Five Things to Avoid When Choosing a ZTNA Solution

When searching for a ZTNA solution, what critical components shouldn’t be overlooked? Are there any missing elements that could mean the difference between sticking with your ineffective VPN or moving to a higher plane with ZTNA? Here are five things to avoid in choosing a ZTNA solution.

1. Too many agents

Can your ZTNA solution leverage the same agent used for endpoint security, web traffic inspection, cloud application control, and even DLP? An innovative ZTNA should minimize SASE management overhead and improve the experience for the user – simplifying things, not adding complexity.

2. Weak data governance support

You already have policies in place to protect sensitive data and adhere to complex data governance regulations. Traffic and files delivered over your ZTNA path require that same level of protection and should conform to your well-established DLP policies. These policies are universal to all data in your organization, regardless of access method, and your ZTNA solution shouldn’t need special treatment. 

3. Indifferent threat inspection

While ZTNA creates a secure, direct path between the user and corporate applications, effective security still demands that all traffic and files be inspected for malware and sophisticated threats. The same threat inspection you apply to all other traffic and access methods should also apply to ZTNA. Multi-layered threat inspection for all ZTNA traffic is not an option; it’s a “must-have.”   

4. Bad user experience

Users will not stand for performance degradation, frequent outages, multiple login processes, or different tools to get what they need to be productive. Users demand always-available service from cloud applications and expect the same for company-hosted or custom applications used only by their employers. ZTNA must remove barriers to application access, not put up roadblocks or curtail performance.

5. Remote deployment nightmares

Managing a VPN for the entire organization is challenging. They were initially designed to support the “few” road warriors needing access to the home network and applications. VPNs were not designed to support the entire workforce that may be required to work from home. They certainly were not built for the company’s extensive partner community or other third-party contractors. Enabling ZTNA from corporate devices that already have an agent installed on the endpoint is a must. However, providing secure, agentless access to any unmanaged device is also a requirement for a complete ZTNA solution, especially to support RDP, SSH, and other access methods. Agent or agentless, the right ZTNA solution can support any user from anywhere on any device. 

While this isn’t an exhaustive list of what to look out for in a ZTNA solution, it might give you pause to focus on a few critical shortcomings a vendor could stick you with. For more questions to consider and a look at innovative solutions to real-world ZTNA use cases, check out Essential Innovations for Secure Private Application Access.