Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

George WilkesMay 13, 2022

ZTNA Vendors: How to Sort and Select to Achieve Comprehensive Zero Trust Access

If you’ve decided that Zero Trust security is right for your organization, congratulations on committing to the journey. For many, Zero Trust starts with secure access, but how do you choose what’s right for your organization from the myriad Zero Trust Network Access vendors?

Share

Zero Trust Network Access (ZTNA) is gaining popularity as a solution that applies Zero Trust principles to your network security. ZTNA inquiries from Gartner’s end-user clients increased more than 50% in 2021 compared to 2020, according to its report, How to Select the Right ZTNA Offering. What’s more, 62% of organizations that use ZTNA for specific purposes are actively expanding their usage or planning to expand their usage to replace virtual private networks (VPNs), according to ESG’s 2021 SASE Trends report.

As adoption grows, it can be harder to decide which of the different ZTNA vendors is best for your organization, especially because many claim to enforce the principles of Zero Trust, but few can deliver comprehensive Zero Trust access. Sorting through the myriad ZTNA vendors to understand the differences and make a decision will depend on several factors … starting with identifying what you need ZTNA for and then how you plan to use it. Here are a few items to keep in mind as you consider various ZTNA vendors.

Identify your use case

ZTNA solutions can be powerful, but you’ll need one that fits your needs for today and tomorrow. While you may be starting your Zero Trust journey with a limited group of users or assets, you need ZTNA vendors that can scale with your future usage.

Even if you have only one reason for needing a ZTNA solution, keep in mind that it could solve other operational problems and ultimately reduce the number of vendors you need. Here are three of the most common user-centric use cases ZTNA vendors cater to:

  • Coverage for bring-your-own-device (BYOD) policies and third parties: Just as remote work has become the norm, so has the option for employees to bring their own devices. One report says that 47% of organizations cited an increase in personal devices being used for work during the pandemic, for a total of 82% of organizations having some form of a BYOD policy. Third-party access is an attack vector many organizations overlook. The Ponemon Institute reports that more than half of businesses have suffered a breach caused by a third party and 44% suffered a breach within the past 12 months. As your organization grows, it may breed new partnerships and create a need for third-party access even if that’s not one of your current requirements.
  • On-premises access: The hardened security posture that comes with Zero Trust remote access can (and should) also be applied to the corporate LAN now that HQs and offices are reopening. This not only enforces least privileged access for overly broad permissions, but can also help reduce insider threats. According to one report that asked organizations what they considered the most significant benefit of a Zero Trust solution, security across the entire attack surface (22%) topped the list, ahead of remote work (19%).

Choose from ZTNA vendors based on the secure access features you need

After you’ve determined how you want to use ZTNA, you’ll want to identify the features that will be important to you as you introduce this new security tool to your ecosystem. It’s important to note this should be a secondary factor as you evaluate ZTNA vendors, not a primary one. In fact, according to the How to Select the Right ZTNA Offering report, "organizations typically start by evaluating ZTNA vendor capabilities and ignore the broader alignment to strategy and use cases. Organizations that start this way tend to run into implementation roadblocks due to configuration challenges or selection of a suboptimal ZTNA offering."

Here are some of the key features you should look for in advanced ZTNA vendors:

  • Complete protection: Remote and in-office users; BYOD, corporate issued and IoT devices; cloud-native, legacy on-premises and traditional cloud workloads
  • Single packet authorization (SPA): Cloaking ports so they aren’t visible to any user or device on the network reduces the attack surface and protects valuable resources
  • Concurrent access: enables users to access resources in multiple environments without switching access solutions.
  • Micro-perimeters: Role, time, date, location and device posture offer identity-centric factors that can inform least privilege access entitlements
  • Robust APIs: Integration with existing systems can promote automation, enforce risk-based access and and break down silos
  • Posture checking: Device risk context can help inform what level of access should be permitted

Questions to ask ZTNA vendors during the RFP process

With your use case and desired features in mind, you’ll want to compile a list of questions to ask ZTNA vendors to ensure you get the solution that’s right for you. Here are some to get you started:

  • Can your ZTNA offering work for in-office users?
  • Can your ZTNA offering protect legacy infrastructure and modern cloud-native microservices?
  • Does your ZTNA solution require connections pass through your cloud or can I decide the deployment model?
  • How scalable is your ZTNA offering? Will your product be able to meet my needs in six months or a year?
  • What API integrations do you offer so that your solution can seamlessly integrate with my current tech stack?
  • What if I’m already using an identity access management (IAM) platform? Can your product work with that?
  • Does your ZTNA offering continuously monitor and dynamically adjust connections when the threat risk changes?
  • What is the process for verifying a user’s identity and the permissions they are granted?
  • How does your ZTNA offering manage and enforce unified policies whether users connect to resources on-premises or in the cloud?
  • How do policy changes work within your ZTNA offering? Can it reduce complexity by eliminating redundant or old policies?
  • How does your product protect against lateral movement?
  • My industry has compliance requirements. Can your ZTNA solution ensure we remain compliant?
  • How does your ZTNA solution create efficiency for our security team?
  • What does network monitoring look like in your ZTNA solution? What kind of visibility will it offer my administrators?
  • How does your product create a consistent management experience?

ZTNA vendors offer a more secure remote access model than an insecure legacy VPN. When evaluating ZTNA vendors, having answers to the questions above will assist in picking the top Zero Trust access vendors to continue your evaluation process.

Why Appgate SDP stands out among ZTNA vendors

Our industry-leading ZTNA solution, Appgate SDP, has all those features and more to cover organizations from the intense threat landscape. Appgate SDP’s patented SPA allows you to hide your most valuable resources using cryptographic techniques to further protect your network from a range of potential attacks.

Appgate SDP stands out from other ZTNA vendors with the most feature-rich and comprehensive solution available on the market today to strengthen and simplify network security. Learn more about the unique properties of Appgate SDP by signing up for a weekly demo, available live each Wednesday.

Additional ZTNA resources:

Podcast: Bringing Zero Trust Access to the Corporate LAN
Blog post: Hybrid Cloud Security and the Role of Zero Trust Network Access
Podcast: Top Cyberthreats and How Zero Trust Security Defends Against Them
ZTNA Everything eBook

Receive News and Updates From Appgate