Top 5 Reasons MSPs Should Replace Client VPNs with ZTNA


Illustration of Reasons to Replace Client VPNs

Did you ever have a client or prospect call you and say, “Hello, I’d like to buy a ZTNA solution”? Probably not.  While a few network security-savvy and buzzword-motivated clients may ask their IT service provider for a Zero Trust Network Access (ZTNA) solution, the vast majority of clients will not. 

Nevertheless, most of your clients would benefit tremendously—especially those who still use a legacy VPN for their hybrid and remote workers. According to our own market survey, hybrid work is here to stay. In fact, a full 87% of companies will maintain a hybrid workplace even after Covid, and they will need secure, dependable, fast remote access. 

So why should you offer ZTNA to your clients? (Spoiler alert: it’s not all about them!).


1. VPNs are Easily Hacked by Cybercriminals

VPN technology was first introduced more than 20 years ago when the term “cloud computing” hadn’t even been coined, SaaS was in its infancy, and the vast majority of workers went to an office every day.  Today’s corporate environment is vastly different:  employees are commonly working from home, a public location, or a satellite office, and they are accessing resources in a hybrid network across on-prem data centers, public and private clouds, and the Internet.  

Using antiquated technology to secure and provide remote access in this modern network is simply asking for trouble. Cybercriminals have been tremendously successful in exploiting the many vulnerabilities of legacy VPNs, and the Colonial Pipeline is a case in point.  A key problem with VPNs is their inability to segment the network. This means that once a bad actor hacks a VPN, they get free access to the entire network.


2. Difficult Network Monitoring and Management

Compounding the problem of a VPN’s inherent security flaws is their lack of visibility and control at the network edge. Today’s distributed networks and their hybrid workers have dramatically increased the attack surface of the corporate network and have significantly increased the risk of a network breach. User access must be monitored and managed to identify and remove potential threats quickly. A high-performance ZTNA solution provides for continuous user authentication and activity monitoring. As an MSP, monitoring and management is often your responsibility, and it can be a daunting and challenging task. The right ZTNA solution can make the job easy and seamless.

3. VPN Hardware is Too Slow for the Modern Hybrid Network

According to Forrester, VPN performance issues were the main reason customers chose to adopt ZTNA for secure remote access during the Covid-19 pandemic. The inability of VPNs to deliver high-speed access to cloud resources was painfully clear to many MSPs when their clients shifted to almost 100% remote work during the pandemic lockdowns.

It makes no technical sense for remote users to connect to on-premise data centers (where there were no workers) for authentication before going back out to the Internet to access cloud-based applications like Zoom or Office 365. ZTNA solutions are optimized for high performance and scalability, and the best offerings will provide dedicated, high-speed, and encrypted tunnels directly to cloud resources.

So why put your clients on a slow local train when you can get them on the express?

4. VPNs Do Not Scale Easily

Your clients’ networking needs are constantly changing. Employees and contractors come and go.  Acquisitions are made, and divestitures occur.  New devices and applications are regularly deployed. When using a VPN, these changes can result in burdensome and time-consuming administrative tasks, from reconfiguring old equipment to adding new and expensive hardware.  

Adding users to a VPN can be especially cumbersome if the user is a third-party contractor and you need to protect your clients’ resources from what is essentially a less-trusted user who is inside the network. What a headache!  

Zero trust as a service is the perfect answer to this challenge. Using a single management console for all of your clients, your service team can perform tasks in minutes that would take hours and days with a VPN. With no hardware to purchase and maintain, creating networks and adding bandwidth capacity can be done with a few mouse clicks. Adding or deleting users is equally fast and easy, and third-party contractors can be granted access to only the applications they need to perform their job.

5. Implementing ZTNA is a Great New Source of Recurring Revenues

Perhaps the best part of implementing ZTNA for your clients is the creation of a new, high-margin recurring revenue stream for your business. Not only will you be making your clients’ networks more secure and better performing, but you’ll also be improving your bottom line. Furthermore, you’ll have the ability to add valuable implementation, management, and support services on top of your ZTNA solution. And all of the management and services can occur via a simple and easy-to-use multi-tenant interface. Establishing and managing your clients’ remote access will never be easier—or more profitable.

ZTNA: Trust No One, Always Verify

Today’s best practices with ZTNA ensure access to critical corporate resources is delivered on a “least privilege” basis.  Only users who need access to resources or applications based on their role should be permitted to access them. This principle is the basis of a Zero Trust solution and should be employed at all of your clients, regardless of their size.   

Gartner predicts that by 2023, 60% of enterprises will phase out most of their Business VPNs in favor of Zero Trust Network Access.  So while you may not be getting calls today asking for ZTNA, you should take the initiative and recommend it to your clients. Don’t wait for a competitor to do it.