Hacker News new | past | comments | ask | show | jobs | submit login

You're ignoring the reality that most enterprise software is a tire fire (from a security standpoint) and that it's not feasible to secure hundreds (or even dozens!) of enterprise apps.

VPN's are the enabler that ensures status quo remains.

I agree — band-aids aren't per-se a bad thing. However, a VPN isn't the ideal end state. Even if you can't modify the underlying application, the goal should be "wrap in a reverse-proxy that handles authn / some-amount-of-authz so you can minimise the risk".

VPNs handle network security, but don't protect you against an attacker able to compromise an endpoint in your corporate environment.

Can you propose an alternative solution?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact