Feed aggregator

It's been 70 years since Emmett Till, a Black teenager visiting relatives in Mississippi, was killed by white men because he whistled at a white woman. Now the gun used in his death is in a museum.

(Image credit: Scott Olson)

In Mike Johnson's district, not only could thousands of Louisianians lose coverage, health centers are bracing for a financial hit. They're hoping for additional funding to make up for Medicaid cuts.

(Image credit: Kevin Dietsch)

If Zero Trust actually worked like the industry said it would, VPNs would’ve disappeared years ago. Instead, they’re booming. We’ve all heard the warnings, seen the vendor pitches, and read enough LinkedIn posts to fill several lifetimes: Zero trust is supposed to be here.

And yet, despite all that hype, the business VPN market isn’t just alive — it's thriving, projected to nearly double from $5.7 billion in 2024 to well over $10 billion by 2033.

The Comfort of the Familiar

I wrote my first VPN — Tunnel Vision — back in 1998, for the first customer of my first startup. Later we replaced it with an IPsec key manager. Then I wrote sshuttle, a sort of VPN built on top of SSH. At Google, I ended up writing a multicast VPN tool we called "frobnicast" (don’t ask). And finally, I co-founded yet another VPN company to try fixing this once and for all. That makes it five VPNs so far. As the meme goes, we have become exceedingly efficient at it.

Why do we keep writing new VPNs? Because the old ones suck. But honestly, it's not just VPNs that suck — it’s TCP/IP that sucks. If IPv4 had been encrypted by default and access-controlled from the beginning and didn't run out of IP addresses and IPv6 had successfully rolled out, we wouldn’t need VPNs. Every generation of these tools has been a workaround for something broken further down the stack.

Still, businesses don’t let go of familiar tools easily. I once wrote that “not changing stuff is amazingly powerful as a product strategy.” VPNs are dependable. Or at least, they’re the devil we know. They’re built into enterprise security bundles, they’re in the onboarding checklist, and they’ve been “good enough” for long enough that most teams have figured out how to live with them.

But when a tool sticks around long after its design goals are obsolete — like my old dialer program WvDial, still popular decades after modems became irrelevant — it’s worth asking why. In WvDial’s case, the answer was simple: everything else was worse. That story still applies to VPNs.

When Security Gets in the Way

According to recent research, this comfort comes at a cost. Over 83% of engineers admit to bypassing their company's security controls simply to get work done. Worse yet, 68% retain access to internal systems after leaving their employers, exposing critical gaps in the security lifecycle. Yet, despite these clear risks, only 10% of professionals feel their current VPN "works well."

So, VPNs linger not because they're ideal, but because migrating fully to zero trust isn’t trivial. It’s not a product you can buy; it’s a shift in how you think. Continuous verification, least privilege access, and identity-first networking sound simple until you try to retrofit them into a sprawling, 20-year-old IT architecture.

The VPN Misconception

There’s a common belief that VPNs are fundamentally insecure. They’re not. But the traditional enterprise VPN model, the one that drops you inside the perimeter and lets you wander freely, is dangerous. That’s like giving everyone a master key to your office building.

A better model grants access one step at a time, based on who you are, what you need right now, and where you’re coming from. Microsegmentation. It’s not about banning tunnels — it’s about more, smaller tunnels, each with its own control valve.

Where Zero Trust Really Begins

The most secure approach is one where identity management is everything. Not where you are, not what subnet you’re on, not whether you’re in the office. Identity. Strong authentication, hardware-backed keys, just-in-time access.

But identity isn’t easy. Our survey found only 29% of organizations have adopted identity-based access control at scale. Even fewer use automation. Many still rely on spreadsheets and service account credentials that outlive the employees who set them up.

So security becomes a tax. It slows people down. And when security gets in the way, people route around it. That’s why VPN fatigue is real — and growing.

Yet, there's hope. Nearly half of surveyed companies are consolidating fragmented tools, embracing automation, and experimenting with adaptive policies. But more interestingly, they're starting to rethink their whole approach.

Security and engineering teams are collaborating instead of clashing. They're designing systems that work with people, not against them. AI tools are emerging — not to replace humans, but to help notice the things humans miss: a sudden pattern change, a weird login time, an unexpected access request.

More companies are adopting modular, policy-driven systems. Instead of writing 50 firewall rules, they define intent: "this kind of app talks to that kind, under these conditions." That’s not Zero Trust as a checklist — it’s Zero Trust as infrastructure.

A Pragmatic Path Forward

Zero trust isn’t a product you install. It’s a direction you walk in.

Start by reducing implicit trust — wherever you find it. Use strong identity through encryption, not IP addresses. Make credentials short-lived. Assume the worst. Break your network into zones. Shrink the blast radius.

But do it gradually. Nobody rips out all their networking in a day. Choose one high-value system and zero-trustify it. Learn. Repeat.

VPNs will stick around a while, not because they’re good, but because everything else is hard or immature. But as we’ve seen with tools like WvDial, still in use long after its time, familiarity isn’t the same as fitness. The future belongs to systems that embrace the complexity of real-world access — and make it feel simple.

I don't want to write VPNs, I don't want to deploy VPNs, I just want to solve real problems. But we can't solve the real problems without a working network. So here I am with a $1.5B company still selling VPNs. Sure it's maybe the best VPN. But it looks like I'll be continuing to do it for years, so that other people can finally solve real problems.

And if we finally get it right this time, maybe we can stop reinventing the same broken tunnel — one VPN at a time.

We've listed the best VPN deals.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Three in five firms would pick UK over Europe, APAC and US for tech investments, Barclays report finds
• Tech companies saw cash flows and savings rise, overdrafts reduce
• Further government support is needed for long-term support

New research from Barclays has claimed tech firms are increasingly seeing the UK as an attractive place to invest, with 62% of tech leaders favoring the UK over Europe and nearly as many favoring the UK over APAC (61%) and the US (60%).

A strong customer base, skilled workers with a diverse talent pool and fast consumer adoption of tech were cited as key influencers behind the UK’s potential success.

Three in four also noted the UK’s economic climate supports growth (76%) and that its political landscape will help over the next three years (75%).

Tech firms are investing in the UK

Half of the 500 UK-based technology leaders surveyed said they now plan to increase AI investments by 20% over the next 12 months with almost all of them (95%) reporting increasing client demand for AI products and services.

Thanks to the healthy landscape in the UK, 70% of the tech firms surveyed plan to increase capex by an average of 8.9% this year.

Separate Barclays data found that tech business cash flows rose by 1.7% between Q1 2024 and Q1 2025, and the tech sector had the higher increase in savings account balances, up 21.5%. Overdraft usage also fell 26.2% despite borrowing remaining relatively flat, suggesting increased financial health.

“There’s a clear sense that the UK is holding its own on the global tech stage, with founders and leaders increasingly seeing the UK as one of the best places in the world to grow and scale,” Head of Technology, Media & Telecoms & Innovation Banking Helena Sans commented.

Looking ahead, 72% agree that government backing is essential to long-term growth. This includes specialized funding programs (44%), support to attract international investors (37%), enhanced tax incentives for equity investments (36%) and startup and SME grants (36%).

You might also like

• We’ve listed the best AI tools and best AI writers
• The best online collaboration tools can help make you more efficient
• UK firms are investing heavily in new tech - but will it make any difference?

We spoke with experts to determine the best healthy foods for cooking in your air fryer. They're also quick and easy to prep.

From the war in Ukraine, to the Middle East, and escalating tensions in the South China Sea, the threat of conflict is forcing governments and businesses to confront an uncomfortable truth that digital systems are not immune to geopolitical pressure.

At London Tech Week recently UK Prime Minister Keir Starmer said that the way that war is being fought “has changed profoundly,” adding that technology and AI are now “hard wired” into national defense. It was a stark reminder that IT infrastructure management must now be viewed through a security lens and that businesses need to re-evaluate data management technologies and practices to ensure they are not left out in the cold.

Easier said than done. According to recent research from Civo, 83% of UK IT leaders say geopolitics threatens their ability to control data and 61% view sovereignty as a strategic priority, yet only 35% know exactly where their data resides. That’s not just a compliance gap. It’s a sign that infrastructure, policy and strategy are still out of sync.

Data sovereignty used to be a conversation for the policy teams and legal departments. Not anymore. Regulatory fragmentation, rising cyber risk, and increasingly complex data ecosystems are forcing organizations to treat sovereignty as a live operational concern. Whether it’s knowing who can access your AI training data or ensuring a healthcare provider meets national residency requirements, data sovereignty now defines what businesses can and cannot do.

The EU Data Act, the UK's evolving position (the UK is no longer bound by the EU Data Act but it remains closely aligned in practice to preserve data adequacy and ensure the continued free flow of data with the EU), and the increasing stringency of critical infrastructure policies, are starting to shape what enterprise resilience should look like.

As Lord Ricketts noted in the House of Lords in October last year, “the safe and effective exchange of data underpins our trade and economic links with the EU and co-operation between our law-enforcement bodies.” That trust depends on demonstrating a clear and enforceable approach to data control.

For many, public cloud services have created a false sense of flexibility. Moving fast is not the same as moving safely. Data localization, jurisdictional control, and security policy alignment are now critical to long-term strategy, not barriers to short-term scale. So where does that leave enterprise IT? Essentially, it leaves us with a choice - design for agility with control, or face disruption when the rules change.

Modern infrastructure needs to be sovereignty-aware

Sovereignty-aware infrastructure isn’t about isolation. It’s about knowing where your data is, who can access it, how it moves, and what policies govern it at each stage. That means visibility, auditability, and the ability to adjust without rebuilding every time a new compliance rule appears.

A hybrid multicloud approach gives organizations the flexibility while keeping data governance central. It’s not about locking into one cloud provider or building everything on-prem. It’s about policy-driven control across environments, managing workloads through the context of data.

For example, a financial services firm may need to keep customer transaction data within UK borders, but still wants to run analytics in the cloud. With the right architecture, workloads can move, but sensitive data stays governed. That’s sovereignty in practice, not theory.

Of course, generative AI introduces a new layer of complexity. Training models on private data, deploying inference at the edge, or simply sharing prompts between locations adds pressure to already stretched governance models.

And while many organizations have rushed to build or adopt AI tools, few have aligned these efforts with data residency or compliance. Sovereignty isn’t just about storage anymore. It’s about compute, access patterns, and understanding how third-party models interact with your data.

Building with sovereignty in mind

Edge and sovereign cloud capabilities will be essential here. But they only work if infrastructure teams are given the mandate and support to build with sovereignty in mind. That means cross-functional collaboration between legal, compliance, and IT. It also means choosing platforms that support location-aware deployment and policy enforcement from day one.

According to Nutanix’s recent public sector sovereignty research, 94% of public sector organizations are already using GenAI tools, yet 92% say they could do more to secure those workloads, and 81% say their infrastructure needs improvement to support sovereignty requirements. That says everything you need to know about the challenges facing both public and private organizations. Complexity has clouded judgement and capability.

And yes, customers want to know where their data is, of course they do. Partners also want to understand how it’s being used. With regulators increasingly expecting transparency, not just tick-box compliance, sovereignty, in this context, becomes a proxy for trust.

This is particularly important in sectors like healthcare, education, and government. But it’s not limited to them. Any business operating in or across regulated markets needs to demonstrate control. Not because it’s a checkbox, but because it’s now fundamental to continuity and reputation.

So where do you go from here?

First, get clear on where your data is and what laws apply. That’s not always simple. Next, review your infrastructure to see if it can support location-aware controls, hybrid deployment, and detailed auditing.

Then, consider where GenAI and future workloads are headed. Are you prepared to scale them without breaching sovereignty requirements? Can your teams adapt quickly as policies change?

Finally, treat sovereignty not as a constraint, but as a core part of your design strategy. The organizations that do this well won’t just be compliant, they’ll be more resilient, more transparent, and better prepared for what comes next.

Because in a world where data moves faster than policy, the ability to stay in control isn’t just good governance, it’s good business. And when geopolitics forces the issue, it might just be the nudge needed to get sovereignty right.

We list the best data migration tools to help manage your files.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro