3 ZTNA Myths

If you’ve ever been to Scotland, you know that there’s a whole tourist industry that centers around the Loch Ness monster. People swear up and down that they’ve seen Nessie, and the tales continue, even though there’s no real documented proof that the monster actually exists. Stories like these can take on a life of their own because it benefits someone to perpetuate the myths.

In technology, trying to explain complex technology in understandable ways isn’t easy, and sometimes efforts to make a topic more accessible leave out important details and misinformation ensues. For example, with the notable exception of cloud computing, few topics have fostered more confusion than zero-trust network security principles. Even though the subject has been written about for more than a decade, the myths roll on. Here are the top three myths I’ve seen lately.

Myth 1: You have to move to the cloud to implement zero trust

As organizations move to the cloud, they often start to look into zero trust solutions more seriously, particularly zero trust network access (ZTNA) for application access. Because ZTNA is often part of cloud migration strategies, many people assume you have to move everything to the cloud to implement zero trust. This myth is reinforced by cloud-only ZTNA solution vendors. But for some organizations, cloud-only networks aren’t the best choice.

Even as many organizations are embracing cloud technology, it’s not right in every situation. Some companies want or need to manage their networks in-house without other businesses involved in managing critical capabilities. And some organizations in highly regulated industries such as financial services or healthcare have compliance-related reasons for avoiding cloud. In some situations, cloud isn’t practical because an organization doesn’t have reliable connectivity. Many remote areas of the world simply don’t have the type of broadband connections most of us take for granted and that are necessary for cloud technology to work.

Myth 2: ZTNA is just for remote users

Another myth some cloud-only vendors don’t like to address is that many organizations are running hybrid networks, and users need access to both on-premises and cloud resources. Cloud-only ZTNA isn’t ideal for hybrid environments because it can introduce bottlenecks for on-premises application access. In some cases, organizations set up two solutions: one for cloud access and another one for on-premises. Ideally, ZTNA should be the same no matter where the user or the resources are located.

Gartner coined the term “Universal ZTNA” to describe what is essentially ZTNA that works the same everywhere–both cloud-based and on-premises. With Universal ZTNA, organizations can own, control, and manage their infrastructure and policies within their own environments. Those organizations that don’t completely trust the cloud, worry about losing critical capabilities, or can’t move everything to the cloud for compliance reasons can still enjoy the benefits of ZTNA everywhere.

ZTNA doesn’t have to be used only for cloud application access. With Universal ZTNA solutions, users have the same experience for both cloud and on-premises access without performance degradation, so it’s an ideal way to support hybrid networks.

Myth 3: ZTNA that works on-premises is complicated

Quite a few ZTNA solution providers are “cloud-first” organizations, and often ZTNA is part of a secure access service edge (SASE) solution or an add-on to a cloud-hosted service. Some cloud-only vendors don’t support on-premises access well or at all. Those vendors that do support on premises users are limited by their architecture, which require application connectors that introduce complexity and latency because traffic must be routed to the cloud even when accessing on-premise or local data center applications.

The architecture of a Universal ZTNA solution is significantly simpler. ZTNA can be part of a SaaS solution but also a feature that is built into products that organizations own and control, such as a client located on a user’s device. From a user perspective, the access process is the same whether they’re in an office or working remotely. The client software connects to a ZTNA Application Gateway and a connection is created for the application session. The solution conducts policy checks to determine whether access to a given application is allowed.

Zero Trust Should Be Everywhere

Even though zero trust has been associated with remote users who need to access cloud-based services, it should be used everywhere, both in the cloud and on-premises. With Universal ZTNA, users enjoy the same experience no matter where they may be working. And if the existing VPN solution and ZTNA are managed by the same integrated client from the same vendor, it simplifies the migration to ZTNA.

To support secure application access and application steering, Universal ZTNA also can be integrated with SD-WANand other enterprise-grade security solutions. For organizations with hybrid networks and the need to support users both on and off site, a comprehensive Universal ZTNA solution makes sense.

Learn more about how Fortinet Universal ZTNA improves secure access to applications anywhere for remote users.