabilities: a software defined perimeter (SDP) solution.

What We Learned

In conducting this research, my company’s goal was to gain a more nuanced understanding of the challenges that IT professionals charged with deploying and managing VPNs face on a daily basis. We also hoped to discover what new capabilities they felt might benefit them as a replacement solution.

What really stood out in the findings was that across the board, respondents shared the difficulties that their organizations encountered when using a VPN. While inadequate security topped the list of VPN connection problems with 62 percent pegging this as a high or medium pain point, there were many other sketchy connection issues as well, including:

• Availability, failover, and disaster recovery (reliability for DR) (48 percent)
• Cost (46 percent)
• Performance (45 percent)
• Configuration and management (44 percent)

Some other notable findings include that the top three VPN use cases were remote user access (83 percent), site-to-site connections (57 percent), and site-to-cloud and/or cloud-to-cloud connections (48 percent) and that the top three VPN vendors were CISCO (63 percent), Palo Alto Networks (22 percent), and Check Point (12 percent).

What Works Better

While it was certainly surprising to have such a large percentage of those responsible for keeping malware from penetrating their network tell us that their network had likely already been compromised, I’d expect this number to grow in the future. The reason for this assumption is based on the rise in bad actors who worked hard the past year to identify and exploit pandemic-related data security vulnerabilities.

Naturally, we didn’t just commission this research to hone in on current problems, but to identify future solutions. We asked respondents for feedback on what improvements, features, functionality, and capabilities they viewed as ideal in a next-gen VPN or competitive solution. I personally wasn’t surprised that given the limitations of current VPNs, the vast majority of IT professionals—86 percent of those surveyed—were open to considering alternatives if a different solution could improve on VPN’s security, configuration and management, cost, performance, and availability. Notably, nearly 90 percent of respondents told us they would prefer to replace their VPN if another solution would help them easily limit remote users’ access to specific applications or services—without creating a network attack surface.

A solution like this does currently exist through SDP software, which makes it so that users can only access authorized apps, rather than a slice of the whole network. This removes the possibility of lateral movement, since data flows between remote users, clouds, and sites. SDP is also much simpler than VPN when it comes to configuration, management, and maintenance, and also offers high-level performance using encrypted micro-tunnels and public key authentication.

Future Insights

We learned a lot from this research about what enterprises are struggling with, what their needs are, and what can help them do better. While it provided immense and immediately actionable insight, we knew that this research would need to be considered the first phase of an ongoing effort to learn more, given the cataclysmic shift that was taking place during COVID-19. Since the pandemic hit during the analysis phase of our initial research, many companies suddenly found themselves trying to help employees navigate the challenges of a work from home (WFH) scenario—including how workers could gain secure access to their organization’s applications and information.

While simply gaining access was the priority for most workers, IT had the larger consideration of ensuring both that their employees had uninterrupted access, and that it was optimally secure. We’re going even deeper in our next research phase that is currently underway to examine how today’s WFH paradigm has shifted the data security and VPN landscape. We look forward to sharing the results of our phase 2 research shortly.