Universal ZTNA vs. VPN
Among the most popular legacy security solutions in use today, VPNs are meant to simplify access management by allowing end users to securely access a network, and therefore corporate resources, by way of a designated tunnel, usually through single sign-on (SSO).
For many years, VPNs worked well for users who needed to work remotely for a day or two. However, as the world saw more and more long-term remote workers—leading, eventually, to work-from-anywhere—a lack of scalability alongside high costs and maintenance requirements made VPNs ineffective. What’s more, rapid adoption of the public cloud meant that it not only became more difficult to apply security policies to these remote workers, but also hurt the user experience.
The main problem with VPNs, however, is the attack surface they create. Any user or entity with the right SSO credentials can log on to a VPN and move laterally throughout the network, giving them access to all the network, endpoints, and data the VPN was meant to protect.
Universal ZTNA secures user access by granting it on the principle of least privilege. Rather than trusting on the basis of correct credentials, zero trust only grants authentication only under the correct context—that is, when the user, identity, device, and location all match up.
Furthermore, universal ZTNA provides granular access to resources rather than network access. Users are connected directly and securely to the applications and data they need, removing the possibility of lateral movement by malicious users. Plus, because user connections are direct, experiences are vastly improved when leveraging a UZTNA framework.