Employers tried to connect an increasing number of homebound workers to company resources, which resulted in a surge in the use of virtual private networks (VPNs).
However, industry consultants claim that due to VPNs’ shortcomings, specifically their security and scalability issues, a technology field called “zero-trust network access” (ZTNA) has emerged.
Although a VPN offers a secure connection to a network, IT professionals aren’t always impressed by its advantages.
Scalability: When an entire workforce of people who work from home bottlenecks to the same location, the road becomes congested and network performance may suffer. There are much more cost-effective methods if you’re going to scale up and want a lot of people working remotely.
Security: a tunneled device is not directly under your direct control. Although internet traffic leaves my home network, business traffic does go through the VPN. What else on that home network, then, might hop onto my device and proceed across the corporate network?
The growing interest in zero-trust network access (ZTNA) has gained in popularity since 2020, with cybercrimes on the rise and new security measures are being developed daily, literally daily.
Most organizations are adopting ZTNA services and are looking beyond VPN approaches due to the rise in remote working combined with unmanaged device usage.
An information security model known as zero trust prevents threats by only allowing access to networks and workloads when it has been informed by continuous, contextual, risk-based verification across users and the devices they are connected to. This model also denies access to applications and data by default.
Bottomline, user access is limited to explicitly authorized applications.
Your enterprise IT systems can’t shut out the outside world. Services like public internet and SaaS are part of everyday business, however those same applications have risks and need more than a firewall to stop intrusions. Patches are exactly what they sound like, SIEM is the hourly drain checks, network scanning for the pumps and zero-trust is your compartmentation.
Instead of connecting at the device level, it is at the application level. Therefore, it’s not simply saying that you can only access web apps, It states that if a connection is established between your endpoint and the company network, it can only be used for this specific application to communicate with the specified set of application servers and data in the specified location.
At least 70% of new remote-access deployments will be supported by ZTNA rather than VPN services by 2025.
Numerous technological options, such as software-defined wide area networks (SD-WANs), secure web gateways, and cloud access security brokers (CASBs), support a zero trust model, but identity is key to the idea:
Who are you?
What are your options?
What do you have permission to access?
What are you logging on to?
…. then monitoring everything surrounding that.
A VPN merely provides you with a point-to-point encrypted connection, not really adhering to zero-trust principles.