Usually, when it comes to data security, everything is fine—until it isn’t. Last week, the Cybersecurity and Infrastructure Security Agency released warnings about alarming vulnerabilities in enterprise VPN applications from big names like Cisco and Palo Alto Networks. Gaps were exposed that can allow users’ authentication tokens to be stolen, giving hackers full access to networks by impersonating compromised users. Some vendors have released patches, but others such as F5 Networks have acknowledged the complexity of the situation and marked the security hole as a “known issue” and recommended implementing 2-factor authentication as a temporary workaround.
These revelations highlight unnerving faults in security for technologies that are used and trusted by millions every day. It also illustrates the dangers of a mix-and-match security strategy versus an end-to-end solution. VPNs are assumed to be safe, especially when associated with large brand name providers. However, VPNs only protect data in transit and do nothing to protect data at rest. This proved to be its Achilles heel in this latest report. What happened specifically was that authentication tokens were stored “at-rest” on client devices connected to the VPN. If the client computer is compromised by malware or some other attack, those tokens are now vulnerable, thus rendering the VPN’s protections void.
Another issue with VPN technology is that the software for the VPN runs on devices that are, by their very nature, vulnerable as they are directly exposed to the Internet on a continual basis. VPNs run on firewalls and other attached appliances, acting as a gatekeeper to internal network resources, but these mobile networking devices are exposed to public Internet 24/7 offering an open invitation for hackers to constantly attempt new attacks. If under the relentless onslaught of attacks, those network devices are compromised in some way, and the VPN again loses its ability to protect network traffic.
The vulnerabilities inherent in VPN technology render its security on par with that of a hotel safe, fine for some things, but nothing that a crafty burglar or sledgehammer can’t get around to access high value applications. This all exposes a glaring need for an end-to-end security strategy that protects both data-at-rest AND data in transit as a cohesive unit. This is the reason SyncDog’s Secure.Systems containers are so important. They offer a single solution that protects data-at-rest, as well as data in transit, combined into a single environment. What this means is that even if a client mobile device is compromised – a hacker or malware has access to the contents and information on the device – the data inside the container is still encrypted, secure and inaccessible to unauthorized uses. They simply cannot get to the data that they are looking for. Because there are no authentication tokens to obtain, no containerized data can be read. And like a VPN, it also protects data in transit allowing safeguarded access to internal network data without the security compromises of a VPN.
SyncDog’s Secure.Systems network infrastructure only exposes a relay server to the Internet, which only handles encrypted packets from client containers. Even if the relay was compromised, the only data passing through it is encrypted and unreadable. SyncDog’s Secure.Systems networking design only decrypts data on special transport servers that are not exposed to the Internet, ensuring end-to-end security from the client device through to servers and internal network resources. Finally, unlike a VPN, data never leaves the Secure.Systems ecosystem, ensuring protection across all endpoints at all times. The data is safe.
Mobile device usage continues to expand at a remarkable rate and accordingly the amount of data being accessed is expanding proportionately. Trying to reverse this trend is unthinkable, so the only answer is to ensure that data is secure with a single end-to-end solution that encrypts the data both in transit and at-rest. SyncDog’s Secure.Systems is a next generation approach to mobile security that safeguards corporate or sensitive data through its entire access and utilization lifecycle. Come check us out at www.SyncDog.comor try it for yourself by clicking here: https://mmc.secure.systems/SignUp