The ZTNA Evolution – My Journey

As many of you know, I was an early adopter of Zero trust Network Access (ZTNA) while working in my previous role, which led me to work at Axis today. As our contract was coming up for renewal, I did what all IT folks do and went out on the market to see what had changed during our contract period and to see if anything existed that was better. 

The pandemic had led to a significant amount of innovation and evolution in the ZTNA market. To ensure I could make the best use of my time I made a requirements list of the things I wanted to have in the new product that the old product lacked, or that we had difficulties with. I used this as my basis when speaking to each of the vendors, dived into their technology, looked at some demos, and ticked off my requirements.

One of the things I wanted to avoid and made it to the top of the priority list was not having to use multiple user interfaces for the different parts of what I felt was a single product. I didn’t want to go to one place for remote access and another for the Secure Web Gateway. Having multiple user interfaces made it confusing for the IT team, as they had to navigate through different windows to access the information they needed. 

In fact, it made it impossible for the product team to hand it to the business-as-usual team because it was very easy to forget where you had to go to do which administration or troubleshooting task. This led to decreased efficiency and productivity, as everyone had to spend time searching for the right portal to make the right changes and in some cases, they had to make changes in multiple places before it would take effect. I wanted to remove as much complexity as possible and keep things simple.

Another thing that made it high up the list was wanting to avoid the product being sat on top of multiple data lakes. Having multiple data lakes led to lots of data fragmentation, which made it difficult for us to have a unified view of our security posture. This led to increased risk, as we did not have complete visibility into all of the security-related data across user access. It also made it difficult to automate any processes and share information between the IT and security teams. This led to duplication of effort, as the different teams ended up performing the same tasks multiple times, leading to decreased efficiency and increased costs.

Server-initiated flows were also on my requirements list. I needed to ensure that patches could be pushed from our patching server and this was an outbound flow instead of an inbound connection. This was a limitation with the current product which meant that we had to publish our patching server to the internet to push patches which actually added additional risk and was a step backward from our previous VPN solution. We either had to take this risk or stick with a traditional VPN for this use case.

A better agentless offering also made it onto the list. Being a manufacturing company we had contractors and 3^rd parties who needed access to our systems and although we could configure some access via a web browser it was very complicated, unstable, difficult to configure, and very limited on what applications were available. In many cases, we still had to get these users to install agents on their devices to give them the access they required so I needed a much wider range of ports and protocols available agentless in any new tool I decided to purchase.

Another thing I thought about for my requirements list was making sure the solutions within the platform were resilient and redundant and offered the best user experience. The current vendor sent secure web gateway traffic to one set of POPs and ZTNA traffic to another set of POPs that  were hosted in their own data centers on their own hardware. I wanted to find a solution that could easily expand and could use the power of cloud routing to ensure access to applications had the least possible latency but was also clever enough to switch paths if the routes being taken slowed down.

As I went out to the market and did my research and started to complete my requirements list I realized that there was only one vendor that met all these needs and had green ticks on the list of my requirements and that was Axis. I was so excited by what they were doing with their product, and the team was so friendly when I spoke to them, I ended up transitioning to the dark side!

Maybe you can relate to my story or maybe you’re not sure what to do next? If so I recommend a couple of things:

• Grab a (virtual) coffee with me! I would be happy to connect and hear more about the challenges you may be facing and provide recommendations for your business.

• If you’re considering a VPN alternative, check out this VPN Back Back Program from Axis. See if you qualify to get paid as you adopt a modern ZTNA solution.