Q: With the sudden mass shift to remote working in response to the pandemic, my MSP business set up VPN configurations for each of our clients to meet their connectivity needs. What advantages does ZTNA offer that make it worth using instead of traditional VPN?
With a significant amount of SMBs and other organizations opting to use a hybrid or majority-remote setup for their employees, the need to make sure their employees can connect and work securely from anywhere will remain as important as it was throughout 2020. However, the efforts of cybercriminals to bypass the virtual private networks (VPNs) that many SMBs have opted to employ, have not gone unnoticed.
To understand how zero-trust network access (ZTNA) technology better protects end-users who need to connect to an organization’s network remotely, SmarterMSP sat down with Chris Crellin, Senior Director of Product Management for Barracuda MSP. Chris detailed how VPNs are being exploited by evolving cyberthreats and how ZTNA provides the best safeguards against them.
VPN limitations
Chris outlines his concerns with VPN, stating that while VPNs provide secure connections to applications protected by the organization’s firewall, network traffic created by cloud applications is backhauled through a local data center before the VPN delivers it to an end user. This can create significant latency issues, making the work and user experience more complicated, slower, and more frustrating.
While traditionally a practical solution, VPNs can no longer maintain the level of security and responsiveness required by remote employees. A VPN connection operates with the assumption that the user and device are both secure, once the correct credentials have been entered when establishing the initial connection. However, the rise in business email compromise (BEC) and other cyberattacks makes the credentials used to access these solutions less trustworthy.
ZTNA advantages
As Chris points out, ZTNA better optimizes remote work compared to VPN because ZTNA utilizes a secure access service edge (SASE) concept and can route network traffic via a secure cloud gateway directly to a cloud application or an on-premises IT environment. ZTNA also provides workflow management for multi-cloud or hybrid IT environments, without VPN-related backhauling that hinders optimal network performance.
With ZTNA, MSPs can better protect users, their devices, and their distributed workloads. Some solutions continuously verify that the right person, authorized device, and proper permissions are in place. A zero-trust approach provides more reliable protection and agility, allowing security policies to be quickly and easily updated based on user needs. Further, MSPs offering ZTNA can now monetize more devices than they could in the past, while eliminating the resource-intensive requirements of VPNs, often in a more cost-effective deployment model.
Remote work is likely to continue being a reality for many companies moving. Zero-trust solutions enable secure remote work with fewer negative impacts to the end-user experience– making ZTNA much more sustainable in an evolving threat landscape.
Check out this webinar replay to see more on the benefits that ZTNA can have for an MSP’s security offering and their SMB customers!
Photo: Ivan Marc / Shutterstock