22.08.2022

ZTNA: Time to Forget the Hardware VPN

22.08.2022
Copy on image says "Why ZTNA Beats VPNs." There is also a data center building with IP address labels on it and a user icon is next to the building.

“Why can’t the digital tools at work be as simple as the stuff I use at home?” How many times have you heard that chestnut? Sure, enterprise software and security tools are getting better, but this is still the prevailing sentiment in many offices. Here at Perimeter 81 we’re all about simplifying enterprise-grade security. Our Zero Trust Network Access (ZTNA) is easy-to-use, offers a better experience for client devices and IT, while being a more secure alternative to the legacy approach using a firewall VPN.

This is Not the Way

Traditional networking methods that rely on hardware-based VPNs just aren’t as practical for securing today’s networked environment, and no wonder. These solutions are nearly 30 years old, invented when Internet access was in its infancy, and the most common way to get online was through a big, beige box connected to a hardwire telephone line. 

Back then, and through recent decades, the old hub-and-spoke approach with data centers and VPNs to connect seven-pound laptops was more or less fine. People were still going to work at their offices five days a week, and all the corporate resources were on company-managed servers.

But the cloud in combination with truly mobile computing changed all that. Now, employees are rocking thin and light laptops they can take anywhere, and IT managers have to organize not only on-prem corporate resources, but cloud-based services such as Salesforce, Google Workspace apps, Office 365 and AWS S3 buckets

ZTNA vs On-Prem Hardware

Zero Trust Network AccessOn-Premises Firewall VPN
Cost Reduction  Cloud-based ZTNA reduces configuration complexity and onboarding time. Cloud security service eliminates need for storage and maintenance  Hardware requires manual installation, configuration, physical storage space, cooling, and ongoing maintenance. Requires trained personnel to instal and upgrade 
Unified Management Networks and users are easily managed from one single platform Hardware is individually managed across multiple offices with complex interfaces
Network PerformanceFaster connection, better network performance across +50 data centersFewer data centers on-prem, non-optimal traffic routing may cause users to experience low performance 
User Identification and AuthenticationPrivatized user access with identification and multi-factor authentication 
User identities managed across multiple firewalls. Only some IDPs are supported 


Zero Trust Application Access Trusted clientless access to apps without exposing users to the whole network



 
No segmented application access  
Compliance Meets security compliance requirements
Meets security compliance requirements  
Micro-SegmentationSegmented user access across network resources 


Segmenting user access can be complicated and performance may be hindered 

To deal with this revolution in mobile work we ended up with two basic solutions. First, use a VPN to connect to that old school business network and then jump to the Internet resources from there. Not a great experience since this usually requires manual configuration at the router level and latency complaints can be plentiful. Things get better with an SD-WAN that more intelligently connects Internet traffic using optimal routes, but that old school business network is still in the traffic flow to the cloud. 

Either way you slice it, users are stuck in a model that increases latency, eats up company bandwidth, and results in a more cumbersome remote work experience. That is not great when more and more people are working remotely, a fact that is not likely to change. Even though we’re getting back to the office and in-person meetings, a full 87 percent of companies we surveyed still plan on sticking with a remote- or hybrid-work model even once the pandemic is in the rearview mirror.

In short, the remote revolution is here to stay, and your team deserves better.

The Radically Simple Way

Today’s mobile corporate worker needs a new solution that allows them to access the Internet securely without having to jump through an overly complex network. That is the reason Perimeter 81 introduced Zero Trust Network Access or ZTNA

Using our approach, we turn the Internet itself into your corporate network. No more jumping through headquarters or branch offices that could be hundreds of miles or an ocean away. Instead, you hit the cloud services from our worldwide network of data centers. Just spin up gateways in our more than 60 locations that best suits your team’s needs. Each gateway has a dedicated IP address to help secure your team, and then set some group-based policy rules. Once that’s done, install the agent on company devices to monitor and enforce the ZTNA policies. 

If you’re not familiar with it, ZTNA starts from a position of denying access to everything for everyone. Then you open up resources based on the rules you create. One of the killer features in this model is device posture check, which takes permission policies right down to each employee’s silicon whether they are using Windows, macOS, Android, or iOS. DPC sets requirements for devices before they gain access to company resources requiring attributes such as the presence of a specific antivirus solution, an operating system update, or a specific file or certificate. 

We also cover outside contractors and others with Zero Trust Application Access (ZTAA). This feature lets you provide agentless access through a web-based portal to third-party contractors and employees who need access from any device to specific applications. ZTAA supports a variety of protocols including HTTP/S, SSH, RDP, and VNC to suit a wide variety of needs.

The best part is that all of this can be deployed with a few clicks and finished within minutes to a few hours depending on the size of your network. 

And yes, we haven’t forgotten that corporate data center. If you have on-prem resources we can connect to that too.

Grab onto the future of enterprise connectivity, and book your demo with Perimeter 81 today. 

You can also learn more about the benefits of ZTNA to see how it compares to on-premises VPNs.