Cybersecurity strategies for years have been grounded in protecting the perimeter of the corporate network. Yet, as nearly every organization learned during the COVID-19 crisis, that perimeter no longer exists. Nearly all new software functionality is now deployed as a service (SaaS) that people access from a multitude of locations and devices. No company has the luxury of containing the enterprise IT environment within its four walls anymore.
The pandemic also exposed the limitations of virtual private networks, which enable remote access to secure computing resources. A VPN lets employees “tunnel” in through the corporate firewall using an encrypted connection that rides on top of the public internet. But during massive lockdowns, VPNs at many companies were overwhelmed by surges in demand that slowed traffic to a crawl. Even more alarming was when frustrated users disconnected from the VPN entirely to log in to their SaaS applications, thus bypassing any of the security controls and increasing the overall threat surface.
