SDP/ZTNA vs. VPN

Elana Marom
November 24, 2020

Once Upon a VPN 

In today’s challenging reality, remote access has become a basic requirement for businesses of all kinds, sizes, and locations. An enterprise’s ability to shift to a work-from-anywhere model instantly, securely, and at scale, will determine how it will weather the COVID-19 crisis.

A common way to provide remote access is with VPN; and enterprises naturally assumed they could extend their VPN solutions to keep up with evolving business needs, continuous security challenges, and the sudden explosion of remote users.

To find out if this assumption is true, let’s answer the following five questions:

1. Is VPN still relevant?

Over two decades ago VPN was the technology for providing secure remote access to the Internet. And at about the same time, the Motorola StarTAC was the mobile phone available in the market… So yes, while VPN was once the best remote access solution for the business, it no longer is.

The modern digital business of today works differently and requires a new approach to remote access. An approach that enables capabilities such as granular security, global scalability, and optimized performance. Yet, VPN fails to address these capabilities.

  • VPN doesn’t enable granular security policies. Instead, VPN provides users with a secure connection to the entire network, rather than to specific applications. This expands the attack surface and badly affects the enterprise’s security posture.
  • VPN was never designed with the purpose of delivering all users, at all locations, immediate and ongoing connectivity to enterprise applications. However, in a work-from-anywhere environment, this is exactly what’s needed; and VPN’s inability to support global scalability results in slow response time and negative impact on employee productivity.
  • Optimized performance isn’t supported by VPN as it relies on the unpredictable Internet. This means that for global access, IT needs to backhaul traffic to a VPN server in a datacenter and then to the cloud, adding latency to the VPN session and resulting in poor performance.

Simply put, if VPN doesn’t address the security, scalability, and performance needs of the business as it functions today, how relevant can VPN still be?

2. Can SDP address VPN’s limitations?

Software-defined perimeter (SDP) also known as Zero Trust Network Access (ZTNA), is gaining traction as the new (and preferred) approach for granting secure access to the modern business. When offered as a cloud service, SDP eliminates the scalability limitations of VPN and enables immediate increase in remote access, without requiring additional hardware or software. SDP also offers enhanced security as it provides granular access control at the application level, as well as monitoring capabilities.

So, is the answer to question #2 a simple yes? Not exactly. SDP is a better option than VPN, however, SDP as a stand-alone solution doesn’t address the critical needs of continuous threat prevention and performance optimization.

Continuous threat prevention is vital as it protects the network from threats caused by remote users (whether knowingly or unknowingly). Performance optimization is essential for granting users accessing applications from anywhere, the same experience they’d get if they were physically in the office. Without these two key capabilities, replacing VPN with just SDP seems – for lack of a better word – pointless.

3. What does Gartner think?

Gartner considers SDP to be a core component of its new market category called Secure Access Service Edge (SASE). This ensures a unified, cloud-native approach, which is the main difference between a stand-alone SDP and SDP delivered as part of SASE.

According to Gartner’s Hype Cycle for Network Security, 2020, when SDP is integrated into a SASE platform, it presents a “flexible alternative to VPN” with significant benefits to the digital business including:

  • Advanced security: SASE’s integrated security stack inspects all traffic passing through to the network regardless of its source or destination.
  • Unlimited scalability: SASE’s cloud-native, distributed architecture supports any number of users, anywhere in the world.
  • Enhanced Performance: A true SASE platform includes a private backbone and WAN optimization, removing the need for the unreliable public Internet and guaranteeing best performance for all users and applications.

4. What’s the big difference?

The business impact of SDP built into SASE is clear and immediate. Agility, user experience, ease of adoption, granular application access, ongoing threat prevention, and simple policy management are just some of the benefits. Mostly SDP with SASE supports the digital transformation and business continuity by enabling all employees to work securely and effectively from remote.

SDPZTNA vs. VPN

5. Is there a happy ending?

The Motorola StarTAC was the first flip phone ever and was broadly adopted by consumers across the globe. Still, consumers managed to happily move on (several times) to newly introduced, more advanced, and more relevant phones. The same is true with access solutions. Business needs have changed, requiring full time access to enterprise assets, alongside granular security policies to protect these assets.

SDP with SASE is an agile, remote access solution that delivers instant and unlimited scalability, ease of adoption, enhanced security, and optimized performance to all users worldwide. SDP with SASE is the adaptable solution for enterprises determined to keep their business afloat during a global crisis, while ensuring support for both unexpected changes and planned growth initiatives moving forward. It’s really time to say goodbye to VPN – without regret.

Elana Marom

Elana Marom

Elana Marom is a full stack marketer with over 20 years of experience in both startups and enterprises. As Director of Product Marketing at Cato Networks, Elana is passionate about raising awareness for SASE and helping customers leverage its value to prepare their business for whatever is next.