Five use cases that justify ditching VPNs for good

For years, Virtual Private Networks (VPN) have been the go-to solution for secure remote access.Yet, as the digital landscape evolves, the very infrastructure that once offered protection is now proving to be a significant liability. More than half (56%) of organisations experienced at least one VPN-related security incident in the past year, with many experiencing multiple breaches, making VPNs a primary attack vector. 

Furthermore, backhauling non-local traffic through the VPN just to access the internet leads to poor user experience, high costs, and complex routing. In fact, 22% of users complain about slow connection speeds, and 19% are frustrated by complex authentication processes with VPNs. IT teams also find balancing performance (21%) and constant troubleshooting (18%) to be top VPN headaches.

For organisations looking to modernise their connectivity for a hybrid workforce, Zero Trust Network Access (ZTNA) is generally being touted as the superior alternative. However, not all ZTNA solutions are created equal, and to truly move beyond legacy VPNs, organisations should focus on their use cases rather than trying to fit themselves around one technology. Doing this, it becomes obvious that integrating ZTNA with other security tools within broader models such as  Secure Access Service Edge (SASE) is the key to finally giving VPNs the boot. 

Here are five use cases where replacing VPNs with ZTNA can help organisations.

1. Enable hybrid workers

The rise of the hybrid work model has exposed the inadequacies of legacy VPN solutions. VPNs offer limited visibility into application activities, suffer from latency due to traffic backhauling, and grant broad network-level access that allows for unrestricted lateral movements. Unpatched vulnerabilities in VPN concentrators can also act as major attack vectors. 

ZTNA is a safer and more efficient remote access alternative for hybrid workers, that allows organisations to deploy identity and context-aware least-privileged access among their workforce, and minimise unauthorised lateral movements in case of compromise. It also ensures consistent enforcement of security policies regardless of the user's location by providing real-time visibility into user activities and detailed network and application traffic. Finally, it facilitates the secure onboarding of new devices, enables remote password resets, and ensures only sanctioned devices access critical internal resources.

2. Accelerate cloud migration

Digital transformation has led to a tipping point where more workloads reside in public clouds than in private data centres, and ensuring efficient connectivity for users to all environments for efficiency and productivity is key. As they route user traffic through private data centres before connecting to cloud environments or applications, VPNs often deliver a poor user experience. This is why a majority of IT teams (51%) rate 'better application performance' as a key driver of ZTNA programs.

But ZTNA doesn't necessarily resolve these complex routing decisions. Organisations considering ZTNA solutions should seek to understand the network on which they are built, and reject architectures that involve hairpinning, or anything that looks like data and traffic will travel further than it should. 

3. Facilitate unmanaged device access (when It makes sense)

Organisations increasingly need to grant secure access to corporate resources for external contractors, service providers, and partners, and security teams face the challenge of accommodating unmanaged device access without exposing resources. This challenge can't be solved with VPNs, which often grant excessive access.

This is a use case where a ZTNA solution sitting within a consolidated SASE architecture makes sense. Enterprise browsers can be easily and remotely deployed to unmanaged devices, extending the organisation's remote access and security policies to those users who can access corporate resources within an isolated and secure browser on their devices, without the need for security teams to duplicate operational effort around policy management.

4. Support remote contact centres

While many call centres are adopting cloud-based Unified Communication as a Service (UCaaS), many still rely on legacy on-premises hosted VoIP systems, often routing calls through remote access VPNs. Most cloud-delivered ZTNA solutions currently don't support on-premises hosted VoIP, forcing organisations to maintain both ZTNA and VPN infrastructure.

Platforms that converge ZTNA and SD-WAN capabilities can solve this problem, and should include capabilities such as dynamic traffic steering and context-aware Quality of Service (QoS) to ensure a consistent voice and video application experience.

5. Accelerate M&A integration

The success of a merger or acquisition is often determined by how quickly the integration of the two entities can be completed, and traditional methods of merging networks are costly, time-consuming, and complex. An overwhelming majority of organisations (91%) find third-party access and M&A integration very challenging using VPNs. 

ZTNA allows organisations to quickly connect employees, contractors, and advisors to essential resources from day one, and eliminates the need for VPN setup and network merging, enabling immediate and secure integration. 

While legacy remote access VPNs were once cutting-edge, they now pose significant security vulnerabilities and degrade network performance and user experience. Many ZTNA solutions today offer only partial VPN replacement, leading to a complex mix of infrastructure that can be more complicated than the original setup. When assessing modern alternatives, these compromises are not necessary if the more challenging use cases are recognised upfront, and planned for in architecture selection.