It’s been almost one year since the world’s workforce was first disrupted by COVID-19. Since then, remote work has catapulted from the occasional employee perk into an enterprise mainstay that will be with us for years to come. In fact, indications are that nearly one-third of workers today do not want to return to an office following the pandemic, according to a recent 9,000 person survey by Slack’s Future Forum.
The normalization of the distributed workforce has spawned many unforeseen networking and cybersecurity challenges for infrastructure and operations (I&O) leaders and IT teams in general. The majority of these teams had few plans, if any, in place to address a widespread employee exodus from the brick-and-mortar office over a long period of time.
As the coronavirus raged on, and it became more and more clear that no ‘return to normal’ was immediately within reach, widespread industry chatter started to emerge on whether or not new technologies like the software defined perimeter (SDP) or secure access service edge (SASE) platforms could help alleviate the most common security and connectivity issues.
In the early summer of 2020, NetMotion put this speculation to the test, surveying over 630 IT and security leaders on their organization’s usage or planned adoption of SDP. What we found was that while SDP piqued people’s interest, the overwhelming majority of organizations had not implemented this zero-trust architecture. Instead, we found that most organizations – over 85% – were relying on the oft-maligned enterprise VPN, with nearly 50% suggesting that their company’s VPN usage would continue well into 2023 and beyond.
We recently commissioned another survey – this time of 750 IT leaders in Australia, Germany, Japan, the United Kingdom and the United States – in an effort to both quantify and qualify the business impact of VPNs throughout the first year of the COVID-19 pandemic. Our audience included CIOs and CTOs, as well as IT and network directors, and security analysts across legal, finance, public safety, transportation, healthcare and government sectors.
Business leaders overwhelmingly relied on VPNs to survive remote work
What we discovered was that in 2020, VPNs remained the top cloud security tool deployed by enterprises, with 54% of respondents reporting that their organization relied on a VPN for secure remote access. By contrast, only 15% of organization’s reported utilizing ZTNA/SDP solutions, which admittedly are still a relatively new category. This makes sense when considering that only 4% of enterprises globally have fully migrated to the cloud, revealing that the vast majority of companies still have at least some assets stored locally, according to this survey.
The results also suggest that modernizing legacy technologies such as VPNs, firewalls, and secure web gateways (SWG), was a more attractive initiative to IT leaders than the adoption and implementation of new solutions, such as control access security brokers (CASB), ZTNA and edge content filtering, among other technologies inherent to SASE architecture. This too makes sense when we consider that most organizations were desperately trying to scale existing tools rather than attempt a forklift upgrade. At the time, doing so was obviously the path of least resistance.
In terms of VPN usage, the technology proved most popular among law firms (56%) and financial service organizations (49%), while 56% of private-sector organizations reported having utilized VPNs. Public sector leaders, in contrast, reported only 29% VPN adoption, instead prioritizing cloud secure web gateways (37%) and firewalls-as-a-service (42%).
This aligns with our survey results, which found that private companies are slightly more likely to have migrated entirely to the cloud (3% vs 2%) and three times more likely to have migrated at least a quarter of core applications to the cloud (28% vs 9%). The private sector is also far more likely to have already started adopting zero-trust policies than public sector organizations.
Geographically speaking, 62% of Australian enterprises utilized VPNs, more than organizations headquartered in any other country surveyed. The U.S. ranked second at 60%, while Germany (52%) and the U.K. (50%) both outpaced Japan’s 46% adoption rate. Interestingly, no country surpassed 15% in ZTNA/SDP adoption.
VPN to remain a consequential technology in the near-term
When times got tough in 2020, IT leaders across the globe overwhelmingly turned to enterprise VPNs to provide secure remote access for thousands of employees. This fact is so indisputable, that it can be objectively argued that VPNs did more to ensure business continuity last year than any other technology did, or even could have done.
That is not to say that the VPN in its current form cannot be improved upon. The migration of data, applications and services from being on-premises resources to cloud-centric resources is continuing at a rapid clip. This in turn will naturally lead to greater adoption of SDP and SASE-based technologies in the not-too-distant future. But just how far off are we from ubiquitous embracement of a zero-trust world? Later this month we’ll reveal the second part of our survey results, which focus on SASE and SDP/ZTNA adoption.
