Zero Trust Network Access (ZTNA) is the fastest-growing segment in network security and is forecast to grow 31% in 2023, according to a Gartner study. The research firm notes that this is up from less than 10% at the end of 2021.
The zero trust framework continues to gain interest in the data center industry due to the acceleration of the demand for “work from anywhere” network access fueled by the coronavirus pandemic.
The growth will continue as organizations become familiar with ZTNA and elect to deploy it for office workers as well. Gartner predicts that the transition from virtual private networks (VPNs) to zero-trust network access will continue, so that by 2025 at least 70% of new remote access deployments will rely on ZTNA rather than VPN services.
AFCOM, the professional association for data center and IT professionals, recently asked members about zero trust security models and interest in the framework increased from 56% in 2021 to 79% in 2022’s survey.
What’s Important to Know About Zero Trust
With the rise in remote work and the continuing threat of cyber attacks, companies are constantly searching for better security frameworks. A zero-trust network is a blanket term that simply means that a business (especially those that house sensitive information like data centers) adopts a stringent, multi-tiered approach to network security that assumes no user is automatically trustworthy.
This rigorous “trust no one” security framework requires that all users, whether they are inside or outside of a business’s network, must be continuously validated using multiple authentication methods, and even lateral moves within a network must be continuously reassessed and reauthorized.
Rik Turner, senior principal analyst at Omdia, agrees that zero-trust network access is the next evolution in security. “Omdia calls it simply ZTA because we think Gartner got it wrong, in that the modern remote access paradigm is no longer about requesting access to a network (so no need for the ‘N’), as was the case with VPNs in the old world. Rather, remote users are requesting access to applications, regardless of which network(s) they traverse to get to them. Indeed, nine times out of 10 they don’t actually know which networks they’ll be crossing to get there.”
Though Turner does believe ZTA is the future of cyber security, he’s more cautious about the timeline. “Now, whether Gartner’s stats are correct or not remains to be seen, though the report is only talking about new remote access deployments, so maybe the 70% figure is right. The global VPN market is anywhere from $25 billion to $40 billion a year, depending on how you slice and dice it and whether you consider service provider-managed VPNs or not, so it’s going to take a while for ZTA to eat a huge slice of the VPN pie, but that is definitely the trend going forward.”
It's worth noting that in 2021 President Joe Biden made zero trust a key element of his executive order to modernize and harden US cybersecurity positioning, stating that “To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must …adopt security best practices; advance toward Zero Trust Architecture…”
Implementing a Zero Trust Framework
Turner highlights three key reasons he believes zero trust access will overtake VPNs as the preferred security strategy for the cloud era.
- VPNs are less secure, as evidenced by the frequent stories of different VPNs being breached.
- VPNs, if self-managed rather than from a service provider, are less efficient in their use of corporate bandwidth, because they require traffic to go through a VPN concentrator in the corporate data center, even if the app being access is in the cloud (a phenomenon variously known as hairpinning or tromboning).
- These days ZTA is bundled into both SASE and SSE offerings, which helps push more into the market.
It’s important for companies interested in exploring ZTNA to understand that the zero-trust approach is as much a way of thinking as it is a concrete security strategy.
“A ZT framework is a much broader undertaking than just deploying ZTA, and in a sense, ZTA may be a useful on-ramp,” says Turner. “ZT is essentially a mindset regarding cybersecurity and perhaps the easiest way to approach it is to see which parts of your business stand to gain most from the introduction of a ‘Never Trust, Always Verify, and Continuously Monitor’ mantra.”