sdp-report-scrolling-background.jpg

An introduction to software

defined perimeters (SDP)

and zero trust network

access (ZTNA)

An overview of the emerging SDP technology, including explanations of the underlying principles and examples of how to apply them. This report also contains original research and data that validates the shift towards SDP, helping IT and security leaders navigate the remote access landscape in a world dramatically impacted by the events of 2020.

Software-defined perimeters (SDPs) are not new. The concept was first introduced in 2014 by the Cloud Security Alliance but, in reality, it didn’t gain much traction until the end of the decade, when organizations began evaluating the technology more seriously. As recently as 2018 the number of vendors providing SDP solutions was scarcely more than ten. Fast forward to 2020 and that number has climbed to over 30.

An indication of the category’s extraordinary growth can be seen in its robust M&A landscape. Verizon acquired Vidder SDP in late 2018, followed by the acquisition of Impulse by Opswat, Luminate by Symantec and Meta Networks by Proofpoint in 2019.

That year also marked the first publication of a Gartner Market Guide covering the space. Instead of embracing the SDP term, Gartner opted to create the Zero Trust Network Access (ZTNA) category, an alternative label for the same fundamental technologies. This research was updated in mid-2020, expanding the scope of the original specifications, as well as the list of representative vendors. 

An introduction to software-defined perimeters

"Zero trust" search interest over time

What exactly are software-defined perimeters? Perhaps more importantly, why is everyone talking about them? This report is aimed at explaining the fundamental concepts of the technology, drawing upon original research and market sources to give readers an overview of this explosive new category.

Search interest in "zero trust", 2015-2020 (via Google Trends) 

Market Guide for Zero Trust Network Access (ZTNA)
by Steve Riley, Neil MacDonald and Lawrence Orans, Gartner 2020

"As more organizations transition to remote work, ZTNA has piqued the interest of organizations seeking a more flexible alternative to VPNs."

The events of 2020 cannot be ignored in any conversation about remote access. Earlier, in February and March, organizations across the globe rapidly scaled their remote working programs, sending employees home and scrambling to equip them with the tools they need to work effectively outside the office. Several corners of the IT stack groaned under the pressure, experiencing issues with everything from video conferencing to filesharing, but few approach the intensity of the turmoil caused within the remote access arena. Many IT departments discovered that scaling legacy VPNs is far from easy, exacerbated by problems with access to hardware, load balancing, network throttling and major performance issues. These problems conspired to prevent remote workers from being as productive – or secure – as they could be. IDC research, conducted several months into the lockdown, revealed that remote access was the number one technology investment area being considered by IT leaders as a direct result of the disruption caused by the pandemic.

Although the lockdown has naturally had a profound impact on remote access and remote working in general, it is important to stress that many of these changes had already begun to take place, albeit at a slower pace. Further research by IDC in 2015 correctly predicted the growth in mobile working, claiming that over 105 million workers – or roughly 75% of the workforce – would be mobile workers by 2020, without taking into account the impact of COVID-19.

As the dust settles and the consequences of this pandemic become clearer, IT leaders across every industry are closely inspecting their remote access strategies, from the policies they have in place to the technologies upon which they rely. Software-defined perimeters are at the nexus of this movement.

International Data Corporation, May 2020

Remote access in the age of COVID-19

COVID-19 impact on IT spending

Solving the Challenges of Secure Remote Access
by Rob Smith, Steve Riley, Nathan Hill, Jeremy D’Hoinne. Gartner, March 2020. 

"Remote access VPN was thought of as a dying technology until COVID-19 changed the way people work."

Helpful resources:

Traditionally, remote workers have relied on a VPN to provide a safe, encrypted connection to corporate resources. But as the number of users has grown and the types of assets they access has changed, these legacy VPNs have become a liability. Even with multi-factor authentication (MFA) in place, older generation VPNs lack the ability to understand context, opening the door to anyone holding the correct credentials.

The answer, according to security experts, is to remove trust from the process. The concept of ‘zero trust’ was first coined in 2010 by John Kindervag, former Forrester Research analyst. As the concept gained popularity, it has become the basis for a new breed of tools that are ideal for a decentralized or remote workforce.

SDP solutions also go far beyond checking credentials too. SDP products vary in their architecture, but they will all make use of some kind of controller. This controller acts a bit like a context-aware decision maker. It gathers a variety of data, such as the application being used, the location of the device, the network it is connected to and much more. It then uses this realtime data to build a risk profile of each request, determining whether the user can access the resource based on the context of the moment. If that changes, access can be revoked. It’s an elegant way of ensuring users get what they need while reducing the attack surface of an organization.

The compelling driver for adoption is that it allows organizations to treat all of their resources equally, even for those resources hosted in the public cloud. With 84% of organizations migrating to the cloud according to the Verizon Mobile Security Index, SDP offers an innovative way of providing secure remote access in an increasingly cloud-based – and remote – workspace.

What is a software-defined perimeter?

A software-defined perimeter is a technology designed to create 1-1 connections between users and the resources that they need. It applies the principles of zero trust at its core. This is the idea that, by default, users are denied access until they can prove they are a legitimate user for that resource. It also embraces the concept of ‘least privilege’, meaning users only get access to the application they requested and nothing more – preventing any kind of lateral movement, because connections are to the resource, not the entire network.

Organizations more likely to evaluate an SDP/ZTNA solution as a result of the COVID-19 lockdown: 

In the Gartner Market Guide for ZTNA, it draws attention to the idea that as organizations transition to remote work, “ZTNA has piqued the interest of organizations seeking a more flexible alternative to VPNs and those seeking more precise access and session control to applications located on-premises and in the cloud”. Adoption is growing, fast.

IT, network and security teams are finding that they need to work more closely together to ensure that they have greater visibility and control all the way to the edge of the network. In a June 2020 study, 80% of organizations responded that they were now more likely to evaluate an SDP or ZTNA solution due to their greater need for remote access. 

sdp-diagram1.png
sdp-diagram3.png

William O’Hern, Chief Security Officer at AT&T 

"With SDPs, a user is not required to figure out the method
of access based on the context of where they are, what time of day it is, or what type of device they are using — the network takes care of this."

Helpful resources:

The primary principles of SDP are clearly a more sophisticated and modern way to approach remote access in 2020 and beyond. The impact of COVID-19 is driving interest in the technology, with multiple business units seeing the benefits of SDP over more traditional approaches.

Why SDP/ZTNA?

Reasons why organizations need SDP | visibility

Amount of visibility into remote workers by IT teams

Helpful resources:

Something that has come sharply into focus is the massive blind spot that companies face when it comes to securing remote workers. Employees sit in their homes, in hotels, in airports and in cafes, connecting to dozens of different networks. For most IT teams, it s almost impossible to get visibility into the devices, networks and activity of remote workers – certainly much less than when an employee is sat behind their desk in a company office.

In the NetMotion Secure Remote Access Survey conducted in June 2020, only 36% of IT and security leaders were satisfied with their visibility into remote workers.

With almost two-thirds of IT and security teams wanting more visibility, clearly there is a huge gap between where we are today, and where we need to be. This is why SDP technology, based on a zero trust architecture, is such a huge step forward.

SDP’s sophisticated, context-aware capabilities not only provide that missing visibility for security and IT teams, it allows for a much more granular and customizable set of policy controls that greatly improve the security of corporate assets.

In June 2020, NetMotion aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or bloc ed) URLs, otherwise known as risky content. The analysis revealed that over a one-month period, workers clicked on almost 12 risky URLS per workday on average, or a total of 59 per week.

Most common types of high risk URLs
encountered (count: 76,440)

Compared with January 2020, remote workers faced a 49% increase in the number of risky URLs they face on a daily basis (as of June 2020)

Bot nets

Malware sites

Spam & adware

Phishing & fraud

When workers are at their desks in a typical office environment, they are connected to corporate networks, often completely unaware that several layers of technology (such as firewalls) are in place to protect them. If we assume that employees’ online habits have not drastically changed over the last six months, it is also safe to assume that these now-remote workers are frequently accessing risky content that would normally be blocked. As a result, security leaders need to look to SDP and other Secure Access Service Edge technologies that can provide web filtering on any network as they seek to evolve outdated network security strategies.

The benefits of SDP

  • Protect resources - applications for SaaS, on-prem or private cloud are protected from intruders and attacks, made ‘dark’ to outsiders

  • Treat access to all resources equally, regardless of where they are hosted, securely managing the transition to cloud

  • 1-1 connections between users and resources mean that lateral movement between applications is impossible

  • Protect users - with some SDPs, users are unable to access high-risk content – based on compliance, productivity and security concerns – no matter the network, and without requiring a VPN

  • Traffic is only secured when its needed, and frictionless when it isn’t
policy-controls-diagram2.png

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software

64% of IT and security leaders are dissatisfied with their level of visibility into remote workers

When it comes to securing remote access, it stands to reason that you can only protect what you can clearly see. The opposite is also true; where there is little visibility and oversight of employees’ activity, then the security risk increases. Not being able to get insights into what’s happening becomes a major security concern.

In June 2020, NetMotion conducted a survey of C-level executives, directors, managers and architects from across the security and IT landscape. Almost half consider the risk that remote workers are exposed to as being either high or extremely high. The overall picture is unmistakable – a full 97% of these security and IT leaders believe that remote workers are exposed to greater risk than traditional office workers.

Reasons why organizations need SDP | security

Risk level that remote workers are exposed to compared with traditional office workers

Extreme

High

n/a

Low

Moderate

Organizations concerned by threats to remote workers

In the same survey, security and IT leaders were asked what they considered to be the riskiest activity for their remote workers. Although things like shadow IT and accessing unknown or insecure Wi-Fi connections were also important, risky URLs were by far the greatest fear.

In a similar vein, the 2020 Verizon Mobile Security Report revealed that the average person connects to three insecure hotspots per day. In the same report, Symantec provided data showing that compared to the office environment, home internet connections were 0.7 times riskier, hotel connections were over 50 times riskier, and public Wi-Fi hotspots were a staggering 94.7 times riskier.

Mobile Security Report
Verizon 2020

42% of employees used at least one public file-sharing service, and on average, every organization uses six different file-sharing platforms

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software 2020

97% of security leaders consider remote workers as exposed to more risk than office workers

Helpful resources:

As more organizations evaluate the benefits of deploying an SDP solution over the coming months and years, there is one very important factor to consider – the employee experience (EX).

Organizations have traditionally been much better equipped to track customer engagement and experience than they have been at fostering a positive employee experience. As more attention is paid to understanding EX, these organizations are realizing the impact that it can have on their bottom line.

Employee experience pays dividends

There are so many moving parts to the employee experience. It starts at the hiring process and includes factors such as work environment and corporate culture, workload, colleagues, tools and more. An organization that manages these things well can reduce churn and reap the rewards of an engaged workforce. Managed poorly and it can quickly impact every aspect of the business negatively.

In an EX report created by NetMotion in 2019, companies actively investing in EX were found to enjoy an 18-point boost in net promoter score (NPS), an average of four times better profitability, and 1.5 times faster growth than their competitors.

Even with fast home internet, remote workers often face frustrating network slowdowns, whether downloading data or when communicating with colleagues over video conferencing tools such as Microsoft Teams, WebEx or Zoom. The transition to remote work has not gone smoothly for many employees, with 89% reporting that they have experienced problems connecting to the data and applications they need while working from home.

The IT, security or network team planning an SDP deployment needs to consider the impact of any changes on EX. Any remote access solution will have an impact on the way employees interact with their colleagues and connect to data. A combination of the wrong tools or burdensome security restrictions can quickly lead to shadow IT and other risky behaviors. The goal should always be to improve the user experience.

Most workers will agree that they simply want to be productive and get their jobs done. Today, however, the tools and applications that have worked best inside an office environment may not work for decentralized workforce. Likewise, the firewalls and other security infrastructure that protects office workers doesn’t extend well to remote workers. In the aforementioned EX report, NetMotion found that the most frustrating problems facing remote workers included network disconnects, cumbersome reauthentication processes, slow network speeds and difficulties accessing corporate networks

Security without the burden of security

The best SDP solutions avoid disruption

Disruption is the enemy of productivity. That’s why every IT administrator, security and network team approaches the evaluation of new products with justifiable caution. Despite many security vendors claiming that the VPN is dead, organizations can use VPN as a stepping stone to a software-defined perimeter solution that can grow with them as they evolve toward zero trust. This is a far easier way to adopt SDP than a complete rip-and-replace mentality.

The transition to SDP can take anywhere from a few months to a few years. The key takeaway is that the best solutions are ones that are virtually invisible to employees. They are OS, device and network agnostic. And they actually improve the employee experience with more reliable connectivity, rather than detracting from it. Working with employees to find the most suitable solution is a critical step in the journey that will benefit the entire organization for years to come.

The employee experience matters

Has working from home caused experience or connectivity issues for remote workers?

Yes, it's been very difficult

Yes, there have been some challenges

No, there have been no issues

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software 2020

20% of mobile
workers list a restrictive
IT security policy as their most frustrating issue
at work

Helpful resources:

In June 2020, NetMotion surveyed 633 professionals employed in IT, network and security professions across the US, UK and Australia. The study found that 87% of organizations continue to make use of a corporate VPN. This number is expected to shrink to 45% over the next three years, instead of being entirely replaced by either cloud access security broker (CASB) or SDP solutions.

The migration to alternative solutions is taking place for a variety of reasons. The Verizon Mobile Security Index 2020 suggests that 84% of enterprises are increasing their reliance on the cloud. VPN technologies were originally designed for the era of on-premise applications and data, providing a way for remote workers to reach business resources when not physically connected to the corporate network. Both CASB and SDP offer an intelligent way of protecting enterprise data from unapproved access in the cloud, presenting a more attractive option for IT leaders than legacy VPNs. The questions for many organizations is not if to implement new remote access solutions but rather when and how.

devices-deployment-diagram1.png

The Gartner research “Solving the Challenges of Modern Remote Access” by Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne provides a framework for organizations seeking to move away from VPN and towards these new alternatives. It offers guidance for network professionals n selecting a new solution, including advice on how best to gather requirements and to test capabilities. The decision trees are exhaustive, and also cover topics such as virtualization, but can be distilled into a simple summary for
remote access.

The reality is that the overwhelming majority of companies will need a combination of both VPN and SDP in the medium term. On-premise servers were still in place at 98% of organizations in 2019, according to Spiceworks. A NetMotion survey found the exact same figure to be true in 2020, also revealing that 75% of organizations had at least four on-premise applications in place. Requiring both a VPN and an SDP/ZTNA for the next few years is a sentiment repeated widely across the industry. Quadrant Knowledge Solutions puts it succinctly in its paper Market Insights: Software Defined perimeter (SDP) for Zero Trust Network Security, stating that “over the near-term, the majority of SDP deployments will co-exist with VPN to provide end-to-end access security.”

Choosing between VPN, CASB and SDP/ZTNA

Gartner's decision tree

Helpful resources:

Number of on-premise corporate applications

It is clear that any organization still using a blend of different hosting options for its enterprise resources should use both a VPN and an SDP solution. Making the transition to the cloud is difficult, and IT departments need solutions that the business’s requirements today, with the ability to scale to meet the increasingly zero-trust-oriented needs of tomorrow. 

Using two disparate solutions for SDP and VPN can be potentially problematic – issues highlighted by Gartner as creating “policy duplication” or “technology overlaps.” To avoid this kind of unnecessary duplication and complication, IT and security leaders should look to vendors that can provide a single, cohesive platform for both solutions. The goal should be to eliminate the impact of these concerns and transition towards zero trust in a seamless way.

Are all of your enterprise applications hosted on the public web? (For examplee SaaS, O365)

Start here

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software 2020

87% of organizations are using a VPN in 2020. 45% of organizations will still be using a VPN by the end of 2023

homepage-mockup.png

The objective of this report is to explain the core concepts of software-defined perimeters, outlining the key components and benefits behind their rapid market adoption in 2020. Those points are summarized below:

  • Software-defined perimeters offer a more intelligent way of providing secure remote access for an increasingly diverse workspace, using context to determine access permissions to single enterprise resources.

  • SDP solutions reduce the attack surface, prevent lateral movement and are a cloud-first method of applying the principles of zero trust to remote access.

  • IT and security leaders are attracted by the increased visibility and edge-based policy controls offered by some SDP vendors, with 97% concerned that remote workers are currently exposed to more risk than traditional office employees and only 36% satisfied with current visibility levels.

  • Employee experience must be central to any remote access strategy, with 89% of remote workers encountering connectivity or experience issues during the lockdown.

  • The SDP market is growing fast, with 80% of organizations more likely to evaluate the technology as a result of COVID-19 as they seek to evolve their broader VPN and remote access strategies.

  • Very few enterprises are ready to jettison their VPN altogether, with 98% still using at least one on-premise application and the majority still expecting to use a VPN in the coming years. Experts agree that there will be a lengthy transition period in which organizations use a VPN alongside an SDP as they manage the slow migration to the cloud and to universal zero trust policies.

Summary

Methodology

This report includes data from three surveys conducted by NetMotion:

“Choosing between VPN, CASB and SDP/ZTNA”

*About this data: In June 2020, NetMotion surveyed 633 professionals employed in enterprise IT, network and security positions across the US, UK and Australia. Their responses revealed statistics such as current VPN usage (87%), and the percentage of organizations that expect to still be using a VPN in 2023 (45%).

The mobile employee experience report

*About this data: NetMotion conducted an anonymous survey in August, 2019, and received a total of 285 responses. The results of this survey were used to ascertain the top 10 things about the remote working experience that frustrated employees most.

Employees use of corporate-owned devices to stream YouTube and Netflix spikes as remote work persists

*About this data: An anonymous survey about streaming habits on corporate-owned devices was conducted in June, 2020. This survey returned results from more than 280 people who were working remotely at that time. The results of this survey were combined with anonymized information derived from NetMotion’s internal sources.

NetMotion finds that remote employees are dangerously exposed to risky content

*About the data: NetMotion aggregated data sourced from anonymized network traffic over a 30-day period from May 21st to June 19th, 2020. The search returned a pool of 76,440 URLs that are associated with flagged (or blocked) URLs, otherwise known as ‘risky content.’

Resources

Why NetMotion?

NetMotion SDP provides a more intelligent way to deliver secure remote access. The platform analyzes every unique request by remote workers, using dynamic, contextual data about each device, ultimately deciding whether to authorize access to enterprise resources. Unwanted and risky connections are blocked, meaning critical cloud and on-premise applications remain protected. The solution also provides full visibility and control into work devices, no matter which network they are connected to.

NetMotion is the only solution to provide both SDP and VPN in a single platform, helping organizations modernize their remote access strategies in a way that actively improves the user experience.

Market Guide for Zero Trust Network Access (ZTNA)
by Steve Riley, Neil MacDonald and Lawrence Orans

"Although VPN replacement is a common driver for its adoption, ZTNAs rarely replace VPN completely."

sdp-report-scrolling-background.jpg

An introduction to software

defined perimeters (SDP)

and zero trust network

access (ZTNA)

An overview of the emerging SDP technology, including explanations of the underlying principles and examples of how to apply them. This report also contains original research and data that validates the shift towards SDP, helping IT and security leaders navigate the remote access landscape in a world dramatically impacted by the events of 2020.

This report is best viewed on desktop.

An introduction to software-defined perimeters

Software-defined perimeters (SDPs) are not new. The concept was first introduced in 2014 by the Cloud Security Alliance but, in reality, it didn’t gain much traction until the end of the decade, when organizations began evaluating the technology more seriously. As recently as 2018 the number of vendors providing SDP solutions was scarcely more than ten. Fast forward to 2020 and that number has climbed to over 30.

An indication of the category’s extraordinary growth can be seen in its robust M&A landscape. Verizon acquired Vidder SDP in late 2018, followed by the acquisition of Impulse by Opswat, Luminate by Symantec and Meta Networks by Proofpoint in 2019.

That year also marked the first publication of a Gartner Market Guide covering the space. Instead of embracing the SDP term, Gartner opted to create the Zero Trust Network Access (ZTNA) category, an alternative label for the same fundamental technologies. This research was updated in mid-2020, expanding the scope of the original specifications, as well as the list of representative vendors. 

Market Guide for Zero Trust Network Access (ZTNA)
by Steve Riley, Neil MacDonald and Lawrence Orans, Gartner 2020

"As more organizations transition to remote work, ZTNA has piqued the interest of organizations seeking a more flexible alternative to VPNs."

What exactly are software-defined perimeters? Perhaps more importantly, why is everyone talking about them? This report is aimed at explaining the fundamental concepts of the technology, drawing upon original research and market sources to give readers an overview of this explosive new category.

"Zero trust" search interest over time

Search interest in "zero trust", 2015-2020 (via Google Trends) 

Remote access in the age of COVID-19

The events of 2020 cannot be ignored in any conversation about remote access. Earlier, in February and March, organizations across the globe rapidly scaled their remote working programs, sending employees home and scrambling to equip them with the tools they need to work effectively outside the office. Several corners of the IT stack groaned under the pressure, experiencing issues with everything from video conferencing to filesharing, but few approach the intensity of the turmoil caused within the remote access arena. Many IT departments discovered that scaling legacy VPNs is far from easy, exacerbated by problems with access to hardware, load balancing, network throttling and major performance issues. These problems conspired to prevent remote workers from being as productive – or secure – as they could be. IDC research, conducted several months into the lockdown, revealed that remote access was the number one technology investment area being considered by IT leaders as a direct result of the disruption caused by the pandemic.

COVID-19 impact on IT spending

Although the lockdown has naturally had a profound impact on remote access and remote working in general, it is important to stress that many of these changes had already begun to take place, albeit at a slower pace. Further research by IDC in 2015 correctly predicted the growth in mobile working, claiming that over 105 million workers – or roughly 75% of the workforce – would be mobile workers by 2020, without taking into account the impact of COVID-19.

As the dust settles and the consequences of this pandemic become clearer, IT leaders across every industry are closely inspecting their remote access strategies, from the policies they have in place to the technologies upon which they rely. Software-defined perimeters are at the nexus of this movement.

Solving the Challenges of Secure Remote Access
by Rob Smith, Steve Riley, Nathan Hill, Jeremy D’Hoinne. Gartner, March 2020. 

"Remote access VPN was thought of as a dying technology until COVID-19 changed the way people work."

International Data Corporation, May 2020

Helpful resources:

What is a software-defined perimeter?

Traditionally, remote workers have relied on a VPN to provide a safe, encrypted connection to corporate resources. But as the number of users has grown and the types of assets they access has changed, these legacy VPNs have become a liability. Even with multi-factor authentication (MFA) in place, older generation VPNs lack the ability to understand context, opening the door to anyone holding the correct credentials.

The answer, according to security experts, is to remove trust from the process. The concept of ‘zero trust’ was first coined in 2010 by John Kindervag, former Forrester Research analyst. As the concept gained popularity, it has become the basis for a new breed of tools that are ideal for a decentralized or remote workforce.

sdp-diagram1.png

A software-defined perimeter is a technology designed to create 1-1 connections between users and the resources that they need. It applies the principles of zero trust at its core. This is the idea that, by default, users are denied access until they can prove they are a legitimate user for that resource. It also embraces the concept of ‘least privilege’, meaning users only get access to the application they requested and nothing more – preventing any kind of lateral movement, because connections are to the resource, not the entire network.

sdp-diagram3.png

SDP solutions also go far beyond checking credentials too. SDP products vary in their architecture, but they will all make use of some kind of controller. This controller acts a bit like a context-aware decision maker. It gathers a variety of data, such as the application being used, the location of the device, the network it is connected to and much more. It then uses this realtime data to build a risk profile of each request, determining whether the user can access the resource based on the context of the moment. If that changes, access can be revoked. It’s an elegant way of ensuring users get what they need while reducing the attack surface of an organization.

The compelling driver for adoption is that it allows organizations to treat all of their resources equally, even for those resources hosted in the public cloud. With 84% of organizations migrating to the cloud according to the Verizon Mobile Security Index, SDP offers an innovative way of providing secure remote access in an increasingly cloud-based – and remote – workspace.

William O’Hern, Chief Security Officer at AT&T 

"With SDPs, a user is not required to figure out the method of access based on the context of where they are, what time of day it is, or what type of device they are using — the network takes care of this."

Organizations more likely to evaluate an SDP/ZTNA solution as a result of the COVID-19 lockdown: 

In the Gartner Market Guide for ZTNA, it draws attention to the idea that as organizations transition to remote work, “ZTNA has piqued the interest of organizations seeking a more flexible alternative to VPNs and those seeking more precise access and session control to applications located on-premises and in the cloud”. Adoption is growing, fast.

IT, network and security teams are finding that they need to work more closely together to ensure that they have greater visibility and control all the way to the edge of the network. In a June 2020 study, 80% of organizations responded that they were now more likely to evaluate an SDP or ZTNA solution due to their greater need for remote access. 

Helpful resources:

Why SDP/ZTNA?

The primary principles of SDP are clearly a more sophisticated and modern way to approach remote access in 2020 and beyond. The impact of COVID-19 is driving interest in the technology, with multiple business units seeing the benefits of SDP over more traditional approaches.

The benefits of SDP

  • Protect resources - applications for SaaS, on-prem or private cloud are protected from intruders and attacks, made ‘dark’ to outsiders

  • Treat access to all resources equally, regardless of where they are hosted, securely managing the transition to cloud

  • 1-1 connections between users and resources mean that lateral movement between applications is impossible

  • Protect users - with some SDPs, users are unable to access high-risk content – based on compliance, productivity and security concerns – no matter the network, and without requiring a VPN

  • Traffic is only secured when its needed, and frictionless when it isn’t

Reasons why organizations need SDP | visibility

Something that has come sharply into focus is the massive blind spot that companies face when it comes to securing remote workers. Employees sit in their homes, in hotels, in airports and in cafes, connecting to dozens of different networks. For most IT teams, it s almost impossible to get visibility into the devices, networks and activity of remote workers – certainly much less than when an employee is sat behind their desk in a company office.

In the NetMotion Secure Remote Access Survey conducted in June 2020, only 36% of IT and security leaders were satisfied with their visibility into remote workers.

Amount of visibility into remote workers by IT teams

With almost two-thirds of IT and security teams wanting more visibility, clearly there is a huge gap between where we are today, and where we need to be. This is why SDP technology, based on a zero trust architecture, is such a huge step forward.

SDP’s sophisticated, context-aware capabilities not only provide that missing visibility for security and IT teams, it allows for a much more granular and customizable set of policy controls that greatly improve the security of corporate assets.

In June 2020, NetMotion aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or bloc ed) URLs, otherwise known as risky content. The analysis revealed that over a one-month period, workers clicked on almost 12 risky URLS per workday on average, or a total of 59 per week.

Most common types of high risk URLs encountered
(count: 76,440)

When workers are at their desks in a typical office environment, they are connected to corporate networks, often completely unaware that several layers of technology (such as firewalls) are in place to protect them. If we assume that employees’ online habits have not drastically changed over the last six months, it is also safe to assume that these now-remote workers are frequently accessing risky content that would normally be blocked. As a result, security leaders need to look to SDP and other Secure Access Service Edge technologies that can provide web filtering on any network as they seek to evolve outdated network security strategies.

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software

64% of IT and security leaders are dissatisfied with their level of visibility into remote workers

Helpful resources:

policy-controls-diagram2.png

Compared with January 2020, remote workers faced a 49% increase in the number of risky URLs they face on a daily basis (as of June 2020)

Bot nets

Malware sites

Spam & adware

Phishing & fraud

Satisfied with level of visibility

Would like more visibility

Concerning lack of visibility

No visibility at all

Reasons why organizations need SDP | security

When it comes to securing remote access, it stands to reason that you can only protect what you can clearly see. The opposite is also true; where there is little visibility and oversight of employees’ activity, then the security risk increases. Not being able to get insights into what’s happening becomes a major security concern.

In June 2020, NetMotion conducted a survey of C-level executives, directors, managers and architects from across the security and IT landscape. Almost half consider the risk that remote workers are exposed to as being either high or extremely high. The overall picture is unmistakable – a full 97% of these security and IT leaders believe that remote workers are exposed to greater risk than traditional office workers.

Risk level that remote workers are exposed to compared with traditional office workers

In the same survey, security and IT leaders were asked what they considered to be the riskiest activity for their remote workers. Although things like shadow IT and accessing unknown or insecure Wi-Fi connections were also important, risky URLs were by far the greatest fear.

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software 2020

97% of security leaders consider remote workers as exposed to more risk than office workers

Organizations concerned by threats to remote workers

In a similar vein, the 2020 Verizon Mobile Security Report revealed that the average person connects to three insecure hotspots per day. In the same report, Symantec provided data showing that compared to the office environment, home internet connections were 0.7 times riskier, hotel connections were over 50 times riskier, and public Wi-Fi hotspots were a staggering 94.7 times riskier.

Mobile Security Report
Verizon 2020

42% of employees used at least one public file-sharing service, and on average, every organization uses six different file-sharing platforms

Helpful resources:

The employee experience matters

As more organizations evaluate the benefits of deploying an SDP solution over the coming months and years, there is one very important factor to consider – the employee experience (EX).

Organizations have traditionally been much better equipped to track customer engagement and experience than they have been at fostering a positive employee experience. As more attention is paid to understanding EX, these organizations are realizing the impact that it can have on their bottom line.

Employee experience pays dividends

There are so many moving parts to the employee experience. It starts at the hiring process and includes factors such as work environment and corporate culture, workload, colleagues, tools and more. An organization that manages these things well can reduce churn and reap the rewards of an engaged workforce. Managed poorly and it can quickly impact every aspect of the business negatively.

In an EX report created by NetMotion in 2019, companies actively investing in EX were found to enjoy an 18-point boost in net promoter score (NPS), an average of four times better profitability, and 1.5 times faster growth than their competitors.

Security without the burden of security

Most workers will agree that they simply want to be productive and get their jobs done. Today, however, the tools and applications that have worked best inside an office environment may not work for decentralized workforce. Likewise, the firewalls and other security infrastructure that protects office workers doesn’t extend well to remote workers. In the aforementioned EX report, NetMotion found that the most frustrating problems facing remote workers included network disconnects, cumbersome reauthentication processes, slow network speeds and difficulties accessing corporate networks

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software 2020

20% of mobile
workers list a restrictive
IT security policy as their most frustrating issue
at work

Even with fast home internet, remote workers often face frustrating network slowdowns, whether downloading data or when communicating with colleagues over video conferencing tools such as Microsoft Teams, WebEx or Zoom. The transition to remote work has not gone smoothly for many employees, with 89% reporting that they have experienced problems connecting to the data and applications they need while working from home.

The IT, security or network team planning an SDP deployment needs to consider the impact of any changes on EX. Any remote access solution will have an impact on the way employees interact with their colleagues and connect to data. A combination of the wrong tools or burdensome security restrictions can quickly lead to shadow IT and other risky behaviors. The goal should always be to improve the user experience.

Has working from home caused experience or connectivity issues for remote workers?

Yes, it's been very difficult

Yes, there have been some challenges

No, there have been no issues

The best SDP solutions avoid disruption

Disruption is the enemy of productivity. That’s why every IT administrator, security and network team approaches the evaluation of new products with justifiable caution. Despite many security vendors claiming that the VPN is dead, organizations can use VPN as a stepping stone to a software-defined perimeter solution that can grow with them as they evolve toward zero trust. This is a far easier way to adopt SDP than a complete rip-and-replace mentality.

The transition to SDP can take anywhere from a few months to a few years. The key takeaway is that the best solutions are ones that are virtually invisible to employees. They are OS, device and network agnostic. And they actually improve the employee experience with more reliable connectivity, rather than detracting from it. Working with employees to find the most suitable solution is a critical step in the journey that will benefit the entire organization for years to come.

Helpful resources:

Choosing between VPN, CASB and SDP/ZTNA

devices-deployment-diagram1.png

In June 2020, NetMotion surveyed 633 professionals employed in IT, network and security professions across the US, UK and Australia. The study found that 87% of organizations continue to make use of a corporate VPN. This number is expected to shrink to 45% over the next three years, instead of being entirely replaced by either cloud access security broker (CASB) or SDP solutions.

The migration to alternative solutions is taking place for a variety of reasons. The Verizon Mobile Security Index 2020 suggests that 84% of enterprises are increasing their reliance on the cloud. VPN technologies were originally designed for the era of on-premise applications and data, providing a way for remote workers to reach business resources when not physically connected to the corporate network. Both CASB and SDP offer an intelligent way of protecting enterprise data from unapproved access in the cloud, presenting a more attractive option for IT leaders than legacy VPNs. The questions for many organizations is not if to implement new remote access solutions but rather when and how.

Choosing between VPN, CASB and SDP/ZTNA
NetMotion Software 2020

87% of organizations are using a VPN in 2020. 45% of organizations will still be using a VPN by the end of 2023

The Gartner research “Solving the Challenges of Modern Remote Access” by Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne provides a framework for organizations seeking to move away from VPN and towards these new alternatives. It offers guidance for network professionals n selecting a new solution, including advice on how best to gather requirements and to test capabilities. The decision trees are exhaustive, and also cover topics such as virtualization, but can be distilled into a simple summary for
remote access.

Gartner's decision tree

decision-tree-png2.png

The reality is that the overwhelming majority of companies will need a combination of both VPN and SDP in the medium term. On-premise servers were still in place at 98% of organizations in 2019, according to Spiceworks. A NetMotion survey found the exact same figure to be true in 2020, also revealing that 75% of organizations had at least four on-premise applications in place. Requiring both a VPN and an SDP/ZTNA for the next few years is a sentiment repeated widely across the industry. Quadrant Knowledge Solutions puts it succinctly in its paper Market Insights: Software Defined perimeter (SDP) for Zero Trust Network Security, stating that “over the near-term, the majority of SDP deployments will co-exist with VPN to provide end-to-end access security.”

Number of on-premise corporate applications

It is clear that any organization still using a blend of different hosting options for its enterprise resources should use both a VPN and an SDP solution. Making the transition to the cloud is difficult, and IT departments need solutions that the business’s requirements today, with the ability to scale to meet the increasingly zero-trust-oriented needs of tomorrow. 

Using two disparate solutions for SDP and VPN can be potentially problematic – issues highlighted by Gartner as creating “policy duplication” or “technology overlaps.” To avoid this kind of unnecessary duplication and complication, IT and security leaders should look to vendors that can provide a single, cohesive platform for both solutions. The goal should be to eliminate the impact of these concerns and transition towards zero trust in a seamless way.

Helpful resources:

Summary

The objective of this report is to explain the core concepts of software-defined perimeters, outlining the key components and benefits behind their rapid market adoption in 2020. Those points are summarized below:

  • Software-defined perimeters offer a more intelligent way of providing secure remote access for an increasingly diverse workspace, using context to determine access permissions to single enterprise resources.

  • SDP solutions reduce the attack surface, prevent lateral movement and are a cloud-first method of applying the principles of zero trust to remote access.

  • IT and security leaders are attracted by the increased visibility and edge-based policy controls offered by some SDP vendors, with 97% concerned that remote workers are currently exposed to more risk than traditional office employees and only 36% satisfied with current visibility levels.

  • Employee experience must be central to any remote access strategy, with 89% of remote workers encountering connectivity or experience issues during the lockdown.

  • The SDP market is growing fast, with 80% of organizations more likely to evaluate the technology as a result of COVID-19 as they seek to evolve their broader VPN and remote access strategies.

  • Very few enterprises are ready to jettison their VPN altogether, with 98% still using at least one on-premise application and the majority still expecting to use a VPN in the coming years. Experts agree that there will be a lengthy transition period in which organizations use a VPN alongside an SDP as they manage the slow migration to the cloud and to universal zero trust policies.

Market Guide for Zero Trust Network Access (ZTNA)
by Steve Riley, Neil MacDonald and Lawrence Orans

"Although VPN replacement is a common driver for its adoption, ZTNAs rarely replace VPN completely."

Why NetMotion?

homepage-mockup.png

NetMotion SDP provides a more intelligent way to deliver secure remote access. The platform analyzes every unique request by remote workers, using dynamic, contextual data about each device, ultimately deciding whether to authorize access to enterprise resources. Unwanted and risky connections are blocked, meaning critical cloud and on-premise applications remain protected. The solution also provides full visibility and control into work devices, no matter which network they are connected to.

NetMotion is the only solution to provide both SDP and VPN in a single platform, helping organizations modernize their remote access strategies in a way that actively improves the user experience.

Methodology

This report includes data from three surveys conducted by NetMotion:

“Choosing between VPN, CASB and SDP/ZTNA”

*About this data: In June 2020, NetMotion surveyed 633 professionals employed in enterprise IT, network and security positions across the US, UK and Australia. Their responses revealed statistics such as current VPN usage (87%), and the percentage of organizations that expect to still be using a VPN in 2023 (45%).

The mobile employee experience report

*About this data: NetMotion conducted an anonymous survey in August, 2019, and received a total of 285 responses. The results of this survey were used to ascertain the top 10 things about the remote working experience that frustrated employees most.

Employees use of corporate-owned devices to stream YouTube and Netflix spikes as remote work persists

*About this data: An anonymous survey about streaming habits on corporate-owned devices was conducted in June, 2020. This survey returned results from more than 280 people who were working remotely at that time. The results of this survey were combined with anonymized information derived from NetMotion’s internal sources.

NetMotion finds that remote employees are dangerously exposed to risky content

*About the data: NetMotion aggregated data sourced from anonymized network traffic over a 30-day period from May 21st to June 19th, 2020. The search returned a pool of 76,440 URLs that are associated with flagged (or blocked) URLs, otherwise known as ‘risky content.’

Resources

More information

Contact us

For more information, please contact us or leave a message using this form.
Please enter your name
Please enter a correct e-mail address
Please enter a comment
Thank you! Your message has been sent.
Something went wrong while submitting the form. Try again.

Share this page

Forward this page by e-mail or share it directly on social media.