Spiceworks Community Digest: To VPN or not to VPN

For years, the Virtual Private Network (VPN) has been the cornerstone of corporate security, serving as the encrypted tunnel for remote workers to access internal resources. However, recent industry data suggests that the reign of the VPN might be coming to an end. A recent Security.org studyOpens a new window suggests that despite high awareness, business VPN usage is actually in decline, dropping to just 15% of respondents in 2025.

What’s driving this shift? The study points to two key factors:

VPNs are becoming a liability. The study notes that “VPNs and firewalls now account for 58 percent of ransomware incidents,” making them a primary target for cybercriminals.
Many organizations are pivoting to Zero Trust Network Access (ZTNA) solutions, which grant users access only to the specific applications they need, rather than the entire internal network. Our own 2025 State of IT data corroborates this, showing ZTNA is poised for major adoption growth.

This data kicked off a discussion in the Spiceworks Community: Is your organization among those shifting away from VPN to ZTNA?

VPN is Still King for Some

Despite the trend data, many IT professionals explained that the VPN is still a necessity for their operations, especially for accessing legacy systems or local infrastructure.

DailyLlama mentioned that their company remains a hybrid environment where many core applications simply won’t function without the VPN acting as the primary secure gateway. Similarly, General Tsao stressed that they have no choice but to use VPNs for dozens of specific connections, arguing that as long as the solution is well-managed and updated, it remains highly effective at reducing risk.

computerdave shared they use a split tunnel VPN only for remote assistance or when users need to access specific production servers or office systems. Since most other resources are web-based, the VPN isn’t required for general use.

The Shift Away From VPN

Tim-Smith stated that since most of their applications are cloud-based, VPN “makes no sense,” and they haven’t needed to use their office VPN in years. kwelch007 agreed, noting that the increasing availability of SaaS solutions like M365 makes VPN use decline logically, and they expect their company to move to ZTNA within the next two years.

The data suggests a major change is underway, moving from perimeter-based security (the VPN) to identity and application-based security (ZTNA).

Is your organization caught in the middle of this security shift? Are you sticking with your VPN, or have you made the switch to a ZTNA solution? Head over to the Spiceworks Community to join the discussion and share your strategy.