Five use cases that justify ditching VPNs for good
Furthermore, backhauling non-local traffic through the VPN just to access the internet leads to poor user experience, high costs, and complex routing. In fact, 22% of users complain about slow connection speeds, and 19% are frustrated by complex authentication processes with VPNs. IT teams also find balancing performance (21%) and constant troubleshooting (18%) to be top VPN headaches.
For organisations looking to modernise their connectivity for a hybrid workforce, Zero Trust Network Access (ZTNA) is generally being touted as the superior alternative. However, not all ZTNA solutions are created equal, and to truly move beyond legacy VPNs, organisations should focus on their use cases rather than trying to fit themselves around one technology. Doing this, it becomes obvious that integrating ZTNA with other security tools within broader models such as Secure Access Service Edge (SASE) is the key to finally giving VPNs the boot.
Here are five use cases where replacing VPNs with ZTNA can help organisations.
1. Enable hybrid workers
The rise of the hybrid work model has exposed the inadequacies of legacy VPN solutions. VPNs offer limited visibility into application activities, suffer from latency due to traffic backhauling, and grant broad network-level access that allows for unrestricted lateral movements. Unpatched vulnerabilities in VPN concentrators can also act as major attack vectors.
ZTNA is a safer and more efficient remote access alternative for hybrid workers, that allows organisations to deploy identity and context-aware least-privileged access among their workforce, and minimise unauthorised lateral movements in case of compromise. It also ensures consistent enforcement of security policies regardless of the user's location by providing real-time visibility into user activities and detailed network and application traffic. Finally, it facilitates the secure onboarding of new devices, enables remote password resets, and ensures only sanctioned devices access critical internal resources.
2. Accelerate cloud migration
Digital transformation has led to a tipping point where more workloads reside in public clouds than in private data centres, and ensuring efficient connectivity for users to all environments for efficiency and productivity is key. As they route user traffic through private data centres before connecting to cloud environments or applications, VPNs often deliver a poor user experience. This is why a majority of IT teams (51%) rate 'better application performance' as a key driver of ZTNA programs.
But ZTNA doesn't necessarily resolve these complex routing decisions. Organisations considering ZTNA solutions should seek to understand the network on which they are built, and reject architectures that involve hairpinning, or anything that looks like data and traffic will travel further than it should.
3. Facilitate unmanaged device access (when It makes sense)
Organisations increasingly need to grant secure access to corporate resources for external contractors, service providers, and partners, and security teams face the challenge of accommodating unmanaged device access without exposing resources. This challenge can't be solved with VPNs, which often grant excessive access.
This is a use case where a ZTNA solution sitting within a consolidated SASE architecture makes sense. Enterprise browsers can be easily and remotely deployed to unmanaged devices, extending the organisation's remote access and security policies to those users who can access corporate resources within an isolated and secure browser on their devices, without the need for security teams to duplicate operational effort around policy management.
4. Support remote contact centres
While many call centres are adopting cloud-based Unified Communication as a Service (UCaaS), many still rely on legacy on-premises hosted VoIP systems, often routing calls through remote access VPNs. Most cloud-delivered ZTNA solutions currently don't support on-premises hosted VoIP, forcing organisations to maintain both ZTNA and VPN infrastructure.
Platforms that converge ZTNA and SD-WAN capabilities can solve this problem, and should include capabilities such as dynamic traffic steering and context-aware Quality of Service (QoS) to ensure a consistent voice and video application experience.
5. Accelerate M&A integration
The success of a merger or acquisition is often determined by how quickly the integration of the two entities can be completed, and traditional methods of merging networks are costly, time-consuming, and complex. An overwhelming majority of organisations (91%) find third-party access and M&A integration very challenging using VPNs.
ZTNA allows organisations to quickly connect employees, contractors, and advisors to essential resources from day one, and eliminates the need for VPN setup and network merging, enabling immediate and secure integration.
While legacy remote access VPNs were once cutting-edge, they now pose significant security vulnerabilities and degrade network performance and user experience. Many ZTNA solutions today offer only partial VPN replacement, leading to a complex mix of infrastructure that can be more complicated than the original setup. When assessing modern alternatives, these compromises are not necessary if the more challenging use cases are recognised upfront, and planned for in architecture selection.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
Portnox unveils cloud ZTNA for secure, agentless remote access
Portnox has announced the release of a cloud-native Zero Trust Network Access (ZTNA) solution designed to streamline secure remote access for enterprises. ZTNA approach The ZTNA solution aims to address the traditional challenges associated with remote work, where employees need to access company applications from various devices and locations, sometimes using untrusted networks. This new service is designed to bypass many of the performance and operational issues common in classic VPNs and older ZTNA models. Portnox's product offers a passwordless, agentless approach for accessing web-based applications. Instead of requiring users to download clients or agents, the system is built to allow access via standard web browsers using familiar URLs. Launch details During its launch, Portnox also introduced a free version of its ZTNA solution, which grants access to an unlimited number of web-based applications for an unlimited number of users. However, this version provides only community support. Installation of Portnox's endpoint posture assessment tool, AgentP, is required for use. Future updates are planned to expand access capabilities to a broader range of enterprise resources, including older applications without web interfaces. This planned expansion aims to provide comprehensive cloud-native access control for every user and device, regardless of their location. Security features Key features of Portnox ZTNA include instant access with minimal latency, eliminating the performance issues commonly experienced with legacy solutions. The system conducts continuous risk posture checks on endpoints before allowing access, ensuring devices are compliant with security policies. Automated remediation addresses any non-compliant or risky devices instantly. The solution's access control is based on both user roles and location, limiting resource availability to only those necessary for specific job requirements. Additionally, Portnox highlights that its approach does not require configuration changes to remote worker networks or corporate firewalls, as all communications are outbound only. According to Portnox, this design minimises the attack surface and simplifies deployment for IT departments. Executive comments "Portnox ZTNA fundamentally changes how organizations approach remote access security," stated Denny LeCompte, CEO of Portnox. "We've engineered a solution that not only significantly strengthens security but also enhances the user experience - because the best security is virtually invisible: fast, seamless, and frictionless. By eliminating the reliance on traditional VPNs and streamlining access controls, we empower businesses to embrace a true zero trust model with remarkable simplicity." Unified platform Portnox ZTNA is part of the company's Unified Access Control Platform, which also features RADIUS authentication, Network Access Control (NAC), and TACACS+ in a single cloud-based offering. This consolidation provides organisations with a centralised system for managing and enforcing zero-trust access policies across various hybrid working environments. Intended audience The solution is targeted at end-users, IT decision-makers, and organisations across various sectors, including finance, healthcare, education, and technology. Portnox indicates that users will benefit from fast, simple, and secure access, while IT leaders can maintain greater oversight of access attempts and enforce robust policies. The company asserts that the system's security and management benefits are designed to serve industries with demanding requirements for remote access and data protection.
Techday NZ
3 days ago
- Techday NZ
Zyxel advances Secure by Design for global SMB networking security
Zyxel Networks has announced details of its progress in implementing Secure by Design principles across its products and services for small and medium-sized business (SMB) networking globally. The company has adopted the Secure by Design Pledge from the Cybersecurity and Infrastructure Security Agency (CISA), which is focused on integrating security from the earliest stages of product development. This initiative encourages manufacturers to build security into their products by default and to improve transparency for users. Zyxel Networks has become the first company in Taiwan and one of the earliest in the global SMB networking sector to take the CISA pledge. The move aims to demonstrate a proactive approach to cybersecurity within the business's product portfolio and operations. Key security measures The company highlighted several key steps it has taken to align with the Secure by Design goals, particularly across its Nebula cloud-managed product line, which includes firewalls, routers, switches, and access points. The first step covers multi-factor authentication (MFA). Zyxel Networks stated that all Nebula cloud-managed devices support MFA. Notably, it became the first vendor globally to offer MFA for wireless access through its Secure WiFi feature, allowing administrators to enforce secure access for remote access point users. For firewalls, MFA is available for both administrative logins and remote VPN users, and is offered via email-based verification or by integrating with Microsoft and Google accounts. On password security, the company reported that devices shipped from the factory are now supplied with random, unique passwords that must be changed during the initial setup. This, it said, ensures improved security from the outset. When creating a Nebula cloud-managed network, users are also required to generate strong credentials upon first login. To reduce vulnerabilities, Zyxel Networks has adopted secure coding and development practices, such as following the OWASP Top 10 guidelines, employing static code and firmware analysis tools like Checkmarx, and using advanced techniques including automated combinatorial testing (ACTS). The business also commissions independent third-party penetration testers to help identify and resolve potential security issues. Zyxel Networks underscored its track record for timely security patches by referencing its role as a CVE Numbering Authority (CNA) since 2021. According to the company, its average Mean Time to Remediate (MTTR) for vulnerabilities has remained in line with industry benchmarks over the past five years, with investments made towards maintaining a fast and coordinated response process. The company has established a comprehensive vulnerability disclosure policy (VDP), offering public guidelines and reporting channels. Zyxel Networks notes that this transparency and consistency in vulnerability reporting has resulted in "the highest level of CNA acceptance, which is unmatched by any other SMB networking brands to date." Network logging and incident response Within its Nebula cloud-managed range, Zyxel Networks has ensured that all products now include between seven and thirty days of detailed network logging, with security insights delivered via SecuReporter, a cloud-based analytics platform providing a centralised perspective on network activity and security threats. For firewalls and security routers, access and operational logs are kept for up to 12 months, supporting comprehensive audit and incident-response capabilities. "We believe that security must be built in, not bolted on," said Gary Chen, ANZ Regional Head at Zyxel Networks. "Our commitment to Secure by Design helps us protect our customers and partners in a fast-evolving threat landscape. It contributes to a healthier IT ecosystem, and transparency in vulnerability reporting is a hallmark of responsible, modern security practice. Our approach is grounded in openness, honesty and long-term trust, which is fully aligned with CISA's vision and, more importantly, our customers' expectations." Zyxel Networks stated that these measures are intended to deliver on customer expectations for product transparency and reliable security. The application of the Secure by Design pledge to its product portfolio continues as part of ongoing cybersecurity improvements for the SMB networking sector.
Techday NZ
3 days ago
- Techday NZ
Five use cases that justify ditching VPNs for good
For years, Virtual Private Networks (VPN) have been the go-to solution for secure remote as the digital landscape evolves, the very infrastructure that once offered protection is now proving to be a significant liability. More than half (56%) of organisations experienced at least one VPN-related security incident in the past year, with many experiencing multiple breaches, making VPNs a primary attack vector. Furthermore, backhauling non-local traffic through the VPN just to access the internet leads to poor user experience, high costs, and complex routing. In fact, 22% of users complain about slow connection speeds, and 19% are frustrated by complex authentication processes with VPNs. IT teams also find balancing performance (21%) and constant troubleshooting (18%) to be top VPN headaches. For organisations looking to modernise their connectivity for a hybrid workforce, Zero Trust Network Access (ZTNA) is generally being touted as the superior alternative. However, not all ZTNA solutions are created equal, and to truly move beyond legacy VPNs, organisations should focus on their use cases rather than trying to fit themselves around one technology. Doing this, it becomes obvious that integrating ZTNA with other security tools within broader models such as Secure Access Service Edge (SASE) is the key to finally giving VPNs the boot. Here are five use cases where replacing VPNs with ZTNA can help organisations. 1. Enable hybrid workers The rise of the hybrid work model has exposed the inadequacies of legacy VPN solutions. VPNs offer limited visibility into application activities, suffer from latency due to traffic backhauling, and grant broad network-level access that allows for unrestricted lateral movements. Unpatched vulnerabilities in VPN concentrators can also act as major attack vectors. ZTNA is a safer and more efficient remote access alternative for hybrid workers, that allows organisations to deploy identity and context-aware least-privileged access among their workforce, and minimise unauthorised lateral movements in case of compromise. It also ensures consistent enforcement of security policies regardless of the user's location by providing real-time visibility into user activities and detailed network and application traffic. Finally, it facilitates the secure onboarding of new devices, enables remote password resets, and ensures only sanctioned devices access critical internal resources. 2. Accelerate cloud migration Digital transformation has led to a tipping point where more workloads reside in public clouds than in private data centres, and ensuring efficient connectivity for users to all environments for efficiency and productivity is key. As they route user traffic through private data centres before connecting to cloud environments or applications, VPNs often deliver a poor user experience. This is why a majority of IT teams (51%) rate 'better application performance' as a key driver of ZTNA programs. But ZTNA doesn't necessarily resolve these complex routing decisions. Organisations considering ZTNA solutions should seek to understand the network on which they are built, and reject architectures that involve hairpinning, or anything that looks like data and traffic will travel further than it should. 3. Facilitate unmanaged device access (when It makes sense) Organisations increasingly need to grant secure access to corporate resources for external contractors, service providers, and partners, and security teams face the challenge of accommodating unmanaged device access without exposing resources. This challenge can't be solved with VPNs, which often grant excessive access. This is a use case where a ZTNA solution sitting within a consolidated SASE architecture makes sense. Enterprise browsers can be easily and remotely deployed to unmanaged devices, extending the organisation's remote access and security policies to those users who can access corporate resources within an isolated and secure browser on their devices, without the need for security teams to duplicate operational effort around policy management. 4. Support remote contact centres While many call centres are adopting cloud-based Unified Communication as a Service (UCaaS), many still rely on legacy on-premises hosted VoIP systems, often routing calls through remote access VPNs. Most cloud-delivered ZTNA solutions currently don't support on-premises hosted VoIP, forcing organisations to maintain both ZTNA and VPN infrastructure. Platforms that converge ZTNA and SD-WAN capabilities can solve this problem, and should include capabilities such as dynamic traffic steering and context-aware Quality of Service (QoS) to ensure a consistent voice and video application experience. 5. Accelerate M&A integration The success of a merger or acquisition is often determined by how quickly the integration of the two entities can be completed, and traditional methods of merging networks are costly, time-consuming, and complex. An overwhelming majority of organisations (91%) find third-party access and M&A integration very challenging using VPNs. ZTNA allows organisations to quickly connect employees, contractors, and advisors to essential resources from day one, and eliminates the need for VPN setup and network merging, enabling immediate and secure integration. While legacy remote access VPNs were once cutting-edge, they now pose significant security vulnerabilities and degrade network performance and user experience. Many ZTNA solutions today offer only partial VPN replacement, leading to a complex mix of infrastructure that can be more complicated than the original setup. When assessing modern alternatives, these compromises are not necessary if the more challenging use cases are recognised upfront, and planned for in architecture selection.
