ZTNA: Time to Forget the Hardware VPN

Copy on image says "Why ZTNA Beats VPNs." There is also a data center building with IP address labels on it and a user icon is next to the building.

“Why can’t the digital tools at work be as simple as the stuff I use at home?” 

How many times have you heard that chestnut? Sure, enterprise software and security tools are getting better, but this is still the prevailing sentiment in many offices. Here at Check Point we’re all about simplifying enterprise-grade security. 

Our Zero Trust Network Access (ZTNA) is easy-to-use, offers a better experience for client devices and IT, while being a more secure alternative to the legacy approach using a hardware VPN.

This is Not the Way

Traditional networking methods that rely on hardware-based VPNs just aren’t as practical for securing today’s networked environment, and no wonder. These solutions are nearly 30 years old, invented when Internet access was in its infancy, and the most common way to get online was through a big, beige box connected to a hardwire telephone line. 

Back then, and through recent decades, the old hub-and-spoke approach with data centers and VPNs to connect seven-pound laptops was more or less fine. People were still going to work at their offices five days a week, and all the corporate resources were on company-managed servers.

But the cloud in combination with truly mobile computing changed all that. 

Now, employees are rocking thin and light laptops they can take anywhere, and IT managers have to organize not only on-prem corporate resources, but cloud-based services such as:

ZTNA vs. On-Prem Hardware

Zero Trust Network AccessOn-Premises Firewall VPN
Cost Reduction  Cloud-based ZTNA reduces configuration complexity and onboarding time. Cloud security service eliminates need for storage and maintenance  Hardware requires manual installation, configuration, physical storage space, cooling, and ongoing maintenance. Requires trained personnel to instal and upgrade 
Unified Management Networks and users are easily managed from one single platform Hardware is individually managed across multiple offices with complex interfaces
Network PerformanceFaster connection, better network performance across +50 data centersFewer data centers on-prem, non-optimal traffic routing may cause users to experience low performance 
User Identification and AuthenticationPrivatized user access with identification and multi-factor authentication 
User identities managed across multiple firewalls. Only some IDPs are supported 


Zero Trust Application Access Trusted clientless access to apps without exposing users to the whole network



 
No segmented application access  
Compliance Meets security compliance requirements
Meets security compliance requirements  
Micro-SegmentationSegmented user access across network resources 


Segmenting user access can be complicated and performance may be hindered 

To deal with this revolution in mobile work we ended up with two basic solutions. 

First, use a VPN to connect to that old school business network and then jump to the Internet resources from there. Not a great experience since this usually requires manual configuration at the router level and latency complaints can be plentiful. 

Things get better with an SD-WAN that more intelligently connects Internet traffic using optimal routes, but that old school business network is still in the traffic flow to the cloud. 

Either way you slice it, users are stuck in a model that increases latency, eats up company bandwidth, and results in a more cumbersome remote work experience. That is not great when more and more people are working remotely, a fact that is not likely to change. Even though we’re getting back to the office and in-person meetings, a full 87% of companies we surveyed still plan on sticking with a remote- or hybrid-work model even once the pandemic is in the rearview mirror.

In short, the remote revolution is here to stay, and your team deserves better.

The Radically Simple Way

Today’s mobile corporate worker needs a new solution that allows them to access the Internet securely without having to jump through an overly complex network. 

That is the reason Check Point introduced Zero Trust Network Access or ZTNA

Zero Trust Network Access from Check Point

Using our approach, we turn the Internet itself into your corporate network. No more jumping through headquarters or branch offices that could be hundreds of miles or an ocean away. Instead, you hit the cloud services from our worldwide network of data centers. 

Just spin up gateways in our more than 60 locations that best suit your team’s needs. Each gateway has a dedicated IP address to help secure your team, and then set some group-based policy rules. 

Once that’s done, install the agent on company devices to monitor and enforce the ZTNA policies. 

How It Works

If you’re not familiar with it, ZTNA starts from a position of denying access to everything for everyone. Then you open up resources based on the rules you create. One of the killer features in this model is device posture check, which takes permission policies right down to each employee’s silicon whether they are using:

  • Windows
  • macOS
  • Android
  • iOS

DPC sets requirements for devices before they gain access to company resources requiring attributes such as the presence of a specific antivirus solution, an operating system update, or a specific file or certificate. 

Agentless ZTNA to Secure Your Remote Business

We also cover outside contractors and others with Agentless ZTNA. This feature lets you provide agentless access through a web-based portal to third-party contractors and employees who need access from any device to specific applications. 

ZTAA supports a variety of protocols including:

  • HTTP/S
  • SSH
  • RDP
  • VNC

The best part is that all of this can be deployed with a few clicks and finished within minutes to a few hours depending on the size of your network. And yes, we haven’t forgotten that corporate data center. If you have on-prem resources we can connect to that too.

Grab onto the future of enterprise connectivity, and book your demo with Check Point today. 

FAQs

What is Zero Trust Network Access (ZTNA)?
Zero Trust Network Access (ZTNA) is a security approach that assumes no user or device can be trusted by default. It provides secure access to applications and resources based on user identity, device posture, and granular access controls, regardless of location or device type. This approach eliminates the need for traditional VPNs and enhances security by preventing unauthorized access and lateral movement within the network.
How does ZTNA benefit remote users?
ZTNA significantly improves the user experience for remote users by offering secure access to applications and resources without the need for VPNs. It eliminates the latency and performance issues associated with traditional VPNs, providing a seamless and secure connection from any location. ZTNA also simplifies remote access, allowing users to access resources directly from their devices without complex configurations.
What are the benefits of ZTNA over traditional VPNs?
ZTNA offers several advantages over traditional VPNs, including improved security, reduced complexity, and enhanced user experience. ZTNA provides granular access controls, device posture checks, and secure connectivity through a global network of data centers. It also eliminates the need for on-premise hardware, simplifying management and reducing costs.
How does ZTNA address the security concerns of unmanaged devices accessing private networks?
ZTNA addresses security concerns by implementing strict device posture checks and granular access controls. It ensures that only authorized users with compliant devices can access sensitive resources. This approach prevents unauthorized access and lateral movement within the network, even from unmanaged devices, by enforcing security policies based on user identity, device state, and network context.
How does ZTNA improve the security posture of an entire network?
ZTNA significantly improves the security posture of an entire network by shifting from a perimeter-based security model to a zero-trust approach. It enforces granular access controls, device posture checks, and secure connectivity across all network resources, eliminating the need for traditional VPNs and reducing the attack surface. ZTNA strengthens the overall security posture by preventing unauthorized access and lateral movement within the network, minimizing the risk of data breaches and cyberattacks.