5 Objections to ZTNA (And Why They’re Wrong)

Zero Trust Network Access (ZTNA) is the future of secure remote access, but many companies still rely on legacy hardware VPNs. These appliances don’t really meet modern security needs, so why are they still being used? When we talk to companies we run across a number of common objections to adopting ZTNA over a legacy VPN. Let’s take a look at five of these objections and explain why they’re wrong.

It’s Always Worked

Perimeter-based defenses were once sufficient, but the threat environment is always changing. We’re now at a point where network security demands a more robust approach. Relying on a VPN can make it easier for hackers to achieve lateral movement should they ever get inside the network. ZTNA, on the other hand, ensures that access is granted based on what people need to do their jobs. This reduces the risk of a breach, because overly permissive access is one of the main reasons that hackers can get inside and wreak havoc. If everyone’s access is limited you reduce that threat.

In addition, the legacy approach doesn’t accommodate the increase in remote work and the widespread adoption of cloud-based services. Legacy VPNs are designed to pair with firewalls to protect on-prem resources and assumes that most employees are working from the office. That is no longer the way businesses are working.

ZTNA accommodates both remote and in-office models. For example, ZTNA is more proactive since it continuously evaluates user and device behavior to detect anomalies that might indicate a breach.

Adopting a ZTNA solution adds depth to your defenses, ensuring that every access request is scrutinized and authorized based on contextual information such as device posture, time of day, and location.

Granular Access Is Too Complicated

Not even close. ZTNA access rules are surprisingly simple to implement. For starters, ZTNA solutions are typically cloud-based allowing you to apply access policies in a single spot and then automatically propagate across the network. Centralized management simplifies processes and minimizes the risk of misconfiguration.

ZTNA access rules also enforce the principle of least privilege ensuring that users only have access to the resources they need to do their jobs. This means accidental data exposure or unauthorized access is less likely. Granular access controls also provide better visibility into user activity, making it easier to monitor for potential security incidents and respond quickly when needed. 

Finally, ZTNA solutions are highly customizable and can be adapted to accommodate changes in your organization’s structure or policies. This flexibility enables you to maintain a high level of security even as your business grows.

The VPN Works Well Enough

One of the biggest complaints from users about legacy VPNs is that they negatively impact network performance when connecting to cloud-based resources. The reason for this is that VPNs have an inescapable achilles heel. Instead of connecting directly to cloud resources, VPNs require you to backhaul traffic to a data center–potentially an ocean away–before reaching your destination. When accessing SaaS applications or cloud services backhauling leads to latency issues, and potential traffic bottlenecks at the data center, resulting in decreased productivity.

ZTNA solutions eliminate the need for backhauling, providing faster and more efficient access to resources. This results in improved performance and user experience and productivity, without sacrificing security.

The VPN is Cost Effective

VPN appliances often come as part of a package deal with a firewall appliance, giving the impression of cost-effectiveness. However, there are many potential hidden, or at least non-obvious, costs with legacy appliances. First of all, a cloud-based ZTNA solution means there’s no hit on CAPEX expenditures since there’s no hardware to invest in or upgrade down the line. A SaaS platform is 100 percent OPEX, and typically there’s no three-to-five year lock-in the way you get with legacy solutions. 

In addition, don’t forget about larger staff expenditures due to ongoing maintenance such as software updates and security patches, as well as managing and troubleshooting issues.

Many of these costs evaporate with a cloud-based ZTNA solution since you no longer have to manage hardware. Instead, the cloud provider handles all updates and maintenance.

This reduces the burden on IT teams and allows for a more scalable and cost-efficient approach to network security. Over time, the lower total cost of ownership for ZTNA solutions can lead to significant savings.

The VPN Meets Our Needs for Third-Party and Employee Access

Granting VPN access to third-party contractors or suppliers (not to mention employees on unmanaged devices) can expose your network to significant risks. VPNs don’t segment access, leaving your entire network vulnerable. ZTNA solutions offer a superior alternative, providing agentless access to the specific applications that third-party contractors need without granting access to the entire network. This ensures that your sensitive data remains secure.

With the increasing reliance on third-party contractors, suppliers, and partners, the need for secure, segmented access has never been greater. 

With ZTNA solutions you can provide third-party contractors with access to only the tools they need while keeping your entire network secure. Additionally, ZTNA solutions can easily scale to accommodate fluctuating numbers of contractors and other unmanaged users. This ensures that your security measures remain effective even as your organization grows or your needs change.

Get Better Security With Perimeter 81

Forget about that VPN, and turn to Perimeter 81. We can meet your security needs with a cloud-based, converged networking and network security platform. It’s easy to use and fast to deploy with the critical tools and technologies such as ZTNA, Firewall as a Service (FWaaS), Web Filtering, and Malware Protection. Embrace ZTNA and Perimeter 81’s advanced network security features to address the challenges of modern cybersecurity threats. Book a Demo today.