The Realities of Modern IT Infrastructures

Zero Trust Network Access (ZTNA) has become a cornerstone in the implementation of Zero Trust Architecture (ZTA), a security framework that assumes no implicit trust, whether inside or outside the network perimeter. ZTNA technology was first introduced in the late 2010s and gained significant traction during the pandemic, primarily as a secure remote access solution. As demand grew in this time, many ZTNA vendors decided for cloud-hosted solutions. That’s why now, there is the misconception of seeing the shift to Universal ZTNA – offering zero-trust access control to all resources, whether on-prem or in the cloud, and regardless of location or device – as an evolution of their service offering.

However, this perspective overlooks the fact that many companies have always operated in hybrid environments, meaning ZTNA should have been designed as universally applicable from the start, making the current shift a correction rather than an evolution. Particularly in sectors like manufacturing, banking, finance, and insurance, where the infrastructure is often a hybrid blend of legacy systems, IoT devices, on-prem solutions, and cloud applications, a one-size-fits-all approach fails to account for the complexity of modern IT environments.

The Complexity of Today’s IT Environments

Modern IT infrastructures are anything but simple. With organizations spread across multiple geographies, departments, and technologies, the network landscape has become a patchwork quilt of on-prem systems, cloud-native applications, IoT devices, and edge technologies. This complexity is particularly prevalent in sectors such as manufacturing, banking, finance, and insurance, where the need for high availability, legacy systems, and a mix of on-prem and cloud resources is even more pronounced.

Take, for example, the manufacturing industry. An enterprise in this field may have mission-critical legacy systems running on on-premise servers that control industrial machines, IoT devices, and SCADA systems, while simultaneously relying on cloud-based apps for things like data analytics, HR, and inventory management. The employees working on these systems – whether they are on-site in a factory or remotely accessing the cloud apps – need a secure, seamless way to access the resources they need without compromising security.

The reality is that businesses can’t just pivot entirely to the cloud without disrupting their existing operations. The idea of universal ZTNA, which assumes that all access and traffic can be secured solely through the cloud, overlooks this hybrid complexity.

The Fallacy of a Cloud-Only ZTNA Solution

A cloud-only ZTNA solution might work for organizations that are fully cloud-native, but that’s an exception rather than the rule. Many businesses are still deeply entrenched in their legacy on-prem infrastructures. A ZTNA solution that assumes a cloud-only approach ignores the critical need to secure access to on-prem systems, legacy applications, and non-cloud resources.

The concept of universal ZTNA implies that all assets and users, regardless of location, can be secured in the same way through the cloud. But this fails to address the reality of today’s hybrid environments, where some systems are cloud-hosted, others are on-prem, and even more may be a combination of both. It's simply not feasible or practical to secure all types of infrastructure the same way.

The Necessity of Hybrid ZTNA Solutions

What organizations truly need is a ZTNA solution that offers flexibility and adaptability, enabling businesses to secure both cloud and on-prem resources in an integrated and seamless manner. This isn’t just about technological compatibility – it’s about understanding the unique challenges posed by hybrid infrastructures.

ZTNA providers need to offer solutions that bridge the gap between on-prem and cloud environments. A true hybrid solution allows companies to extend the Zero Trust model to every edge of the network, whether that's a remote worker accessing cloud-based apps, a supplier accessing on-prem systems, or an employee operating machinery in a factory with legacy equipment.

For example, banks and insurance companies often rely on on-prem legacy systems for highly sensitive data processing, while also adopting cloud technologies for customer-facing applications. Trying to force both types of resources into a universal ZTNA framework, which only focuses on the cloud, not only compromises security but introduces complexity that could hinder business continuity and operational efficiency.

The Importance of Network and Security Expertise

When selecting a ZTNA provider, businesses must consider more than just technology. They need a partner who has a deep understanding of both legacy and modern IT infrastructures, and who can offer consultative support in designing and implementing a Zero Trust strategy that fits their specific needs. This means that a true ZTNA provider must be capable of offering guidance on integrating various security technologies, whether they’re securing legacy systems, IoT devices, or modern cloud apps.

The reality is that ZTNA isn’t just a technology implementation; it’s a journey that involves aligning security with business needs. Having a provider with both the technical expertise and the ability to consult on network and security best practices is crucial for success.

Conclusion

The idea of a universal, cloud-only ZTNA solution doesn't align with the complexities of modern IT infrastructures. Businesses that rely on a combination of legacy systems, IoT, on-prem resources, and cloud technologies need a ZTNA solution that is flexible, adaptable, and holistic. A hybrid approach is essential for enabling secure, Zero Trust access across a diverse range of infrastructure, both on-prem and in the cloud.

ZTNA providers must move beyond the "cloud-only" mindset and embrace the intricacies of hybrid environments. Only then can they offer real value and support businesses on their Zero Trust journey, ensuring the security of all network edges – no matter where they are located.