Cybersecurity Study Sees Zero Trust Replacing VPNs
As hybrid home/office workplace schemes become the new normal, more organizations are replacing the traditional VPN approach with Zero Trust architectures and remote desktop tech, a new survey indicates.
Reaffirming similar surveys, the new report from Teradaci makes it clear that hybrid is the new way.
"Virtually all respondents (99 percent) reported their companies will have a hybrid workforce, and nearly 40 percent expect half of their workforce to operate remotely at least twice a week post-pandemic," Teradici said. "This will precipitate a number of changes to network environments and architecture due to significant security concerns. Device authentication and authorization must be taken seriously."
That's one of the key takeaways from the corporate cybersecurity report titled "Securing the Hybrid Workplace in 2022 and Beyond," the first such survey from the creator of the PCoIP remote display protocol, which delivers desktops and workstations from a datacenter or public cloud to end users. It polled 8,392 respondents from 30 countries around the world last summer.
Teradici noted that while organizations have largely relied on VPNs to help employees connect remotely -- with many not yet having moved to the cloud -- remote desktop technologies with Zero Trust architectures will replace VPNs. Along with that measure to better protect corporate networks, IT needs to enhance the security awareness of employees to prevent human leaks and breaches.
Zero Trust is an increasingly popular security approach as organizations are besieged by sophisticated ransomware and other cybersecurity exploits. It has been adopted by major cloud players like Microsoft to fight ransomware and has been described as the future of network security.
"The pandemic has caused a fundamental shift in how people work, and the 'office' will never be the same," said HP exec Ziad Lammam (HP recently acquired Teradici). "As a result of the enormous security concerns associated with unmanaged devices, as well as BYOD, organizations are changing how they think about securing their corporate assets. Expect to see companies move away from traditional VPNs to Zero Trust architectures to shore up their endpoints and protect their data."
And that's already happening, with 78 percent of respondents currently implementing or planning to implement Zero Trust architectures in the next two years, while 19 percent are planning such implementations but are unsure of when. Only 2 percent have no such plans. Those numbers aren't too far off from a Firemon survey covered by Virtualization & Cloud Review earlier this year. It indicated 69 percent of organizations planned to implement Zero Trust within two years, in addition to the 16 percent that have already implemented it. Some 7 percent said they had no such plans.
However, those Teradici numbers are pretty far off from a Thales cloud security report we covered last month, wherein the company said: "Where large numbers of organizations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical. However, nearly half (48 percent) of business leaders globally admitted their organization does not have a Zero Trust strategy, and a quarter (25 percent) aren't even considering one."
In the Teradici survey, though, respondents believe Zero Trust Adoption will advance even quicker than what research firm Gartner predicted near the end of 2019: "By 2023 60 percent of enterprises will phase out VPNs in favor of Zero Trust access."
"Survey respondents not only agreed (37 percent), a further 38 percent anticipate that new workplace flexibility requirements spurred by hybrid work will accelerate Zero Trust adoption even faster," the report said. "18 percent believe Zero Trust adoption will take longer than Gartner predicts, and only 6 percent think that VPNs will not be phased out to such an extent."
While 78 percent of respondents said they are currently implementing or planning to implement Zero Trust architectures in the next two years, the primary methods of mitigating corporate data exposure via home-based devices right now is:
- VPN tech: 41 percent
- Remote desktop tech, or Desktop-as-a-Service (DaaS): 55 percent
- Employment contract terms or personal trust: 4 percent
Other highlights and observations included in the report include:
- Hybrid work is here for the long term, and you need a security architecture that covers both in-office and remote access requirements. Don't just plan a security architecture for remote access; now is the time to consider in-office changes as well.
- Use of BYOD will continue to rise significantly, increasing the risk of data breaches. Security infrastructure and employee training need to function in tandem.
- Only 10 percent of workers are predominantly using corporate-owned devices, with 74 percent of companies expecting more use of BYOD.
- 94 percent of respondents indicated their companies are concerned about the security of corporate data exposed via home-based devices.
- Besides the need for both user and device authentication, continuous authorization of devices will be critical to an end-to-end Zero Trust posture.
- Even with fewer commuting days, workers' treks are a security concern: The survey showed that 53 percent of respondents plan to enable employees to commute with endpoint devices, and this is a hot button of concern for IT. Nearly all respondents (98 percent) are concerned about security and/or data integrity as a result of employees commuting with endpoint devices.
- BYOD is back: Of survey respondents, 90 percent say their companies are using a mix of employee-and corporate-owned devices; only 10 percent are predominantly using corporate-owned devices. The mix of devices will likely continue to escalate, with 74 percent of respondents reporting they expect more use of BYOD, and nearly 25 percent seeing increased need for device authorization to protect against data breaches.
- Looking ahead 2 to 3 years, the primary user authentication method for corporate services and remote desktops will be "Authenticate from the endpoint against a federated on-premises identity service (e.g. Microsoft ADFS)," listed by 46 percent of respondents.
The 13-page report is available for free upon providing registration information.
David Ramel is an editor and writer for Converge360.