Hey everyone! I'm curious about how different workplaces are handling endpoint security these days. My company is currently testing out compliance policies that require a VPN to access our corporate systems like Email, SharePoint, and Teams. While the reasoning behind this is valid—especially since many staff members are remote or traveling—we're encountering some issues like dropped connections when switching between mobile data and WiFi, along with battery drain and loss of some functionality.
I'd love to know if any of you are still using VPNs, have transitioned to a zero trust model, or are using split tunneling? It seems like VPNs might be becoming outdated, yet we still have quite a few traditional data centers and IaaS systems that would need a comprehensive overhaul to fully adopt a zero trust approach. What are your thoughts? Thanks in advance!
5 Answers
It all comes down to your specific corporate systems and security needs. Technologies like MASQUE and Oblivious HTTP can help push towards zero trust architecture effectively. Just make sure you maintain proper certificate usage for secure endpoints!
We use Prisma Access to enforce an always-on VPN, which means no Internet without it. This allows us to maintain SSL decrypt and web filtering wherever employees are. While we still operate a lot of on-prem data, we are gradually moving to cloud solutions.
There’s definitely a lot to unpack regarding zero trust in network setups. These days, you don’t need to VPN everything; it's outdated thinking. You need traffic inspection capabilities instead, possibly with a CASB or robust firewall. Authentication should be device-bound using MDMs and enforcing MFA. As for VPNs, focus on choosing systems that allow for selective traffic management. It’s still an important piece but doesn't have to funnel everything through it.
Using a VPN for services like M365 seems like a bandwidth sink that doesn't offer much security benefit. We still have a VPN in place, but many of our users skip it when accessing cloud systems. Investing in something like Duo for MFA might be a smarter move instead.
Have you checked out Microsoft Entra Global Access? It offers Microsoft 365 tunneling and links to conditional access, serving as a straightforward alternative to traditional VPN setups. It really simplified things for us once it rolled out.
Yes! The M365 Traffic Profile with Entra is super helpful. It’s perfect for managing access to Mail, SharePoint, and Teams along with conditional access.
Exactly! A split tunnel VPN lets us keep private networking for certain needs while relying on strong authentication and endpoint checks for M365. It's all about minimizing vulnerabilities.