What started as a nebulous new cybersecurity term defined by Forrester analyst John Kindervag in 2010 has morphed and changed through the years, but the intrigue has stayed the same with 61% of businesses claiming to have a zero trust strategy in 2024. As a result, product after product promises that if you give the right amount of money to the right vendor, you can flip the switch to fully deploy zero trust network access.
Unfortunately, it doesn’t always work that way — particularly so for small to mid-sized businesses — and analysts agree. According to Gartner: “Zero trust network access (ZTNA) is a maturing technology, often requiring more than one vendor to satisfy all use cases. ZTNA is only one implementation part of a larger zero trust strategy.”
In other words, transitioning to a zero trust model isn't a one-time event with one product to rule them all; it's a journey that requires careful planning and execution — and a blend of the right vendors.
In a recent survey conducted by Enterprise Strategy Group (ESG), 46% of businesses reported that advice or guidance from technology vendors given specifically to their organization was the most influential source of information to build their zero trust strategy.
Remember how we mentioned that product after product promises that the right money and vendor can unlock a quick switch to ZTNA? If they’re the main educators on the subject of ZTNA, 46% of businesses are at risk of having an unrealistic zero trust strategy.
So what is an SMB to do? Should they simply hire a blend of vendors and hope for the best?
That seems to be the strategy of some businesses. According to Gartner: “Organizations typically start by evaluating ZTNA vendor capabilities and ignore the broader alignment to strategy and use cases. In doing so, organizations tend to run into implementation roadblocks due to configuration challenges or because selecting a suboptimal ZTNA offering competes with a converged platform.”
However, all hope is not lost. We’ve got some recommendations for how businesses can address these trends in our recent webinar with ESG, as well as complimentary access to a Gartner report that we believe will help you choose the right ZTNA offering. We’ve also compiled a few tips from experts to help SMBs get started on their ZTNA journey.
Many businesses start on their ZTNA journey by evaluating vendors — but before you choose a vendor there are a few things to consider. You’ll need to have a full understanding of not only why you plan to implement ZTNA, but which assets you need to protect the most. When it comes to getting started, Gartner has three key factors to consider.
Start with strategy. You’ll want to look at your overall strategy for cybersecurity and network security, not just at ZTNA. Understanding how ZTNA fits into the overall strategy and where it can sit within your existing security tools will help you narrow down vendors.
Additionally, understanding and communicating the difference between strategy and tactic should be done at this stage. We also recommend keeping your focus more closely tied to ZTNA vs. zero trust architecture as a whole.
Next, think about your use cases. Are you looking for ZTNA to create more secure remote access for remote and hybrid employees? Are you looking for ZTNA to satisfy some of your more complex compliance requirements, like HIPAA or SOC 2?
Gartner recommends that businesses consider the following four key use cases:
Download the Gartner report to read more about the key use cases and technologies to satisfy each.
If any one single vendor claims they have all of the capabilities needed to provide full ZTNA with the flip of a switch (or toggle), run!
(Okay, maybe that was a bit dramatic. At the very least, approach with caution.)
The capabilities of the vendor, or vendors, are often the factor that carries the most weight to many businesses, but it shouldn’t necessarily be the deciding factor. Gartner recommends looking at four key capabilities in ZTNA vendors: visibility and control, platform, connectivity, and dynamic risk scoring (continual risk monitoring).
Additionally, you should look at ease of use. Are the capabilities accessible? Are they hidden behind a paywall? Do you need a team of full time IT admins to manage it? These should all be considered.
Read more about the key capabilities here.
As we mentioned earlier, there are a few key takeaways for SMBs:
When you start to evaluate vendors, you can use the following list of questions to guide your journey:
You can download this checklist, along with our recommendations for vetting a security vendor here:
OpenVPN can help you build the right foundation for your zero trust strategy. Access Server and CloudConnexa can be used to implement a zero trust network access solution that secures your network resources while limiting access to only what is necessary. With features that unify access authentication and manage lateral movement, you’ll have all of the tenets of zero trust out of the box.
Still considering where to start in your zero trust journey? We’ve got you covered. Download a complimentary copy of the Gartner report, How to Select the Right ZTNA Offering, to get started.