_CORE
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies Blog Know-how Tools
About Collaboration Careers
CS EN
Let's talk

From VPN to Zero Trust — Security in the Remote Work Era

14. 05. 2020 1 min read CORE SYSTEMSdevelopment

Two months of remote work revealed a fundamental problem: VPN creates a false sense of security. Once a user connects, they have access to everything. Zero Trust flips this model: never trust, always verify.

The Problem with VPN

VPN works on the principle: outside is dangerous, inside is safe. But 150 laptops connected from home networks, where IoT devices hang on Wi-Fi and the router has firmware from 2017 — that’s a security team’s nightmare. If an attacker gets inside, they have access to everything.

Zero Trust Principles

  • Identity is the new perimeter — access based on identity, not IP address
  • Least privilege — minimum necessary permissions
  • Continuous verification — verification with every request
  • Device trust — devices must meet security policies

Identity-Aware Proxy

We deployed OAuth2 Proxy for internal web applications. Instead of VPN → app, we introduced reverse proxy with Azure AD authentication. The user logs in via SSO, the proxy verifies group membership and only then allows the request through.

Microsegmentation

We created isolated network segments — dev separated from production, databases accessible only from app servers, CI/CD isolated. Transition between segments requires explicit permission. An attacker in one segment cannot reach the others.

Legacy Applications — The Biggest Challenge

An internal system from 2008 doesn’t support SAML or OIDC. Solution: reverse proxy with header-based authentication. It’s not elegant, but it works. Zero Trust isn’t a quarterly project — it’s a journey, application by application.

VPN Won’t Die Overnight

Zero Trust is a gradual journey. But the direction is clear: the future of security lies in identity, not perimeter.

zero trustvpnsecuritybeyondcorp
Share:

CORE SYSTEMS

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Need help with implementation?

Our experts can help with design, implementation, and operations. From architecture to production.

Contact us