The Evolution of VPNs and the Rise of Zero Trust Network Access (ZTNA)
Access to a network with zero trust or ztna. Rajiv Pimplaskar, CEO of Dispersive, an advanced cloud cloaking technology provider. ZTNA has become an important part of new network security systems such as secure access service edge (SASE).
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
VPNs vs. Zero Trust Network Access: Why VPNs are Becoming Obsolete for Businesses
In recent years, virtual private networks (VPNs) have gone from being an essential tool for securing networks to a tool facing a major overhaul, especially for business use. As businesses move away from VPNs, Zero Trust Network Access (ZTNA) is stepping in, transforming the way corporate networks operate. With data increasingly stored in hybrid and public cloud environments, traditional VPN models are less effective for modern needs, leaving ZTNA as a more reliable approach for securing corporate systems.
ZTNA’s “always verify, never trust” approach stands in contrast to the one-time authentication model of VPNs, making it an ideal choice for today’s evolving security needs.
Why VPNs are Losing Ground in Corporate Security
VPNs have long been effective in encrypting data and protecting endpoints from unauthorized access. However, VPNs were designed to work within local data centers, assuming that users would be operating in relatively stable, controlled environments. But today’s corporate environments involve remote teams, cloud-based resources, and constant data transfers—elements that VPNs were not originally designed to handle.
Limitations of VPNs for Modern Corporate Use
- Static Access Control: Traditional VPNs only verify users once per session. After authentication, they provide full network access without further checks. This model poses risks, especially with remote work where users log in from different, sometimes less secure, environments.
- Strain on Resources: VPNs consume considerable bandwidth as all data must flow through the VPN channel. For companies with many remote employees, this can mean slower performance and increased costs.
- Incompatibility with Cloud: While VPNs can still provide encrypted channels, they struggle with resources deployed across hybrid and public clouds, which require flexibility and frequent verification.
Given these limitations, many companies are considering VPN alternatives like Zero Trust Network Access (ZTNA) to better protect their networks.
Enter ZTNA: Continuous Verification for Modern Security
Zero Trust Network Access provides an approach where the system continuously verifies users, applications, and devices, never assuming any entity is safe by default. Rather than checking credentials once at the beginning of a session, ZTNA systems continually authenticate users throughout each session, re-verifying behavior, access location, and endpoint health.
Key Advantages of ZTNA Over VPNs
- Dynamic Access Control: ZTNA ensures that access is tightly controlled and only granted to specific applications or resources as needed, minimizing risk. Even within a session, ZTNA continually checks for indicators of suspicious activity, providing an added layer of defense.
- Behavioral Analysis: ZTNA tracks user activity, looking for behavior that deviates from the norm. For example, if an employee who typically accesses files from a specific location suddenly requests access from an unfamiliar IP address, ZTNA can flag and block the activity.
- Alignment with Secure Access Service Edge (SASE) and Security Service Edge (SSE): As noted by Rajiv Pimplaskar, CEO of Dispersive, ZTNA aligns well with the principles of SASE and SSE architectures. By merging network and security functions into cloud-based systems, these frameworks provide comprehensive network protection while maintaining high performance.
- Flexibility for Hybrid and Cloud Resources: Since ZTNA operates on a model of continual verification, it’s far better suited for hybrid and cloud resources, which require adaptable security postures that adjust in real time.
Expert Insights: Rajiv Pimplaskar on ZTNA's Role in Network Security
At Black Hat 2022, I had the chance to meet with Rajiv Pimplaskar, CEO of Dispersive, a company specializing in advanced cloud cloaking technology. We discussed how ZTNA’s security architecture fits with new network models like SASE and SSE, especially for organizations relying on cloud and hybrid infrastructure. Dispersive's approach, inspired by WWII-era spread spectrum technology, effectively cloaks data in ways that are more complex to intercept than traditional VPN encryption.
This novel approach, based on WWII submarine warfare strategies, divides data into multiple streams, making it far harder for potential attackers to capture or decrypt sensitive information. Dispersive’s innovations represent a significant shift from traditional VPN strategies, which rely on a single, encrypted channel that can be more easily targeted by hackers.
Why Businesses Are Moving to ZTNA-Integrated Solutions
Businesses adopting ZTNA find that the model integrates well with cloud applications and remote work environments, allowing for continuous user verification, dynamic access control, and real-time threat detection. With VPNs falling short on these fronts, ZTNA provides enhanced adaptability and scalability for businesses with evolving network environments.
- Cloud Compatibility: With data moving from local data centers to hybrid and public clouds, ZTNA ensures that security policies adapt dynamically to resource allocation and changing access points.
- Remote Work Enablement: The “always verify” principle of ZTNA accommodates employees working from different devices and locations, allowing IT teams to manage access dynamically based on real-time user data.
- Improved Risk Management: The continuous analysis of behavior, device, and network patterns helps ZTNA detect threats early, stopping potentially harmful actions before they reach critical systems.
ZTNA: A Long-Term Solution in a Cloud-First World
As businesses scale up cloud adoption and remote work policies, VPNs have become a less viable option for managing network security. ZTNA, with its constant authentication and flexible, cloud-compatible architecture, provides a more robust solution that meets the demands of the modern workplace.
Integrating ZTNA into Your Organization
The move from VPNs to ZTNA isn’t just a trend; it’s quickly becoming a necessity for secure, efficient access to modern corporate networks. If your organization relies heavily on remote work or cloud-based resources, a ZTNA solution may offer the dynamic security and scalability you need to stay competitive. Organizations ready to evolve should consider integrating ZTNA as part of their security infrastructure for better protection and operational agility.
For more information on Zero Trust and related security solutions, explore how the Keepnet Human Risk Management Platform can protect your organization, or see our Phishing Simulator to boost employee awareness.
Editor's Note: This blog was updated on November 15, 2024.
SHARE ON