- iOS 18.3.1 patches an 'extremely sophisticated attack' - and more
- High Five: Top 5 Moments That Made My 5 Years at Cisco Unforgettable!
- Deepfakes: How Deep Can They Go?
- 7 crucial rules for setting up a home security camera - and risky spots to avoid
- I tested the world's smallest power station - and this solar-charging beast surprised everyone
VPN vs. ZTNA: Cisco tackles pros and cons
ZTNA limits access to only necessary applications or resources, making it nearly impossible for hackers to conduct lateral attacks once they clear the VPN. ZTNA technologies provide fine-tuned access controls, enabling administrators to define exactly what a user can access on the network based on their role, location, and device. This approach will provide better protection against identity-based attacks and lateral movement by attackers, preventing attackers from moving freely across the network once they gain initial access with compromised credentials.
Performance is another reason enterprises consider transitioning from VPN to ZTNA. With more remote workers and distributed workforces, latency and throughput can become a source of frustration. While VPNs create a broad tunnel to the entire network, ZTNA uses distributed gateways closer to the end users access cloud-based applications. This reduces latency and avoids to need to route all traffic through a single centralized VPN. ZTNA aims to solve for latency and throughput performance problems with remote application access, which are common pain points with legacy VPN technologies.
Another motivation to move from VPN to ZTNA is future-proofing an environment. ZTNA offers more flexibility to scale up or down and supports more devices and locations. Often build on cloud platforms, ZTNA allows for easier scalability and flexibility to accommodate changing user needs and locations. ZTNA can also integrate with other advanced security measures such as multi-factor authentication, threat detection, and encryption. By taking an identity-centric approach to remote access, ZTNA can better position organizations to adapt to evolving security threats and workforce needs over time.
Pitfalls to avoid with modern remote access
Transitioning from VPN to ZTNA isn’t without its challenges, according to this webinar. There are a few pitfalls enterprise organizations should look out for when modernizing their approach to remote access.
To start, be sure that applications can use ZTNA technology for connection. If not, organizations might have to maintain the old VPN product along with the new ZTNA technology. Cisco’s Gormley explained in the webinar that certain types of applications, such as multi-threaded apps or those that rely on server-initiated communication protocols such as RDP or FTP are not well-suited for the ZTNA model.
“It adds to user frustration if they have to maintain their old VPN and they have the new ZTNA. It’s also confusing to the user when to use what,” Gormley said.
