In the not-too-distant past, applications were overwhelmingly hosted on-premises. Typically, this meant resources hosted on purpose-built appliances or on hardware running Linux or Windows servers. As cloud technology matured, a growing number of organizations began virtualizing installations, shifting resources gradually to private cloud providers like Azure or AWS.
This then accelerated into full SaaS products, which although were initially met with some apprehension, by 2020 almost every industry has chosen to adopt at least some SaaS solutions. These are platforms hosted by the provider, with users accessing vendor-hosted resources via the public web.
The dream is supposedly a march on the cloud, be it private or public, and adoption will be widespread and almost instant. The reality, however, is much more complicated. As of late 2019, only 2% of organizations had completed the shift entirely. Navigating regulation, upgrading solutions and simply having enough resource to make it happen each present a challenge, and even without these there remains a significant lack of appetite to shift away from on-premise strategies in many sectors.
VPN and beyond
VPN technologies were originally built to support this world of primarily on-premise resources. Many evolved to adjust to the growing number of applications put in the private cloud, while CASB emerged as a sophisticated way to manage access to SaaS resources. Now, categories of products called software defined perimeters (SDP) or zero trust network access (ZTNA) promise to deliver functionality that allow organizations to secure the enterprise no matter where their applications reside.
In late March 2020, Gartner published Solving the Challenges of Modern Remote Access by Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne, in it, it provides guidance to I&O leaders looking to modernize their remote access solutions, including a framework and decision tree for figuring out which type of product is the best fit for your organization.
What the experts say
Our summary of the advice in the report is that any organization still using a blend of different hosting options for its enterprise resources should use both a VPN and a ZTNA solution. Making the transition to cloud is difficult, and IT departments need solutions that fit the business’s requirements today, but also scale to the increasingly zero-trust oriented needs of tomorrow.
On-premises and IaaS-hosted applications might require a combination of on-premises VPN and ZTNA or cloud-hosted VPN gateway.Gartner, “Solving the Challenges of Modern Remote Access,” 25 March 2020, Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne.
With the overwhelming majority of enterprises yet to completely migrate to the cloud, needing both a VPN and an SDP/ZTNA for the next few years is a sentiment repeated widely across the industry. Quadrant Knowledge Solutions puts it succinctly in its paper Market Insights: Software Defined Perimeter (SDP) for Zero Trust Network Security, stating that “ver the near-term, the majority of SDP deployments will co-exist with VPN to provide end to end access security.”
In June, Gartner published another document titled Market Guide for Zero Trust Network Access (ZTNA) by Steve Riley, Neil MacDonald and Lawrence Orans. The opening sentence of the report begins with ‘ZTNA augments traditional VPN technologies for application access’, underlining the reality that very few organizations are ready to move away from VPN entirely, but to start applying the principles of zero trust more gradually.
Although VPN replacement is a common driver for its adoption, ZTNAs rarely replace VPN completely.Market Guide for Zero Trust Network Access (ZTNA) by Steve Riley, Neil MacDonald and Lawrence Orans
NetMotion is the only major ZTNA provider that includes a VPN as part of the same platform. That means one client, one console and one policy engine – overcoming the nightmare of having to manage two separate remote access solutions simultaneously. It’s a strategy that IDC calls out as especially attractive to any organization seeking to start evolving from VPN requirements, writing in a vendor profile that “NetMotion gives businesses a software-defined perimeter solution that can grow with them as they evolve toward zero trust situations.”