Transforming Vulnerable VPNs with Zero Trust Security in 2025 is Sound Cyber Strategy

As the world becomes more connected and cyber villains get smarter, networks for remote operators are fair game to threats and cyber risks. Chief Technology Officers (CTOs), Chief Information Officers (CIOs), and Chief Information Security Officers (CISOs) are tasked to protect data, people, and reputations. Here, we explore why VPNs come up short while zero trust puts you ahead. CTOs, CIOs, and CISOs, you are the cyber watchdogs of your organizations, so this message is for you. In a previous blog written for C-suite leaders, we established that VPNs can come up short for keeping internal networks, including machinery, control systems, and databases, secure from the increasingly savvy hacker. Why does this matter? When we talk about the internet of things (IoT) today, everything is connected to the internet, from your watch or phone to thousands of business assets like machinery, sensors, and industrial equipment. With only a VPN standing guard, a hacker can get into your network through your facility’s smart thermostat (lest we forget the casino fish tank data hack of 2017). For decades, FreeWave has provided industrial IoT solutions for companies in oil and gas, agriculture, mining, water treatment, and other remote industries, to help them overcome a variety of network productivity issues and give them peace of mind that the health of their network – and the assets connected to it – is robust and secure. We believe, whether it’s working with our channel partners or adding our equipment to an OEM’s solution, that there are four essential security outcomes companies investing in IIoT should strive for: Secure remote monitoring and data management Automated, decisive response to threats No to low network vulnerabilities Cost savings compared to traditional VPN-based security Decommissioning a VPN as a primary source of cybersecurity in favor of zero trust network access (ZTNA) creates a stealthier, easier-to-use framework to detect and deflect cyber-attacks. Cybersecurity in the Wild West It is widely understood that Europe has continuously been five to 10 years ahead of the United States when it comes to cybersecurity. This is because the United States is like the freewheeling wild west. Cyber attacks cost companies billions of dollars. In IBM’s Cost of a Data Breach report for 2024, companies averaged a loss of $4.88 million, which is a 10% increase over 2023. More specifically to VPNs, the 2024 ThreatLabz VPN Risk Report published by Zscaler says that 78% of organizations plan to implement a zero trust strategy in the next 12 months with 91% of respondents concerned that VPNs will lead to a “compromising breach.” The survey says top threats to VPN vulnerabilities are ransomware (42%), other types of malware (35%), and DDoS (distributed denial-of-service which are attempts to overwhelm a server or network) attacks (30%). The findings make sense. Let’s say you notice nefarious traffic going across your network and you realize it is a former employee who still has access because their VPN credentials were not completely shut off. Even after you took their computer, they were able to go to their own computer, fire up a VPN and use their credentials to get into your network. VPNs are like a house – once you’re in, you’re in. Now you are faced with spending valuable time dealing with this behavior and any resulting damage. In contrast, a zero trust network promptly and fully blocks attackers from any access in the first place, making your job of monitoring considerably easier. As a tech leader, imagine what that level of security could do for your peace of mind as well as your company’s risk landscape. Zero trust is not new, but it has evolved. It was first coined in 2010 to protect enterprise networks, cloud networks, and basic IT networks. Two obstacles to zero trust are based on dangerous assumptions. One is that, while cyber attacks happen every day, they won’t happen to you. The other is that upgrading to ZTNA is too costly. If you’d like to explore why both are myths, give us a holler. To protect your data and network, start exploring the lowest level of your system and work from there. These questions are a good start to finding and closing vulnerabilities. What are your highest priority assets to protect? How will you handle encryption across diverse environments? Are you buying devices designed to implement zero trust? Are you buying network routers that are better suited for zero trust enablement? Are you developing edge networks with zero trust architecture to prevent people from plugging into an ethernet port on your network and destroying the site? What would be the potential harm to the business if your data and network were compromised? If you don’t have answers to all these questions, take heart. FreeWave has the capacity to interface with companies on their third-party applications that are not zero trust enabled. We manage this through what we call a “demilitarization zone,” where we have an unsecure system and a secure system and we match them together and know that the unsecure system is authenticated. We set up the entire network to avoid potential threats. Many remote, industrial operations have multiple locations to manage. A company with 10,000 sites – what we call the Razor’s Edge© where the data lives – would otherwise have to send its IT techs out to every site to implement a security platform. That means work, time, and expense. FreeWave is simplifying IIoT data by developing an easier pathway to zero trust on edge networks. Imagine sending a zero trust enabled device out to each site, installed on a network in minutes, while protecting said network down to the desired granular level. In the world of devices, the idea that a device can be designed and manufactured so that it is zero trust secured as it comes off the production line has been getting a lot of traction over the last five years. This approach is miles ahead compared to when VPNs were first introduced. You can always tap into FreeWave’s
Why Choosing Zero Trust Network Access Over Virtual Private Networks is a C-Suite Decision

You’re leading the company. Why do you need to care about your business’ network security approach? The answer comes from something all too familiar: the accelerated rate of change – and the quest by modern leaders to build a resilient company. PwC describes today as the “age of continuous reinvention” in its 27th Annual Global CEO Survey report. One of the most startling findings is that 45% of CEOs do not believe their company will be viable in 10 years if it stays on the current path. Part of the challenge is knowing what could take your company down. Cybersecurity vulnerabilities at the network level is on the list. PwC’s report shows that CEOs who believe their organization is viable for more than 10 years perceive inflation (21%) and cyber risks (21%) as top threats with macroeconomic volatility (20%) just a half-step behind. As chief technology officer for FreeWave, part of my role is to find weak spots in a network connected to the industrial internet of things (IIoT). I talk to many senior leaders from companies in the oil and gas, agriculture, mining, water treatment and other remote industries. What’s the number one pushback I run into? They tell me they use virtual private networks (VPNs). I call this “pushback” because, at FreeWave, we don’t let VPNs into our data platform. At their most basic level, VPNs are used to create a secure connection between a user’s device and the VPN server. Through that connection, data is encrypted, and a user’s IP address is hidden. As a result, VPNs can allow remote users to securely access internal networks, including machinery, control systems, and databases. For those who may not be familiar with a VPN (although we’ve all probably used one at some point), here’s a simple analogy. Think of a VPN as a tunnel buried far below intersecting highways. One end of the tunnel is an IIoT device and the other end is the server. Your car (let’s make it a Maserati, while we’re at it) is a data packet. Instead of traveling across potentially dangerous highways where threats abound (a malicious attempt to steal your Italian beauty and hold it for ransom, as an example), you take the tunnel built just for you and other authorized drivers you trust. The challenge today is that the tunnel is no longer safe. Why Are VPNs Insecure? Technology ages faster than a male tsetse fly. Our tiny-winged friends hit their teenage years by week two or so. In contrast, technology ages by the nanosecond. I think the reason why many people use VPNs is the same reason hackers infiltrate them so easily. VPNs are old technology. They have long been the go-to solution for providing remote access to industrial control systems (ICS) and other critical infrastructure. They were born during the rise of the internet late last century. One solution begets other problems. The world wide web went from 3 million to 16 million users between 1990 and 1995 (today, there are 5.45 billion users, around 67% of the population). As a result, a group led by Microsoft sought a solution to growing security concerns. That’s how VPNs were born. To be fair, there are ways to make VPNs secure, but the enormous expense doesn’t make financial sense for most companies. Here are three reasons why VPNs cause concerns when protecting an IIoT network: VPNs have outdated authentication models. Username and a password is all you need. I can get into a VPN easily. VPNs are a single point of failure. If something goes wrong with the server, you can’t get in. If I’m a hacker, the best way to take down every remote access in the world is to take down the VPN server. VPNs are hard to monitor. The actual traffic on the network makes it hard to identify nefarious activity flying across it. Let’s say you have this machine on the edge (edge is simply the source of where your data is – this might be where oil is drilled in upstream oil and gas, for example). The data is being processed on that machine (edge computing) and is connected to the corporate network via a VPN. A disgruntled employee leaving the company can sit in their car and use their username and password to access the device through a cellular system. What is the potential damage? In 2020, several prominent VPNs experienced critical vulnerabilities that allowed attackers to bypass encryption and access systems. The Colonial Pipeline attack, for example, was traced back to a legacy VPN, according to then CEO Joseph Blount. The East Coast company paid hackers $4.4 million to restore service quickly. VPNs create easy targets. Once you’re in, you have free rein to do what you want. Solving the Challenge to Scale Network Security A report by McKinsey and Company predicts 50 billion devices will be connected to the IIoT by 2025. The pace of change, according to the report, has increased tenfold. This means the risks and insecurities behind VPNs for organizations, especially remote industrial leaders, are rising. I talked to a large agricultural company recently that uses a VPN. Here’s how the conversation went: Them: How can we add 20,000 sites to our system? Me: We’d have to add 20,000 VPNs. Them: Wait, what? Me: It’s really difficult. VPNs are hard to scale. One VPN is one thing, but many VPNs are a nightmare. We believe a better way to secure a network is to use Zero Trust Network Access (ZTNA). ZTNA creates a network fabric using the principle of least privilege access (PoLP). The premise: trust no one. Each user accesses only the data they need. See how the lens flips from inside out to outside in? In a ZTNA, each user has a policy. This means they are authenticated for access to specific areas. The disgruntled employee mentioned earlier? They cannot go anywhere in the fabric without authorization. Even better, that user’s access can be easily removed or revoked. Ever
The #1 Strategy Remote Industrial Operators Need to Win the AI Race

From the inaugural Olympics in 776 B.C. until today, one thing has remained the same: athletes bring gritty, physical prowess to their chosen sport – and the human desire for excellence. Of course, other things like culture, fashion, and technology have changed dramatically (thankfully, since athletes in the first Olympics competed naked!). In the Olympic Games Paris 2024, one game changer is the role of artificial intelligence (AI). Remote industrial operators looking to scale business value and improve decision-making through edge data, take note: the Olympics, watched by 3 billion people from around the world, is deploying AI to improve future performance of their event. According to an article published by the International Olympic Committee (IOC), AI and digital twinning are being used as an efficiency booster for future Olympic games – from energy consumption to identifying the best places to place cameras and power sources. “The expectation for a lot of people is ‘I’ll just AI it.’ It’s like a magic wand.” One thing AI demands is historical data. This is why we are so passionate about industrial operators owning their data. Without data ownership, it’s a false start when using large language models to train and leverage AI algorithms. In the article entitled “AI and Tech Innovations at Paris 2024: A Game Changer in Sport,” Ilario Corna, the IOC’s chief technology officer said, “We started gathering various operational data as far back as 2020, to look at how we can make the management of the Olympic Games more efficient.” Ryan Treece, global business development manager – data platform & AI solutions at FreeWave, has seen AI evolve over the past decade. He says companies that don’t give customers rights to their data are putting them at a disadvantage. “The thing is that those who own their data will eventually win because they can use it while others will start from zero.” Catching up over time, he points out, becomes increasingly difficult as competitors advance. Companies that secure data ownership today are the ones who will lead tomorrow or, in Olympic terms, will earn gold in the AI race. That’s one reason FreeWave drafted the IIoT Bill of Rights (data governance is amendment one) – as a way for remote industrial operators to leverage technology for future growth and opportunities. Importance of Data Ownership in the Age of AI Owning your data is not just a competitive advantage; it’s a necessity. “There are a lot of AI solution providers,” Ryan explains. “The expectation for a lot of people is ‘I’ll just AI it.’ It’s like a magic wand. Look into the future, though, and ask: What do vendors like? Reliance on their systems.” Ryan says there is no one “mega-solution” out there to solve every problem, but, if there’s one thing he hopes industrial operators know it’s that data ownership means leveraging your data for operational and business performance. “We’re targeting predictive maintenance to prevent machines from going down, reduce fuel waste just to see if a machine is running dozens or even hundreds of miles away, and increase efficiencies so people are not wasting time and energy resources. Data creates long-time success.” Just as the IOC is using AI to create more efficiency in the future, he says understanding data over time enables industrial operators to continuously improve. While still under development, FreeWave is building its AI solutions around domain expertise. Through its FreeWave® Insights™ data platform, it’s connecting decision-makers with data at the edge via sensor technology, pulling in SCADA system data as well. He cites vibration tension sensors as an example. If a rotating asset like a bearing, for example, wobbles, an alert is sent to a single pane of glass – a dashboard connected to the Insights data platform. From there, a technician can add the issue to his planning schedule. Ryan shares the story of when he lived in Michigan. An automotive manufacturer that made panels, a “tier one supplier” in the industry, didn’t have the budget to climate control the entire building. In hot, humid weather, the adhesive failed. Since variables change over time, he says, IIoT solved the problem. “Vibration and temperature data from sensors showed the numbers going up and down. Historical data tells us to change the adhesive or turn up the AC or ramp up the climate control when needed. The manufacturer and its solution providers knew what knobs to turn by identifying trends in a specific period.” That’s why, he says, data ownership is so important. Without data, AI becomes impossible. Solve – and Simplify – Operational Problems “We’re working on solutions that reduce the tech stack and address specific problems like predictive maintenance and trends analysis of sensor data,” said Ryan. “When I’m thinking data, I’m thinking of a huge Excel spreadsheet.” Real-time monitoring of temperature, vibration, or water levels, for example, are important variables for industrial leaders: oil and gas producers with fields in remote or rural areas, large-scale agricultural operations with water pump stations dotting thousands of acres, or public and municipal providers with aging infrastructure in need of robust, remote network strength. These are places, Ryan says, that pose a risk for people to perform daily or weekly monitoring. Ryan points to his hometown of Austin, Texas, where the energy grid is unreliable, especially during hurricane season or super hot summer months. The panels on the grid can overheat. Alerts notify engineers to replace components before problems start. Rather than react, alerts and predictive maintenance reduce downtime. Another example he gives is California where water is a precious commodity. Knowing humidity levels, soil moisture, and water consumption allows agriculturalists to invest minimal resources for better outcomes. AI, he says, optimizes sensor data locally, at the edge, by providing analyses crucial to decision-makers. Failure-Proofing Connectivity Keeps Data in Play Oftentimes, industrial operators don’t have ready access to cellular or Wi-Fi, however, satellite is an optimal solution for areas with questionable coverage and those wanting a strong back-up connection. Pairing satellite with the FreeWave cloud-based Insights platform-as-a-service
Industrial Operators – You Own Your Data and Then Some

July here in the states is painted red, white, and blue. It’s a time when freedom becomes front and center. We are grateful for our young country. We remember the Founding Fathers and the sacrifices they made. We recognize, if only for a moment, our collective pride. No matter your country of origin, those who came before were brave enough to make a path toward a future with greater freedom. This got us thinking (after all, we do have “free” in our company name!). What does freedom mean when it comes to data? What does freedom mean for remote network industry leaders? Freedom means access to your data. Freedom means ownership of your data. Freedom means visualizing operations through real-time data. Data, in a sense, renders the freedom to take action, make informed decisions, and realize greater business value at scale. At FreeWave, we pledge to make IIoT data a freedom all remote industrial leaders can enjoy. Freedom gives way to growth, learning, and success. For more than 30 years, we have believed in the power of data. Data impacts decisions, business value, and, most importantly, the very future and safety of real people and our planet. Henceforth (to borrow from our Founding Fathers’ lingo), we’ve taken the liberty to create the first-ever industrial internet of things (IIoT) Bill of Rights. This is more than a list of nice-to-haves, they are must-haves for remote industrial operators of every size and industry. The IIoT Bill of Rights is our position on data governance and data democratization. It addresses global reach – that a remote industrial operator can be anywhere in the world and know what’s happening within their operations no matter how far they are spread out and what environmental conditions surround them. We believe a secure cloud environment is the right of every remote industrial leader. Zero Trust Security is not a privilege of a few, but the mainstay of many. Data should be kept safe, no questions asked. We also champion continuous connectivity. This comes by way of unlimited, high-speed, affordable satellite connectivity for all. To round our IIoT Bill of Rights, we lean into one of our four core values: Be a simplifier. This means that IIoT data solutions should be easy, plug-and-play deployments. No hair-pulling. No head-scratching. No unnecessary downtime. Instead: Open box. Power on. Get Data. This means fast deployment because uptime is one of the biggest freedoms IIoT data enables. Data inspires greater uptime because you have knowledge at your fingertips to make amazing decisions that keep operations running smoothly, all while keeping people safer. Another IIoT Bill of Rights amendment calls for cross-translation of protocols so that remote industrial companies can transform existing SCADA networks into data racetracks that carry more data, faster. Cross-translation allows different edge or SCADA protocols on the edge, SCADA, and even devices that speak different protocols to communicate. This is how industrial leaders can unleash the full power of an IIoT network infrastructure. The last amendment is AI readiness – because those who own their data will win the AI race. To see FreeWave’s full IIoT Bill of Rights, read our position paper. Working with our expert technical staff at FreeWave and experienced channel partners to solve your biggest wireless and edge computing challenges, you leverage the full solution for IoT connectivity that includes the FreeWave Insights™ data platform-as-a-service, satellite service connectivity (we’re a Connectivity Wholesale Partner in Viasat’s ELEVATE program), our portfolio of rugged connected devices, and satellite-connected devices (we’re a Global Authorized Reseller of ORBCOMM). If you’re passionate about bringing meaningful technology solutions to remote industrial companies, join us as a channel partner. If you’re a remote operator looking to scale business value leveraging your IIoT data, contact us here. We’re making a path to a future where data serves industrial operators in measurable and positive ways. Let’s do it together.