Exit the VPN, Enter Zero Trust

In the category of “couldn’t have said it better if Shakespeare himself had a LinkedIn account 🎭”, ThreatLocker’s Rob Allen summed it up: “Turn off VPNs.”

That sentence sticks not because Rob loves controversy, but because he’s speaking from experience—and with some urgency. His message is simple: VPNs today are insecure by default and the risk they pose far outweighs the convenience they once provided. “Turn them off,” he says. And yes, he’s right. (CRN interview)

Rob was direct, and that’s what resonated. He also nailed the all-too-common excuse about patches: the old line, “If it ain’t broke, don’t fix it.” His retort? It is broke—that’s why patches exist. That printer you forgot to update? Pen testers have already compared it to a candy store for attackers. That’s the kind of security liability we can’t afford to ignore.

If this all feels eerily familiar, it’s because many organizations are sitting on the same foundation: a messy VPN web, a falsely trusted internal network, and a long tail of unpatched, forgotten assets. In my VPN Exposure Report 2025, I found that 91% of users log into a VPN at least once a week. That’s not usage. That’s addiction. And with addiction comes vulnerability—confidence in your security posture drops as dependency grows.

Historically, VPNs filled an essential gap. Remote access used to be rare. Today? It’s the norm. In hybrid, cloud-first environments, VPNs do more harm than help. Every connection opens the corporate network to the world. One stolen credential, and an attacker can often roam laterally across systems. Combine that with constant VPN performance issues and ticket escalations—you’ve got a serious operational burden coupled with an ever-expanding cyber-attack surface.

The bigger problem? VPNs hinge on a flawed assumption: that everything inside is safe. That notion died years ago. And yet we continue to prop up VPNs with patches and duct tape deployments. The real solution isn’t patching legacy plumbing—it’s rethinking access altogether.

Enter Zero Trust Network Access (ZTNA) under the broader Secure Service Edge (SSE) umbrella. ZTNA dismantles the whole “inside equals trusted” idea. Instead, it delivers what users actually need—access to specific applications—without giving them carte blanche to roam your network. Applications become the gatekeepers; your network becomes invisible. Least privilege becomes the new norm. The experience improves, the risks shrink… and that VPN client becomes a historical artifact.

This isn’t theory. In the VPN Exposure Report, I spotlighted data from HPE Aruba Networking’s SSE Adoption Reportthat quantifies the real gains organizations are already seeing. Early adopters are reporting 71–91% time savings, 40–78% reduction in breach risk, and 67–85% infrastructure cost cuts compared to those still clinging to VPNs. When the CFO looks at those numbers, they sit up. And when the CISO looks at them? They can finally pivot strategies.

Still, you know how Zero Trust messaging goes—“Buy this, solve everything.” But that's not how it works. You build Zero Trust. One step at a time. And you demo the value quickly. So pick a tight, high-value use case—third-party access, BI applications, developer hubs. Build a ZTNA gateway that doesn’t extend the network but grants tiny, auditable hall passes to exactly the right apps. Track the drop in support tickets, the tightening of lateral exposure. Rinse and repeat.

Little by little, the VPN fades—stops being daily drudgery, and starts being a footnote in your architecture. Users get reliability. Security gets clarity. Cost gets optimized. Visibility gets enhanced. Your CISO’s dreams start lining up with reality.

At that point, referring back to Rob Allen’s CRN interview isn’t hypothetical—it’s validation. Teams around you have moved on. Attackers are circling weaker environments. And “quiet,” efficient access is now an outcome, not a pipe dream.

So yes—turn off your VPNs. Intelligently, incrementally, strategically. Replace network-based trust with resource-based authorization. Make your network vanish to outsiders. Let access be invisible to users. As Shakespeare might remark… if he had a LinkedIn account:

Exit, VPN. Enter, Zero Trust.