Author: Roman Arutyunov, Cofounder and SVP of Products, Xage Security
Zero Trust Network Access (ZTNA) has been an increasingly popular tool category over the last several years. Tracing accelerated cloud adoption and increased remote work, ZTNA solutions have arisen to deliver identity-based, context-aware secure remote access to a company’s systems and applications. As the ZTNA market matures, the requirements for a full-fledged solution are broadening. Increasing interconnectivity and decentralization of global enterprises have drawn even more interest to ZTNA, but these trends also introduce new challenges that agent-based and cloud-dependent ZTNA architecture struggles to overcome.
Some of the key challenges faced by current-gen ZTNA providers are:
- Lack of onsite access management capabilities limits ZTNA’s ability to locally enforce policy in isolated environments, remote sites, and branch offices. ZTNAs were built to provide remote access, but not necessarily to provide identity and access management themselves.
- Cloud-dependencies create risk that isolated applications will stop working if they lose network connectivity to the cloud, or if the trust-broker service itself is unreachable for any reason. Centralized trust brokers also carry the risk that the trust broker itself could be targeted by attackers.
- Agent-based ZTNA can’t secure assets where agents can’t be installed, which includes many operational technology (OT) assets.
Current generation ZTNA is largely seen as a replacement for remote access via VPNs. The next generation of Universal ZTNA will need to evolve to include secure remote access as well as access management, reduce cloud dependencies, and expand the range of assets it can cover and protect in distributed and decentralized environments.
Here are the three major requirements for Universal Zero Trust Network Access Solutions:
Universal ZTNA Requirement 1: Combine Remote Access with Access Management Capabilities
Universal ZTNA solutions must offer both secure remote access, to eliminate the need for VPN, and access management capabilities to support policy enforcement in branch offices and campuses. This will require the Universal ZTNA solution to be able to maintain a single, central access policy that is then propagated to branches and campuses so that policies can be set centrally and enforced locally at each location.
Universal ZTNA Requirement 2: Eliminate Cloud Dependencies for Greater Availability and Resiliency
To work at remote sites, especially in industrial control systems and operational technology environments, Universal ZTNA needs to be able to function even if a particular device or application can’t access the cloud. That means the policy database needs to be locally available and the trust broker cannot have a hard cloud dependency.
Universal ZTNA Requirement 3: No Agents, No Clients
Current agent-based ZTNA approaches are limited when it comes to securing third party assets, such as partner, vendor, and even customer devices where you may be unable to install an agent. This challenge also limits agent-based ZTNA’s effectiveness for securing OT assets, IoT, and other devices where an agent can’t be installed. Deploying and maintaining agents for every managed user and device is already an expensive and cumbersome process, causing agent and client fatigue in the market. Moving toward agentless, universal ZTNA will benefit not only industrial users, but any organization that wants the benefits of ZTNA with a lower management burden, specifically for use cases like third-party access management.
Universal ZTNA is Gaining Rapid Adoption, and is Featured in the Gartner Market Guide and Hype Cycle for Zero Trust Networking, 2023
Universal ZTNA is referenced in both the Gartner Market Guide for Zero Trust Network Access for 2023, and the Gartner Hype Cycle for Zero Trust Networking. In the Hype Cycle, Universal ZTNA is about halfway up the slope toward the Peak of Inflated Expectations, and is predicted to have about 2-5 years until it reaches the Plateau of Productivity, indicating rapid adoption.
How Xage Delivers Universal ZTNA Capabilities At Remote Sites and Branch Offices Across IT, OT, and Cloud
Xage provides Universal ZTNA capabilities through the Xage Fabric, a highly-available, highly resilient cybersecurity mesh. The Fabric supports our Zero Trust Remote Access and Identity-based Access Management solutions, which fulfill all of the above listed requirements for Universal ZTNA. With Xage, you get:
- Centralized policy creation and management, with distributed enforcement that continues working even at remote sites that lose network connectivity.
- Agentless remote access and access management that works even on assets with no built-in security capabilities
- Resilient cyber-mesh architecture with no single point of failure, and no single point to compromise.
- And many more capabilities to secure your organization from the OT to IT to cloud to the distributed edge.
To learn more about how the Xage Fabric delivers Universal ZTNA, Zero Trust Remote Access, Identity-based Access Management, Zero Trust Data Exchange, and other vital security use cases, check out our Xage Fabric Platform Page.