The VPN Paradox

February 2, 2024

Author

2 minutes to read

Share this post:

This post was originally part of my newsletter. I am making it available here as an archive so that it is also accessible to readers of my blog.

Hi,

Especially in software development, many people work who are particularly good at abstraction and objective consideration of problems and questions.

It’s in the nature of the thing. It’s our job to thoroughly understand a problem in detail. And the solutions always require weighing the pros and cons.

But there are always problems and habits that have become entrenched in our industry that, objectively viewed, make no sense.

Our use of VPNs is ambivalent

In many companies, especially with my clients in the mid-sized sector, their own software is not operated in the cloud. The hardware is in the basement. And there’s always a team responsible for the infrastructure. So, for its security as well. The team’s goal: to offer as little attack surface as possible.

And, of course, the easiest way to do this is to lock down the entire network. Naturally, you have to somehow gain access for development.

So, a VPN is quickly set up.

Every developer, therefore, gets an account. Everyone installs a client. And the VPN is made as tight as possible. Every few weeks, a new firewall rule is introduced and it’s checked to see if anyone screams. Over time, inconveniences creep in. Some websites don’t work properly when you’re in the VPN. But well - you can always disconnect. It’s not worth opening an IT ticket for that.

At the same time, of course, there is a production environment. And, of course, it has to be publicly accessible. Otherwise, it would have no value. And, of course, production has the most valuable data. The customer data.

This is ambivalent. It makes no sense.

In this sense.

Rule the Backend,

~ Marcus