Zero Trust Architecture - Modern Work Anywhere Architecture Without VPN
(Security Magazine) In the 12th Century, Mongols successfully raided walled cities, one after the other, leading to the demise of walled-city architecture for protection. In our modern 21st century, the classic “moat and castle” network design is going through a similar phase as the high-trust flat network with high-cost and less-scalable tunnel “VPN,” no longer provides a trusted expansion of the network in today’s remote world.
Today’s attackers see this vulnerability with the traditional VPN model, as VPN alone does not have limiting controls if compromised. This risk is increased with attackers shifting towards identity attacks using credential stuffing versus brute force attacks. This is all due to how easily and cheaply it is to purchase compromised credentials on the dark web. This attack vector exploitation has been further accelerated due to:
· An increase in cloud adoption and usage of SaaS across organizations.
· Enterprise applications (e.g., O365, ERP, and other systems) are transitioning to the cloud, which does not allow the usual approach of having a Demilitarized Zone (DMZ) to protect internal networks from untrusted traffic.