Appgate CybersecurityMay 13, 2022
ZTNA Vendors: How to Sort and Select to Achieve Comprehensive Zero Trust Access
If you’ve decided that Zero Trust security is right for your organization, congratulations on committing to the journey. For many, Zero Trust starts with secure access, but how do you choose what’s right for your organization from the myriad Zero Trust Network Access vendors?
Zero Trust Network Access (ZTNA) is gaining popularity as a solution that applies Zero Trust principles to your network security. ZTNA inquiries from Gartner’s end-user clients increased more than 50% in 2021 compared to 2020, according to its report, How to Select the Right ZTNA Offering. What’s more, 62% of organizations that use ZTNA for specific purposes are actively expanding their usage or planning to expand their usage to replace virtual private networks (VPNs), according to ESG’s 2021 SASE Trends report.
In a playing field that seems to be growing daily, evaluating and finding the best Zero Trust access vendors in the market can feel overwhelming.As adoption grows, it can be harder to decide which of the different ZTNA vendors is best for your organization, especially because many claim to enforce the principles of Zero Trust, but few can deliver comprehensive Zero Trust access. Sorting through a myriad of ZTNA vendors to understand the differences and make a decision will depend on several factors … starting with identifying what you need ZTNA for and then how you plan to use it. Here are a few items to keep in mind as you consider various ZTNA vendors.
The first step in evaluating ZTNA vendors: identify your use case
The best ZTNA solutions are powerful, but you need one that fits your needs for today and tomorrow. While you may be starting your Zero Trust journey with a limited group of users or assets, you need a ZTNA vendors that can scale with your future plans.
Even if you have only one reason for needing a ZTNA solution, keep in mind that it could solve other operational problems and ultimately reduce the number of vendors you need. Here are three of the most common user-centric use cases ZTNA vendors cater to:
- Remote access for your workforce: While the pandemic highlighted the need for remote access, the work-from-anywhere phenomenon is here to stay. According to the Pew Research Center, 77% of workers whose jobs can be done from home are working remotely at least some of the time, even as more employers have been reopening offices. A distributed workforce means your attack surface grows, but the right ZTNA solution can make sure none of the doors to your network are left unlocked.
- Coverage for bring-your-own-device (BYOD) policies and third parties: Just as remote work has become the norm, so has the option for employees to bring their own devices. One report says that 47% of organizations cited an increase in personal devices being used for work during the pandemic, for a total of 82% of organizations having some form of a BYOD policy. Third-party access is an attack vector many organizations overlook. The Ponemon Institute reports that more than half of businesses have suffered a breach caused by a third party and 44% suffered a breach within the past 12 months. As your organization grows, it may breed new partnerships and create a need for third-party access even if that’s not one of your current requirements.
- On-premises access: The hardened security posture that comes with Zero Trust remote access can (and should) also be applied to the corporate LAN now that HQs and offices are reopening. This not only enforces least privileged access for overly broad permissions, but can also help reduce insider threats. According to one report that asked organizations what they considered the most significant benefit of a Zero Trust solution, security across the entire attack surface (22%) topped the list, ahead of remote work (19%).
Choose from ZTNA vendors based on the secure access features you need
After you’ve determined how you want to use ZTNA, you’ll want to identify the features that will be important to you as you introduce this new security tool to your ecosystem. It’s important to note this should be a secondary factor as you evaluate Zero Trust access vendors, not a primary one. In fact, according to the How to Select the Right ZTNA Offering report, "organizations typically start by evaluating ZTNA vendor capabilities and ignore the broader alignment to strategy and use cases. Organizations that start this way tend to run into implementation roadblocks due to configuration challenges or selection of a suboptimal ZTNA offering."
With an abundance of ZTNA vendors in the market, even highly skilled network security pros can feel like they are swimming in a sea of products. Here are some of the key features you should look for in advanced ZTNA vendors:
- Complete protection: Remote and in-office users; BYOD, corporate issued and IoT devices; cloud-native, legacy on-premises and traditional cloud workloads
- Single packet authorization (SPA): Cloaking ports so they aren’t visible to any user or device on the network reduces the attack surface and protects valuable resources
- Concurrent access: enables users to access resources in multiple environments without switching access solutions.
- Micro-perimeters: Role, time, date, location and device posture offer identity-centric factors that can inform least privilege access entitlements
- Robust APIs: Integration with existing systems can promote automation, enforce risk-based access and break down silos
- Posture checking: Device risk context can help inform what level of access should be permitted
Important cybersecurity conversations with ZTNA vendors should be approached with a healthy level of skepticism to objectively ensure that their products and solutions fit specific use cases and needs outlined above.
Questions to ask ZTNA vendors during the RFP process
With your use case and desired features in mind, you’ll want to compile a list of questions to ask ZTNA vendors to ensure you get the solution that’s right for you. Here are some to get you started:
- Can your ZTNA offering work for in-office users?
- Can your ZTNA solution protect legacy infrastructure and modern cloud-native microservices?
- Does your ZTNA platform require connections pass through your cloud or can I decide the deployment model?
- How scalable is your ZTNA offering? Will your product be able to meet my needs in six months or a year?
- What API integrations are featured within your Zero Trust Network Access solution so it can seamlessly integrate with my current tech stack?
- What if I’m already using an identity access management (IAM) platform? Can your Zero Trust Network Access product work with that?
- Does your ZTNA offering continuously monitor and dynamically adjust connections when the threat risk changes?
- What is the process for verifying a user’s identity and the permissions they are granted?
- How does your ZTNA solution manage and enforce unified policies whether users connect to resources on-premises or in the cloud?
- How do policy changes work within your ZTNA offering? Can it reduce complexity by eliminating redundant or old policies?
- How does your ZTNA product protect against lateral movement?
- My industry has compliance requirements. Can your ZTNA solution ensure we remain compliant?
- How does your ZTNA solution create efficiency for our security team?
- What does network monitoring look like in your ZTNA solution? What kind of visibility will it offer my administrators?
- How does your ZTNZ product create a consistent management experience?
ZTNA vendors offer a more secure remote access model than an insecure legacy VPN and many enterprises are using a comprehensive Zero Trust Network Access solution to protect all user-to-resources and resource-to-resource connections across their hybrid IT infrastructure. When evaluating ZTNA vendors, having answers to the questions above will assist in picking the top Zero Trust access vendors to continue your evaluation process and ensure the ZTNA solution you choose can scale to cover all of your secure access needs.
Why Appgate SDP stands out among ZTNA vendors
Our industry-leading ZTNA solution, Appgate SDP, has all those features and more to cover organizations from the intense threat landscape. Appgate SDP’s patented SPA allows you to hide your most valuable resources using cryptographic techniques to further protect your network from a range of potential attacks.
Appgate SDP stands out from other ZTNA vendors with the most feature-rich and comprehensive solution available on the market today to strengthen and simplify network security. Learn more about the unique properties of Appgate SDP by signing up for a weekly demo, available live each Wednesday.
Additional ZTNA resources to guide your Zero Trust access vendor selection:
Podcast: Bringing Zero Trust Access to the Corporate LAN
Blog post: Hybrid Cloud Security and the Role of Zero Trust Network Access
Podcast: Top Cyberthreats and How Zero Trust Security Defends Against Them
ZTNA Everything eBook