So, you’re ready to invest in Universal ZTNA. Here’s what you should know
If you’ve recently attended an industry event or read the daily news digest from your go-to trade publication, there’s no way you haven’t heard about Universal Zero Trust Network Access (ZTNA). There’s a lot of hype around this offering, so much so that Gartner® included Universal ZTNA in its recent Hype CycleTM for Zero Trust Networking, 2023 report, which profiles the 19 “most relevant and hyped” zero-trust technologies, along with recommendations for implementation and obstacles to adoption.
In my opinion, this report is an extremely helpful resource for organizations interested in how Universal ZTNA and other zero-trust offerings can improve their security. Using the report as a springboard and insights from recent customer conversations, I’ve compiled my recommendations on choosing the best Universal ZTNA solution for your unique needs and tips for success as you deploy and manage this new technology. Consider this your Universal ZTNA evaluation cheat sheet.
Universal ZTNA is gaining steam
As a whole, zero-trust strategies, which limit access to only the data relevant to a user’s needs rather than granting comprehensive network access, are gaining popularity because they reduce risk. According to the Fortinet 2023 Zero Trust Report, nearly 70% of business leaders say their enterprises are implementing zero-trust strategies, up from 54% in 2021.
Traditional ZTNA is often used to secure remote worker access to enterprise systems. But as more people return to the office at least part-time and hybrid work gains popularity, it makes less sense to treat workers differently based on their location.
This is where Universal ZTNA comes in. Instead of having one policy to govern remote employees and another for those working on-premises, Universal ZTNA applies one policy to all users. The identity, device identity, and security posture checks are all conducted before a user gains access to the corporate network. Moving to Universal ZTNA benefits employees and security teams alike: Employees gain a more secure and consistent user experience no matter where they choose to work, and security teams can streamline the deployment and management of access controls and policies across the entire network.
Universal ZTNA adoption requires planning and preparation
According to Gartner, Universal ZTNA is climbing up the “Innovation Trigger,” which is when “early proof-of-concept stories and media interest trigger significant publicity.” As with any new technology, planning and preparation are always required before procurement and deployment.
Gartner notes that organizations with siloed IT and security teams can “overlook the opportunity to unify remote access and campus security using a single tool.” This is a crucial callout: It’s imperative that security and IT teams work together to choose one technology. Choosing two separate tools to implement and enforce access policies for remote and on-premises workers defeats the purpose of Universal ZTNA. Communication, collaboration, and consensus between the teams are essential to success.
Organizations must also identify users and define their policies before implementing Universal ZTNA. Who are your users, and what level of access should each group have? What assets need to be protected, and who can access them? What adaptive signals are important to your organization that will trigger an identity check?
4 attributes to consider as you’re evaluating Universal ZTNA vendors
Once the initial planning is done, it’s time to evaluate Universal ZTNA offerings based on their feature sets. Every organization’s needs are different, yet there are several must-have attributes to consider during the evaluation process.
- Coverage for unmanaged devices and unauthenticated users: In the Gartner report, one of the potential obstacles of Universal ZTNA is that “there is a limited number of vendors with robust universal ZTNA offerings. Specifically, shortcomings include unmanaged devices and unauthenticated users, including unmanaged operational technology [OT] and Internet of Things [IoT].” These are vital areas that any robust solution should cover. For example, many organizations work with contractors who need to access select network resources, and the Universal ZTNA solution deployed should be able to support these unauthenticated users as they connect.
- Convergence and interoperability are paramount. A strong Universal ZTNA offering shouldn’t require your organization’s IT team to redesign parts of the network to support the new solution. Yet most solutions available today are cloud-based, which involves routing traffic or moving applications to the cloud. This scenario illustrates the ongoing challenge of making a disparate collection of security point products work seamlessly. Choosing solutions that are designed to work together—we call this a platform approach to security—makes it easier for your team to deploy, configure, and maintain the various technologies needed to secure your organization.
- Solutions should offer both cloud-based and on-premises management. While some businesses are all-in when it comes to cloud computing, most are pursuing a hybrid approach. Others cannot or do not want to migrate their assets to a public cloud for various reasons, such as achieving and maintaining stringent compliance requirements. Business leaders should have a choice in how and where they want to manage their technology, whether in the cloud or on-premises.
- A single client is crucial. Understanding how your existing agents will work with any new technology is critical to avoid inadvertently creating new security gaps. Look for a security vendor that uses a single client for all technologies, including Universal ZTNA, as this will make onboarding and management more efficient.
Implementing Universal ZTNA is a significant step in advancing your organization’s zero-trust strategy, giving users flexibility in how and where they work and reducing complexities for your security team. With careful evaluation and planning, implementing Universal ZTNA for all users offers a simple, effective way to enhance security across your entire network.
Gartner, Hype Cycle for Zero Trust Networking, 2023, 18 July 2023.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Hype Cycle is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.