In its newly released “Hype Cycle™ for Workload and Network Security,” Gartner identifies zero trust as “shaping the architectural approach for many organizations in the wake of government guidance and the constant onslaught and effectiveness of attacks.”1 Zero Trust Network Access (ZTNA), an architectural aspect of the Zero Trust concept, was positioned in the latest Hype Cycle to become mainstream in the next two to five years.
Stakeholders who follow cybersecurity market sentiment and trends will not find this prediction surprising. A series of significant changes in networking and security global usage requirements, including the shift to remote work, increasing cloudification of applications and infrastructure, and large-scale ransomware attacks – to name just a few – cannot be ignored by the industry or expected to merely blow over.
Instead, organizations are demanding a more modern approach in the form of technological solutions for the new needs of their teams. Zero trust is emerging as one of the leading strategies, boosted by President Biden’s May 2021 Presidential Cybersecurity Executive Order directing the implementation of zero trust across the U.S. Federal Government.
So, what’s next for zero trust and for organizations striving to implement ZTNA?
In the 2022 Gartner® “Market Guide for Zero Trust Network Access,” released earlier this year, analysts Aaron McQuaid, Neil MacDonald, John Watts and Shilpi Handa provide a comprehensive overview of the ZTNA market as well as market recommendations. This blog will provide highlights of this report, from the market definition through a market analysis, and all the way to the next recommended steps.
What is ZTNA? A Brief Intro
Gartner defines zero trust network access (ZTNA) as “products and services that create an identity- and context-based, logical-access boundary that encompass an enterprise user and an internally hosted application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access, and minimizes lateral movement elsewhere in the network. ZTNA removes excessive implicit trust that often accompanies other forms of application access, such as legacy VPN.”2
Unlike traditional access solutions, ZTNA restricts access unless a user’s identity, context and policy adherence is verified. ZTNA solutions also minimize the possibility for lateral movement inside the network.
The ZTNA Market: Where We Are and Where We’re Going
According to Gartner, “the ZTNA market has evolved from primarily being a VPN replacement to a key component of a standardized architecture for (remote and small branch) user to application zero trust networking.”
In the future, Gartner expects the ZTNA market to grow at a rate of 60% YoY. To achieve the most comprehensive security solution, ZTNA can be combined with SWG, DLP and CASB offerings, or alongside an SSE or SASE solution.
Why ZTNA? Benefits and Uses
There’s good reason for ZTNA’s popularity. ZTNA provides immediate security benefits to organizations, which according to Gartner, include:
- “Contextual, risk-based and least privilege access to applications (not networks)” when compared to legacy network-level VPN access.”
- “Services are no longer visible on the public internet and are thus shielded from attackers” when compared to applications exposed in DMZs.”
- “Significant benefits in user experience, agility, adaptability and ease of policy management.”
- “Scalability and ease of adoption” for cloud-based ZTNA offerings.
- Finally, “ZTNA enables digital business transformation scenarios that are ill-suited to legacy access approaches. As a result of digital transformation efforts, most enterprises will have more applications, services and data outside of their borders than inside.”
ZTNA is best used for the following capabilities:
- Opening applications and services access to specific ecosystem members, like third parties and supply chain vendors
- Providing application-specific access to remote employees
- Deriving user identity and context based on user behaviour Encrypting traffic from the endpoint to the ZTNA gateway
- Extending access during M&A activities
- Application isolation in the network to reduce insider threats
- Enabling BYOD by authenticating users on personal devices
These use cases provide organizations with the flexibility and agility they need to scale. Whether the primary task at hand is to enable employees to work remotely, easily open up new branches across the globe, work confidently with external suppliers, or acquire other companies, ZTNA provides continuous, seamless connectivity to any user. In addition, traffic is secured to prevent external or internal attackers from exploiting this connectivity.
Is ZTNA the security and networking silver bullet? As with all solutions, no – and ZTNA providers carry their own risks. Therefore, it is important to choose a vendor that also provides the following:
- Cloud infrastructure redundancy, in case of a public cloud service downtime.
- A zero trust provider that does not hold on to the company’s sensitive information.
- A zero trust provider that supports legacy applications, like OT.
- A provider that uses MFA.
What’s Next for Enterprise Security?
The significant changes in networking and security require a mindset shift and an architectural change, and Gartner recommends not remaining at a standstill. According to Gartner, “given the significant risk that the public internet represents — and the attractiveness of compromising internet-exposed systems to gain a foothold in enterprise systems — enterprises need to consider isolating digital business services from visibility by the public internet.
ZTNA cloaks services from discovery and reconnaissance and erects true, identity-based barriers that are proving to be more challenging for attackers to circumvent than traditional network level VPNs and firewalls.”
For more recommendations and to read the entire report, click here.
1 Gartner, “Hype Cycle for Workload and Network Security, 2022,” John Watts, Neil MacDonald, 18 July 2022.
2 Gartner, “Market Guide for Zero Trust Network Access”, Aaron McQuaid, Neil MacDonald, John Watts, Shilpi Handa, February 17, 2022.
GARTNER® and Hype Cycle™ are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved .
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.