Tech Graveyard/infrastructure
The Corporate VPN (1996 to Dying)
The VPN was the moat around the castle. Then everyone left the castle. Zero Trust networks do not have moats.
Born 1996 · Still dying · Status: dying
Certificate of Death
Name of decedent
The Corporate VPN
- Born
- 1996
- Died
- —
- Age
- 30+
Cause of death
Remote work plus SaaS adoption made the perimeter model indefensible
Survived by
ZTNA platforms, Cloudflare Access, Tailscale, Twingate, SASE stacks
Invented by
Gurdeep Singh-Pall at Microsoft (PPTP, 1996)
The hook
Ivanti, Fortinet, Cisco. Three of 2024's largest VPN breaches. Different vendors, same root cause: the assumption that the VPN tunnel makes the user trusted.
Thesis. The VPN solved a 1996 problem (extending the office network) with a 1996 solution. Both the problem and the solution stopped making sense around 2018.
The story
The origin
PPTP at Microsoft, 1996. The point was making remote employees feel like they were 'in' the office network. A handful of road warriors, a few hours per week, a tolerable security model.
The peak
March 2020. Overnight, 100M+ workers VPN'd into work. Hardware shortages. License crunches. The model held by sheer necessity, not because it was the right architecture for what was now the default work pattern.
The cracks
SaaS adoption. Office 365, Salesforce, Slack. The apps were not inside the perimeter anymore. The VPN protected nothing of value, just routed traffic in a circle.
The breach pattern
2024. Every major enterprise VPN vendor breached. Pulse Secure, Ivanti Connect Secure, Fortinet, Cisco ASA. Same root cause: the appliance trust model puts a high-value target on the public internet with credentials that grant lateral movement inside.
The migration
Zero Trust Network Access. Cloudflare Access at 100M+ users. Tailscale should not exist as a commercial product (Wireguard is open source), but its growth proves the VPN model is broken in a way the open-source replacement does not fix on its own.
Key data points
- Microsoft PPTP: 1996
- 2020 VPN license demand: estimated 5x increase
- Major 2024 VPN breaches: Ivanti Connect Secure CVE-2023-46805 / CVE-2024-21887
- Cloudflare Access users: 100M+
- Tailscale: founded 2019, growing rapidly
Contrarian angle
Every CISO presentation since 2018 has said 'VPNs are dead.' Most enterprises kept renewing the license. The 2024 breach wave was the bill coming due.
The flip side
What replaces it
The paired prediction in Future Tech.
Read the predictionFAQ
Is Zero Trust the same as a software-defined perimeter?
Overlapping but not identical. SDP is one architecture for Zero Trust. ZTNA is a market category. SASE bundles ZTNA with cloud-delivered networking and security functions. All three reject the implicit-trust-by-network-position model.
Do I still need a VPN for accessing internal databases?
For greenfield deployments, no. Use identity-aware proxies and short-lived database credentials issued per session. For legacy databases that cannot be fronted by a proxy, a VPN bridge is sometimes the pragmatic interim.
Why is Tailscale growing if VPNs are dying?
Tailscale is a mesh overlay using WireGuard with cloud-managed identity. It replaces the broken enterprise VPN appliance with a model closer to ZTNA. The category collapse is about appliances, not encrypted tunnels.
More from guptadeepak.com
Want the technical deep-dive on what replaces this?
Read the companion articleRelated obituaries
More from the infrastructure graveyard.
1998 — Dying
DyingStatic API Keys
When one company runs 10,000 ephemeral AI agents, static API keys stop being a security gap and start being a security crisis.
Cause: AI agent proliferation made unscoped long-lived secrets impossible to govern
infrastructure · Peak 2018 · Final breath 2028
1999 — Dying
ZombieOn-Prem Active Directory
Active Directory is the most successful piece of enterprise software that nobody chooses anymore. It runs 90% of Fortune 500 backends and 0% of new deployments.
Cause: Remote work and SaaS adoption made the on-prem domain controller indefensible
infrastructure · Peak 2015 · Final breath 2032
1995 — 2022
DeadInternet Explorer
IE was the browser that defined the internet for half a generation. It died as the browser-as-OS model died. ActiveX, COM, and the whole intranet stack went with it.
Cause: Chromium-based browsers and the death of plugin-based web extensibility
infrastructure · Peak 2003 · Final breath 2022