top of page

The difference between sayTRUST VPSC and traditional VPN technologies

sayTRUST VPSC (Virtual Protected Secure Communication) and classic VPN technologies both serve to establish secure connections to corporate networks, especially for remote workers or access from external locations. However, there are significant differences in their architecture, security approach and associated benefits.

Greenhats.png

sayTRUST VPSC ZeroTrust

sayTRUST VPSC is what is known as a ‘zero trust client access’ solution. Instead of establishing a network-to-network connection, VPSC focuses on secure access to individual applications. No classic VPN tunnel in the traditional sense is established.

Application level instead of network level: VPSC works at the application level. This means that the encrypted tunnel is established directly from the client's working memory for individual applications. Unauthorised applications cannot establish a connection.

‘Zero Trust’ principle: The central principle of sayTRUST VPSC is Zero Trust, which means: Trust no one, verify everything. Every access attempt, whether from inside or outside the network, is strictly verified before it is granted.

Multi-level security concept (e.g. 8 levels with sayTEC):


Strong authentication: Biometric methods, PIN entries and external microprocessors (e.g. via special USB sticks) are often used for authentication. This eliminates the risk of stolen access data.

 

No software/access data on the client PC: A major advantage is that no software or access data needs to be installed or stored on the client PC. The solution works from the working memory without leaving any traces, often via a special access device (e.g. USB stick).

 

Isolation of the home network: There is no interaction between the user's home network and the company network. This prevents potential threats from the private environment from entering the company network.

 

Server-based access control: Permissions can be defined very granularly on the server, depending on the employee's area of responsibility.

Defence in depth: A multi-layered security strategy that includes various barriers that must all be successfully passed before access is granted.

 

Easy handling and installation: sayTRUST VPSC is often installation-free on the end device and offers plug-and-play functionality, which significantly reduces the administrative effort.

Reduced attack surface: Since only the required applications and data are exposed and there is no complete network integration, the potential attack surface is significantly smaller.

In short, while a classic VPN acts as a kind of ‘virtual door opener’ to the entire corporate network, sayTRUST VPSC functions more like a ‘virtual gatekeeper’ that only allows access to the resources that the user needs at that moment, and does so under the strictest security measures that take effect even before the actual connection is established.

 

This makes VPSC a potentially more secure and flexible solution for modern working environments, especially in the context of home offices and mobile working.

Classic VPN technologies (Virtual Private Network)

A classic VPN creates a ‘tunnel’ via a public network (such as the Internet) to a private network. The end device (e.g. laptop in a home office) effectively becomes part of the company network. All data traffic from the end device is routed through this tunnel.

 

Network-to-network connection: The key point is that the VPN establishes a network-to-network connection. Once the VPN tunnel is established, the end device usually has access to all resources in the company network, as if it were physically connected in the office.

 

Security vulnerabilities:

 

Attack surface: Since the end device is fully integrated into the company network, the attack surface increases. If the end device is compromised (e.g. by malware), the threat can spread relatively easily throughout the entire company network.

 

Man-in-the-middle attacks: Some VPN solutions may have vulnerabilities that allow attackers to infiltrate communications and eavesdrop on or manipulate them.

 

Stored access data: Access data is often stored on the end device, which poses a security risk if the device falls into the wrong hands or the attacker gains access to the end device.

 

Trust in the end device: The classic VPN trusts the user's end device as soon as the connection is established. There is no continuous verification of the device status.

 

Administration: Complex, especially when integrating software on client systems or requiring proprietary hardware.

 

Performance: Classic VPN connections sometimes suffer from slow performance.

bottom of page