* By Luis Banhara
The level of organizational adrenaline is starting to stabilize. Companies were challenged by the COVID-19 crisis to find new ways to serve their employees with telecommuting, providing the connectivity infrastructure that was initially available. Now, when companies enter the post-pandemic future, they need to find a balance between what worked well before and what still needs to be implemented to succeed within a new long-term reality. One thing is certain, the pandemic imposed some movements in relation to technology, among them, the main one is the definitive path to Digital Transformation.
In the outbreak of the coronavirus, according to Atlas VPN, there was an increase of about 124% in the use of this technology of virtual private network (VPN) during only two weeks of the month of March, in the United States. And this technology has expanded globally by, in principle, promoting a secure connection between the user at home and the server on which he will access.
Historically, VPN was created to meet the need for remote access on a temporary basis, not being the best solution for remote work in 100% of time for a long period. The VPN is an alternative for a group of users, but adopting the tool to all employees or large groups, can cause negative impacts for the company.
To have a well-implemented and secure VPN, you need to have certificates, multiple authentication factors, device compliance, etc. All of these requirements compromise the employee's experience and can often be costly. In this sense, many companies end up adopting the VPN in an incomplete or deficient way, resulting in a “virtual tunnel” with little security, low cost and bad user experience.
When we factor in the necessary investments and demands, other more suitable options appear to deliver not only security, but also the performance of accessing applications, data, information and all the well-being of the user at home. This includes the entire work environment with a complete toolbox and not just one (VPN) to solve all your needs.
By promoting the concept that it connects a computer to an intermediary server, which will be responsible for encryption and will bridge the gap between the user and the Internet, this modality points to a safe path - which is often not enough to guarantee security. Although the data may be encrypted and protected from the prying eyes of cybercriminals, it does not mean that you are protected from malware, keyloggers and ransomware.
It is important to note that VPNs are not antivirus or firewalls, nor do they prevent the risks to which a careless user may be exposed digitally. There is no point in maintaining clean environments on one side of the ledge if we send dirt through an end-to-end tunnel. It would be like leaving home and not washing your hands when you return.
The virtual private network can bring benefits in the short term, and see that this "short" today is about days, but it can return on an exponential scale of disadvantage in the long run. With a focus on security, we see the following challenges for companies in relation to VPN:
• Unrestricted access from non-corporate devices;
• Complexity in security synchronization between VPN infrastructure and data center;
• Violations of user or even administrator privilege levels;
• Malware running in a secure tunnel;
• Files saved locally without compliance (LGPD has been postponed, not canceled).
The employee's experience will count a lot for productivity and continuity of operations, as the employee dissatisfied with a solution will change the defined route. As a result, we have the old shadow IT BYOD and BYOA acquaintances, the famous “jeitinho”. This expands the attack surface and creates dark spots, out of reach of security management.
It will be necessary to think about granular security, in each user, quality and access to the application, environment and performance. More than ever, it will be necessary to have visibility over the entire infrastructure and the digital ecosystem. It is time to preserve mainly two of an organization's main assets: employees and data. After all, the future is not what we imagined it would be - a few months ago.
* Luis Banhara is general director of Citrix in Brazil
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
