ZTNA limits entry to solely vital purposes or sources, making it practically inconceivable for hackers to conduct lateral assaults as soon as they clear the VPN. ZTNA applied sciences present fine-tuned entry controls, enabling directors to outline precisely what a consumer can entry on the community based mostly on their position, location, and gadget. This strategy will present higher safety in opposition to identity-based assaults and lateral motion by attackers, stopping attackers from shifting freely throughout the community as soon as they acquire preliminary entry with compromised credentials.
Efficiency is another excuse enterprises take into account transitioning from VPN to ZTNA. With extra distant staff and distributed workforces, latency and throughput can develop into a supply of frustration. Whereas VPNs create a broad tunnel to your entire community, ZTNA makes use of distributed gateways nearer to the top customers entry cloud-based purposes. This reduces latency and avoids to wish to route all site visitors by a single centralized VPN. ZTNA goals to unravel for latency and throughput efficiency issues with distant software entry, that are widespread ache factors with legacy VPN applied sciences.
One other motivation to maneuver from VPN to ZTNA is future-proofing an surroundings. ZTNA provides extra flexibility to scale up or down and helps extra units and places. Usually construct on cloud platforms, ZTNA permits for simpler scalability and adaptability to accommodate altering consumer wants and places. ZTNA may also combine with different superior safety measures resembling multi-factor authentication, risk detection, and encryption. By taking an identity-centric strategy to distant entry, ZTNA can higher place organizations to adapt to evolving safety threats and workforce wants over time.
Pitfalls to keep away from with fashionable distant entry
Transitioning from VPN to ZTNA isn’t with out its challenges, in accordance with this webinar. There are a number of pitfalls enterprise organizations ought to look out for when modernizing their strategy to distant entry.
To start out, make certain that purposes can use ZTNA know-how for connection. If not, organizations might need to keep up the outdated VPN product together with the brand new ZTNA know-how. Cisco’s Gormley defined within the webinar that sure varieties of purposes, resembling multi-threaded apps or those who depend on server-initiated communication protocols resembling RDP or FTP are usually not well-suited for the ZTNA mannequin.
“It provides to consumer frustration if they’ve to keep up their outdated VPN and so they have the brand new ZTNA. It’s additionally complicated to the consumer when to make use of what,” Gormley stated.
