In a world of constant cyber threats, it’s no wonder companies seek the most secure remote access tools to ensure that only the right people have access to the right infrastructure. Yet even the best-intentioned security team can go about implementing remote access in ways that ultimately leave them vulnerable to infiltration. There are two big mistakes that companies make when it comes to controlling infrastructure access:
- Thinking that a VPN is sufficient.
- Using an access management solution that relies on a single root of trust, providing an easy target for potential attackers.
Let’s explore what each of these mistakes entails, and how to move past them by implementing zero trust technology with multiple independent roots of trust.
Why VPNs Are a Mistake for Secure Remote Access
How did VPNs go from a one-time de facto security standard a decade ago to a waning technology that the federal government does not want its agencies to use? It has everything to do with the shift towards a more distributed workforce. As more people moved away from the office and cybersecurity threats became more complex, VPNs no longer offered the scale or specificity needed to keep sensitive data safe.
VPNs function with a single security perimeter — either someone is in the private network or they’re not. This was okay when companies had limited applications, but the rise of microservices, distributed applications and multi-cloud requires that access is granted to specific targets, instead of entire networks. It is possible to control target access by cobbling together various SSH keys, bastion hosts and other components, but it’s a highly labor-intensive process and probably not the best use of a security team’s time.
Even if you did invest the time necessary to Frankenstein a secure system with one or more VPNs, there are a few other shortcomings that hinder emergency responses. Perhaps the biggest is a reliance on long-lived tokens. If a developer is given long-lived credentials for various system components when they need to access them, they may eventually gain access to the entire system.
How Moving Beyond VPNs Can Create New Risk
The shift to zero trust access is typically driven by the desire to offer short-lived credentials — authorizing access to targets for only the minimal length of time required — and is achieved using processes like multi-factor authentication (MFA). Yet user credentials have to live somewhere, and in many cases, there is a single secret vault (called a root of trust) where credentials are managed, typically a single sign-on (SSO) system or identity provider (IdP).
The presence of a single root of trust undermines an otherwise secure remote access system, because it provides a single target that attackers can infiltrate. Once credentials are compromised, assailants can wreak havoc with little to stop them. The root of trust generally checks MFA attempts, so once a compromise happens, MFA is no longer a safeguard. Of course, no one plans for their infrastructure to be compromised. But the constant barrage of breaches (including the SolarWinds incident, which marked a turning point in terms of raising awareness of potential breaches) suggests that it’s better to treat compromise as inevitable.
Why Having Two Roots of Trust Makes a Huge Difference
It stands to reason that if a single root of trust is a vulnerability, then adding a second authority that has to approve users would help to improve secure remote access. If two standalone systems have to fall for an attacker to gain access, that’s a much harder task than just taking down one.
The use of multiple roots-of-trust is enabled by MrZAP (or, in full, Multi-Root Zero Trust Access Protocol) — and it’s the crux of the way BastionZero provides secure remote access. BastionZero pairs with your IdP to quickly provide just-in-time access to targets. It’s a simpler and more secure way to provide access to infrastructure than either VPNs or a standalone IdP or SSO provider alone. It’s the way to do zero trust with maximum peace of mind.
See BastionZero in Action
BastionZero connects teams to resources and requires no additional infrastructure to deploy or manage. It is the first—and only—cloud-native solution for trustless access providing multi-root authentication while maintaining zero entitlements to your systems.
With BastionZero, you can reclaim your architecture from over-privileged third parties and ensure that the right people have access to the right resources at just the right time—every time.
Schedule a demo now to see how you can trust less and access more with BastionZero.