[ReganLaitila]

oh come on. Competent companies regard their internal networks untrusted with or without a vpn access solution. If your an incompetent company then there is no argument for a vpn vs no vpn because your incompetent, and will eventually succumb to the horrors of your insecurities regardless if your applications and network endpoints are directly exposed to the internet or behind a vpn solution.

your beyondcorp link has nothing to do with a well implemented vpn solution + standard access controls to network endpoints like the link suggests. Your clearly supporting a false dichotomy in which having a well constructed vpn solution is "wrong" and does not add to your overall security posture. Shenanigans.

vpn or not you still need to authorize/authenticate your network endpoints. But hey, you don't want a vpn so give me a list of your internet accessible ssh hosts and well see how well your "zero trust" gets you if you can't keep up with best practices. Good luck!