It’s no secret that the coronavirus pandemic has led to a surge in remote work. In fact, a recent study found that nearly half of all employees are now working remotely at least part-time. While this shift has many benefits, it also brings with it new security risks.
One of the most common ways for companies to provide secure remote access for their employees is by using virtual private networks (VPNs). However, zero-trust network access (ZTNA) is a solution that is better suited to many companies’ needs. In this article, we will compare and contrast VPNs and ZTNA and discuss five ways in which ZTNA can improve your company’s remote access security.
What Is A VPN, Benefits, Key Components, Use, And Downsides
A VPN, or virtual private network, is a secure tunnel between two or more devices. It is used to protect data and privacy, and to allow for remote access to private networks. VPNs are often used in conjunction with firewalls and other security measures to provide extra security for businesses and individuals.
The benefits of using a VPN include:
- Protection of data and privacy
- Remote access to private networks
- Secure connection
The key components of a VPN are:
- A client software application that you install on your device
- A server that the client application connects to
- An encryption protocol that secures the data traffic between the client and server
VPNs can be used for a variety of purposes, including:
- Organizations providing remote access to employees
- Individuals accessing private networks remotely
- Secure browsing
One downside to using VPNs is that they can significantly slow down your internet speed, especially if they are not optimized.
Another downside is that it can be difficult to set up a VPN. In order for your data to be secure, you have to establish a “tunnel” between your computer and the VPN server. This can be an involved process for some users.
What Is ZTNA– Benefits, Key Components, Use, And Downsides
ZTNA, also known as zero-trust network access, is a much newer approach to remote access security than VPNs. In fact, ZTNA was first proposed in 2014 by Forrester Research analyst Josh Zelonis.
ZTNA is based on the idea that prior to granting anyone access you should ask two fundamental questions: “What do I have?” and “Who are you?” This concept is in stark contrast to traditional VPN protocols where users are granted, or denied access based on their location/IP address (e.g., connecting from country X isn’t allowed).
With ZTNA, it doesn’t matter if the device is located inside or outside your organization’s firewall; instead, it focuses on identity awareness. For example, if the device is determined to be in your building it’s assumed that it’s associated with your organization.
This is a more secure approach than VPN because it prevents employees from accessing data they are not authorized to access. It also requires them to authenticate themselves with multiple layers of security before gaining access (similar to two-factor authentication).
How ZTNA Works
How ZTNA Works When you attempt to connect via ZTNA, the following steps will take place:
- The client software application connects to the server
- The client software sends an initial request for access
- The server checks identity databases (e.g., Active Directory, LDAP, etc) to see if the device is authorized to access the desired network.
- If there are no issues with authenticating the device’s identity then access will be granted
- A session key is created for each user, which will encrypt their data
ZTNA Vs. VPN Which Is Better?
1) Organizations providing remote access to employees. Many organizations have adopted ZTNA as an alternative to VPNs because it gives them more flexibility in granting employees remote access. Unlike VPN, there are no specific locations where a user needs to be situated before they can connect, which means that anyone authorized by your organization securely accesses your networks regardless of where they are.
2) Individuals accessing private networks remotely. Not only is ZTNA well-suited for organizations, but it can also be used by individuals who often need to access data remotely (e.g., traveling employees, telecommuters). When you do not know where your users are connecting from then it’s critical that you use an approach like zero-trust network access.
3.) Secure browsing sessions. Some people enjoy using VPNs for secure browsing because it creates a “tunnel” between their machine and the VPN server to encrypt all of their traffic. However, the downside is that since this tunneling causes a slowdown in internet speed some people find that having a second connection open on their device may be a better option rather than using a VPN (e.g., They may open a Tor connection for browsing the internet).
4) Organizations with multiple offices around the globe. If your business has multiple offices located in different countries then ZTNA may be a better option compared to a traditional VPN. This approach gives you the ability to control which locations your users can securely access from and if they are authorized to do so.
5) Reduced costs. If you purchase a VPN product from a vendor then you’re going to have to pay an ongoing monthly fee for this service. However, if you want to use ZTNA then there is no ongoing cost, and your employees will still be able to access private networks securely.
If you are looking for a way to provide secure remote access that will work well with the unique needs of your organization, zero-trust network access (ZTNA) is an alternative solution. ZTNA is based on identity awareness rather than location/IP address and can be used by both individuals and organizations. Plus, it’s more flexible in granting employees remote access since there are no specific locations where they have to be before being able to use their credentials.