VPN

Do Virtual Private Networks (VPNs) really simplify the task of setting up secure connections to remote edge devices?

What Isn’t Working

VPN solutions were originally designed primarily to secure office campuses, data centers, and for secure remote access by field workers to their corporate networks. The lack of flexibility or intelligence of VPN to meet machine builders’ specific needs leads us to the five major defects of VPNs that users experience when applying the same to the edge:

1. Time-consuming setup requires extensive IT knowledge: Several manual steps are required to properly establish secure authentication and connectivity with remote machines and things. This process is complex, time-consuming, and requires extensive IT knowledge, which most field automation engineers are not familiar with.
2. Compromises in corporate security policies are needed for remote access to machines: VPNs need specific network rules to permit 2-way traffic to flow. As a result, creating flexible firewall rules has proven to be a major challenge for most IT departments, especially those managing dispersed industrial networks.
3. Securing remote connections involves complexity and high cost: Most VPNs between machine builders and machine operators are usually site-to-site connections. They cannot restrict access to selective groups of edge devices.
4. Applying patches is not even feasible: Applying software updates over the air or security patches is not feasible without manual intervention.
5. Access credential management is hard to manage and does not scale: Management of pre-shared access credentials does not scale and becomes extremely difficult to manage. For example, when VPN servers or client systems are changed, certificates must be regenerated, and so on.

Conclusively, VPNs have been reduced to ‘very primitive networks’ and just do not fit the needs for secure remote access in today’s emerging world of edge computing.

The Way Going Forward

As Gartner recommends , what security and risk professionals in today’s digital enterprise need is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need access to. Think of an edge compute friendly, modular network infrastructure that functions as a global virtual LAN with firewalls, identify and access management, over-the-air updates, remote access and troubleshooting, etc., all built-in foundationally. This network runs over any untrusted host as well as over any access or cloud infrastructure for diverging edge computing needs. The network can self-isolate depending on user needs while remaining invisible to the rest of the public Internet. Lastly, such a network infrastructure must offer a user-friendly interface for facilities operators to manage the network seamlessly, all from a single pane of a glass-based dashboard.

Key Takeaway

Industrial enterprises with dispersed assets and diverse data sources are increasingly realizing that relying on VPNs that were originally designed to provide secure connectivity with enterprise data centers and campuses is simply futile. Legacy VPNs do not scale for machines, devices, sensors, and so on. Instead, the digital enterprise of tomorrow needs an identity-centric, network-security based model that is akin to a global virtual LAN that makes assets invisible from the public Internet. This helps enterprises realize economies of scale, and democratize the remote access security and connectivity needs of dispersed edge networks aiming to drive business efficiencies with the power of data analytics.