Netskope, a leader in Secure Access Service Edge (SASE), today announced ZTNA Next, the evolution of its award-winning Zero Trust Network Access (ZTNA) solution. Unlike most ZTNA solutions purporting full replacement of legacy VPN technology but missing key support for use cases that would actually meet that promise, ZTNA Next can support all relevant application use cases—including on-premises-hosted VoIP—thanks to integration with the industry’s first fully software-based unified SASE client.
As organizations upgrade security and network infrastructure for hybrid work environments, they seek to replace the various vulnerabilities and limitations of legacy remote access VPNs with modern, efficient ZTNA technology. Legacy remote access VPNs are often vulnerable to cyber attacks, lack key visibility into applications, and struggle with network degradation, leading to poor user experience and forcing organizations into unnecessary trade-offs between security and performance. VPNs also needlessly complicate infrastructure, with most organizations running multiple solutions for security and network performance that don’t integrate with one another and can’t be efficiently managed, adding to the cost and complexity of the technology environment.
ZTNA, as a replacement for VPN, is fundamental to a successful SASE architecture. As more organizations adopt SASE, Gartner® predicts:
- “By 2025, 70% of organizations that implement agent-based zero trust network access (ZTNA) will choose either a secure access service edge (SASE) or security service edge (SSE) provider for ZTNA, rather than a stand-alone offering.
- By 2026, 85% of organizations seeking to procure cloud access security broker, secure web gateway, or zero trust network access offerings will obtain these from a converged solution.
- By 2026, 45% of organizations will prioritize advanced data security features for inspection of data at rest and in motion as a selection criterion for SSE.”
A challenge with many ZTNA solutions today, however, is that they fall short of supporting all key enterprise VPN use cases—far from the 100 percent replacement promised. With ZTNA Next, Netskope solves for that balance by offering converged ZTNA and SD-WAN capabilities delivered as a single solution, no hardware required. In doing so, Netskope can enable the complete retirement—not just partial replacement—of remote access VPN for all relevant application access use cases, while enhancing security posture and boosting remote worker productivity with seamless and optimized application access.
“The idea of fully replacing VPNs with ZTNA has been the utopian promise by industry vendors for years. But the vast majority of commercially available ZTNA solutions today lack key support
Gartner, “Magic Quadrant for Security Service Edge,” Charlie Winckless, Aaron McQuaid, John Watts, Craig Lawson, Thomas Lintemuth, Dale Koeppen. Published 10 April 2023 – ID G00766751. for certain legacy applications that requires server-initiated traffic flow, which forces organizations into a clumsy choice of adopting some ZTNA while maintaining parts of their VPN footprint for legacy applications,” said Naveen Palavalli, Vice President of Products, Netskope. “Today, full VPN retirement is 100 percent achievable using ZTNA Next, with which Netskope can help organizations accelerate ZTNA adoption, drive infrastructure modernization, and boost remote worker productivity. Leveraging the combined power of Netskope Endpoint SD-WAN and Netskope Private Access, customers will gain unparalleled visibility and control over all private application traffic.”
As a result, Netskope ZTNA Next enables organizations to:
- Reduce overall cost and complexity
- Prevent tool sprawl and successfully consolidate separate ZTNA and VPN products into a modern solution using a single agent
- Address legacy application compatibility issues with ZTNA
- Extend the longevity of legacy applications such as on-premises VoIP by optimizing performance over VPN connections
- Leverage AI-driven operations with automated troubleshooting and insights into traffic flows, policy violations, and anomaly detection
- Connect users anywhere, using any device, to corporate resources everywhere, continuously evaluating context and adapting in real time to protect data
“We continue to see ZTNA deployments expand beyond initial rollouts to a subset of users and applications. However, solution limitations have prevented wholesale VPN replacement for most organizations. Maintaining a VPN in any capacity comes with risk, and limits the efficiency and scalability gains offered by cloud-based ZTNA solutions,” said John Grady, Principal Analyst, Cybersecurity, Enterprise Strategy Group. “Netskope understands the challenges of remote connectivity to legacy applications, and with ZTNA Next, has delivered a true next-generation solution that provides a clear path for a remote connectivity transformation while enabling secure access to all applications.”
Netskope ZTNA is a key component of Netskope Intelligent SSE. Netskope was recently named as a Leader in the 2023 Gartner Magic Quadrant for Security Service Edge (SSE) for the second year in a row and recognized in the report as “highest in ability to execute” and “furthest in completeness of vision.”
Netskope ZTNA Next will be fully available to customers later this year. Netskope Private Access, along with all Netskope SSE services, will be featured for demonstration at the Netskope booth S842 at RSA Conference, April 24-27 in San Francisco.