‘Companies want to replace VPN with Zero Trust Network Access’

Stay tuned, subscribe!

There are several possibilities on the market to make remote working possible. One of these is the virtual private network, or VPN. This solution is now widely used, but now also comes with risks. Companies want to get rid of VPNs, according to research by Zscaler.

Companies increasingly prefer Zero Trust Network Access (ZTNA), according to research by Cybersecurity Insiders commissioned by Zscaler. 15 percent of organisations already use the technology, 59 percent want to implement ZTNA in the next twelve months.

The question is, of course, why companies want to make the switch. The answer lies in a new type of attacks that specifically target VPNs. If a hacker manages to penetrate a VPN connection, they can also enter the network.

Patrick Foxhoven, CIO of Zscaler, states that companies “need to reduce the attack surface by rethinking how they secure their apps and offer access to them in a cloud and mobile world”.

What is ZTNA?

ZTNA can help with that. ZTNA services are designed so that only authorized users can access specific applications. Who exactly is this depends on the company’s policy.

Unlike VPNs, ZTNA does not allow users to be placed on the network. Apps are also not exposed to the Internet. As a result, the attack surface is much smaller and companies are protected against VPN attacks.

Therefore, it is not surprising that companies are interested in this technology. According to the study, 57 percent of organisations give priority to secure access from personal, unmanaged devices.

Investments in ZTNA

Several companies invest in the development of ZTNA solutions. For example, Zscaler itself launched a new solution called Zscaler B2B in September with a service-initiated ZTNA architecture.

In July, Symantec chose to expand its portfolio with ZTNA solutions. Proofpoint also invested in ZTNA this year, by acquiring specialist Meta Networks.

Incidentally, not everyone sees the benefit of ZTNA. 53 percent of the respondents think that the technology they already use can reduce risks, even though users are directly connected to their network and the attack surface is therefore larger.