+201063133306 info@igate-eg.com

Zero-trust network access (ZTNA) has become the leading project for organizations looking to adopt zero-trust principles. Gartner predicts that 60% of organizations will be adopting zero trust by 2025,1 so there are lots of zero-trust projects going on. However, the bar to implementing a full zero-trust architecture can be relatively high, often requiring retooling systems and deploying numerous components. As a result, ZTNA is frequently the first solution identified as a zero-trust project. ZTNA enables the need to shift how employees access applications, which is how 90% of work is accomplished in knowledge-work industries.2

The pandemic accelerated the adoption of remote work, proving that organizations can remain productive while employees embrace workplace flexibility. And now, as organizations shift back to more time in the office, controlling application access from both remote and on-prem locations is vital. ZTNA’s ability to protect this critical attack surface is a giant leap forward in the zero-trust journey.

ZTNA increases access security by performing user identity and device posture checks before granting explicit access to each application, and it continues to check both the user and device to ensure they remain connected to that application. This granular access control enables appropriate levels of control for the various applications in use, making it much more difficult for an attacker to get and maintain access to an application.

Of course, implementing a complete ZTNA solution still requires changes to the network and how users access applications. So, for some organizations, a more cautious approach makes more sense. VPN networks have proven quite capable of securing traffic over the internet for remote users, and those solutions are already fully deployed. However, VPN alone has limitations, such as authenticating and monitoring users, devices, and access. For these organizations, implementing ZTNA over VPN adds critical capabilities to a tried and tested solution already in place.

The Fortinet Security Fabric integrates our ZTNA and VPN technologies, allowing ZTNA over VPN to be quickly and easily implemented. At the head end, every FortiGate next generation firewall (NGFW) contains a VPN concentrator and a ZTNA application gateway. And for endpoints, FortiClient includes both a VPN and a ZTNA agent. Organizations can utilize these capabilities in the FortiGate and FortiClient for ZTNA over VPN to enable user identity checks, device posture checks, and granular application access control over a VPN tunnel.

Of course, ZTNA over VPN is not a full ZTNA solution, as it only applies to remote workers. For example, when users are working on the network, the ZTNA over VPN policies will not be checked. However, for remote users, it is a big step forward from legacy VPN-based networkwide access to granular application access control. Fortinet has many customers who have adopted ZTNA over VPN as their first step in their zero-trust journey.

Read our solution brief on ZTNA over VPN for more information on this solution, or visit our ZTNA web page to learn about why we call our full ZTNA solution “Universal ZTNA.”

Gartner, Predicts 2023: Zero Trust Moves Past Marketing Hype Into Reality – 6 December 2022 – ID G00780267 – By John Watts, Jeremy D’Hoinne, Dale Koeppen, Charlie Winckless