Reworked November 24, 2020 – Now Is the Time to Replace VPN With Zero Trust
…
What Is Wrong With VPN?
The perimeter methodology that VPN relies on makes it particularly vulnerable to attackers, said Steve Tcherchian, chief information security officer at XYPRO, a cybersecurity analytics company, by giving users and devices unfettered access to the network once they have been identified and authenticated at the perimeter. “Attackers love this,” he said. “Once they’re in, they can spend as much time as they need to move around from device to device. In some cases, once authenticated to the VPN, this could mean access to thousands of devices.”
Tcherchian said several recent data breaches can be attributed to this methodology of trust, and it enabled attackers to gain access to everything the vendor or contractor had done in the past. “This is no longer a sustainable security strategy,” he said. “Moving to a Zero Trust model removes that layer of perimeter security. Every user and device, whether outside the VPN or inside no longer has access to devices. Even if they’re inside the VPN, there is no access unless explicitly granted on an as-needed basis.”
…
To read the full article visit reworked.co/
Steve Tcherchian, CISSP, PCI-ISA, PCIP is CEO of XYPRO Technology, a leading provider of mission-critical cybersecurity solutions that protect the digital backbone of industries worldwide. With over 20 years of experience, Steve brings a unique blend of technical expertise, strategic vision, and a customer-first approach that has transformed XYPRO into a top-tier cybersecurity provider, driving record growth and accelerated adoption of its threat detection and compliance solutions across diverse sectors.
A passionate advocate for cybersecurity, Steve is dedicated to demystifying the complexities of the industry and sharing actionable insights on global stages as a sought-after speaker. His contributions extend beyond the podium: as a former member of the ISSA CISO Advisory Council, the X9 Security Standards Committee, the Forbes Tech Council, and as a patent holder, Steve has shaped pivotal cybersecurity standards and innovations that safeguard the world’s most critical workloads.
