I've Been Using the Same VPN Client for 15 Years - Here's What That Says About Enterprise IT
This wouldn’t bother me if everything else at work felt equally frozen in time. But it doesn’t. My company has passkeys, AI assistants, and we even ditched BitBucket for our own homegrown Git solution last year. We’re not afraid of technical risk or building custom tools. So why does my most critical daily interaction with company infrastructure feel like digital archaeology?
The Innovation Paradox
My company isn’t some risk-averse dinosaur. We’ve migrated to cloud-native everything, implemented zero-trust authentication, and our security team was ahead of the curve on passwordless login. The engineering org has the appetite and budget for ambitious technical projects - the kind that make other companies nervous.
Yet somehow, VPN infrastructure remains completely untouched. It’s not like we don’t care about security or user experience. We’ve revolutionized how employees authenticate, but we haven’t touched how they connect. We’ll spend millions building internal tools from scratch, but we won’t question decade-old networking decisions.
This creates a weird cognitive dissonance. We’re living in 2025 but connecting to work like it’s 2009.
The Real Cost of Standing Still
The security implications alone should make this embarrassing. Traditional VPNs operate on “castle and moat” thinking - once you’re inside the perimeter, you have broad access to internal systems. That’s exactly backwards from modern security principles. When someone’s laptop gets compromised while connected to our VPN, the attacker doesn’t just get that laptop - they get a foothold into our entire internal network.
But the productivity tax might be even worse. Every morning, thousands of employees deal with connection delays, random disconnects, and the occasional “VPN isn’t working” support ticket. The collective time lost to VPN friction across our workforce probably adds up to multiple full-time positions worth of lost productivity.
Then there’s the innovation debt. We’re maintaining expensive hardware, paying licensing fees for software that peaked in the Obama administration, and dedicating engineering cycles to problems that modern alternatives have already solved. Every dollar and hour spent keeping legacy VPN infrastructure running is a dollar and hour not spent building the future.
Why Smart Companies Get Stuck
This isn’t about being technologically conservative. The same leadership team that approved our ambitious Git migration has the budget and authority to modernize VPN infrastructure. So why hasn’t it happened?
Part of it is sunk cost psychology. We’ve invested millions in Cisco hardware, enterprise licenses, and the institutional knowledge needed to keep it running. Migration costs feel immediate and concrete, while the benefits of modernization feel abstract and distant.
There’s also the ownership problem. Nobody specifically “owns” VPN modernization as a project. It sits at the intersection of networking, security, and user experience - which means it’s simultaneously everyone’s responsibility and nobody’s priority. Infrastructure decisions get sticky because they touch everything and require coordination across multiple teams.
But I think the real issue is risk calculation error. “Nobody gets fired for buying Cisco” feels like the safe choice, but playing it safe has become the riskiest strategy. While we’re maintaining decade-old infrastructure, our competitors are building faster, more secure, more user-friendly alternatives. Technical stagnation is a competitive disadvantage disguised as prudent risk management.
What We’re Missing
Zero Trust Network Access (ZTNA) represents everything our current VPN isn’t. Instead of granting broad network access after authentication, ZTNA verifies every connection individually. When I open our HR system, modern alternatives would verify my identity and device, then grant access only to that specific application. If my laptop gets compromised, an attacker can’t pivot to other internal systems because there’s no broad network access to exploit.
Software-Defined Perimeter (SDP) takes this further by creating a “dark cloud” - internal resources are invisible until after authentication. Each application gets its own secure micro-tunnel rather than one big network connection. Permissions adjust dynamically based on user behavior, device health, and contextual risk factors.
The implementation reality is surprisingly practical. Many modern solutions work through web browsers, eliminating client software entirely. WireGuard protocol offers significantly better performance than the IPSec tunnels we’re stuck with. Cloud-native scaling means no more capacity planning for VPN concentrators - the infrastructure scales automatically with demand.
Companies can migrate gradually, running modern solutions alongside existing VPNs during transition. Most organizations see ROI within 12-18 months through reduced support costs, improved productivity, and simplified infrastructure management.
The Human Factor
There’s a generational divide in how people think about this infrastructure. Senior IT staff are comfortable with systems they understand and have spent years mastering. Younger engineers are frustrated by tools that feel ancient compared to what they use in their personal lives.
We’ve normalized bad enterprise UX in a way that would be unthinkable for consumer applications. The daily friction of connecting to work through decade-old tools affects morale, productivity, and our ability to recruit top talent. Great engineers notice when companies invest in modern tooling, and they also notice when they don’t.
Breaking the Cycle
Fifteen years of clicking the same VPN icon taught me something important about how large organizations think about infrastructure. We’re incredibly bold about building new capabilities, but weirdly conservative about replacing fundamental systems that touch everyone’s daily workflow.
The opportunity here is obvious. A company brave enough to build custom Git solutions has the technical sophistication to modernize VPN infrastructure. The same leadership that approved ambitious engineering projects can certainly approve infrastructure modernization that matches our innovation capacity.
Tomorrow, I’m going to have a different conversation with our IT department. Not about specific vendors or technical implementations, but about whether our networking infrastructure reflects the same ambition and technical excellence we apply to everything else we build.
Because if we can replace BitBucket, we can definitely replace a VPN client from 2009.