For Global companies in the UK & US
Compare the marketFor Global companies in the UK & US
Compare the marketBuild your own personalized ZTNA services shortlist. Compare providers and vendors vs your requirements with the Netify assessment quiz. Simply answer 10 questions to get started.
It takes just few minutes to find DIY & Managed ZTNA services that fit your specific needs across Medium to Large National and Multinational businesses.
Answer a handful of questions and tell us your high level technical and business needs.
Netify logic will immediately match your answers with providers which match your needs.
Netify apply free advisory resources via Zoom or on-site throughout North America and the UK.
ZTNA (Zero Trust Network Access) is an approach to network security and resource access control that assumes no rights are inherently granted to user entities (machine or human). Access rights are determined on a case-by-case basis and applied only for a given task and are revoked after the task has been completed. This determination of whether to grant access or not is determined by a number of factors as defined by security policies, including, but not limited to, level of access requested, access control lists that allow specific users or groups of user’s access to listed tasks without any further consideration, context around the request, location and time of day.
Artificial Intelligence (AI) and Machine Learning (ML) are often deployed to look at all of the available context around access requests and automatically make correlations from the data available to determine if access should be granted or not – and for how long. With solutions like these, there are network, computing, reporting, and audit requirements that need to be managed as well as the configuration and training of the algorithms. That is why it is common for IT teams to outsource the management of these types of network security solutions. Making use of managed services can save on personnel requirements, infrastructure requirements and in-house expert knowledge requirements. The cybersecurity needs are growing faster than the available cybersecurity personnel can fulfill, which contributes to ZTNA solutions having a market worth estimated around $17 million in 2021, and that market is estimated to grow to around $65 million by 2027. A large portion of that spend is being used to procure managed services in order to eliminate the need for more personnel or hardware, and making it simple to layer with other enterprise security solutions.
The use cases for ZTNA are innumerable but one of the most common use cases is moving away from virtual private network (VPN) connectivity solutions which typically grant unnecessarily broad access to private applications and networks. Additionally, implementation of ZTNA to protect individual resources helps move an organization away from the traditional perimeter based security solutions. This is increasingly important due to the expanding remote workforce and adoption of cloud-based services which are often consumed or even deployed outside of the corporate network perimeter.
ZTNA is a crucial layer to a SASE (Secure Access Service Edge) solutions, which is why a lot of organizations are moving toward this approach. Most organizations are moving toward cloud-based SaaS (software-as-a-service) solutions because they are quicker and easier to implement, they can be globally available, and they can be easily integrated with other cloud-based products and services. ZTNA offers a more flexible approach to ensuring that all assets and resources are protected without adding complexities that would otherwise be necessary to keep the entire organization behind a secure perimeter. The early adopters of ZTNA of course include technology companies, as well as regulated industries like financial services and healthcare, where ZTNA serves as a compliance benefit. That said, any organization in any sector with a business model that allows or requires remote access to resources and applications should consider ZTNA in their cybersecurity strategy.
Cloud-managed ZTNA is a popular and effective approach that interests organizations who need to secure a non-homogenous WAN edge in order to enable SASE. Benefits include easy deployment and management, as well as out-of-the-box integration capabilities for disparate products or multi-layer security platforms. Cloud-managed ZTNA will also provide a central location where all access control events can be logged, processed, and analyzed without having to deploy infrastructure internally.
ZTNA is an efficient and effective means of securing access to network resources, and it can simplify the implementation of network security controls for a variety of business cases. ZTNA stands to benefit organizations with growing remote workforces or who are undergoing cloud transformation and rapidly moving toward cloud-based services, which is really most businesses nowadays. These particular applications bring benefits but also cybersecurity threats which need to be mitigated, as well as quickly evolving compliance requirements from regulators around the world.
IT teams should consider the following components when comparing ZTNA services.
Artificial intelligence in managed ZTNA solutions allows the solution to provide more efficient analysis of context to determine if access should be granted, and even configuration automation to detect new access requirements that should be implemented. Detecting threats and hunting persistent threats has become a major focus for AI in general. Context and metadata from ZTNA solutions can support detection and/or threat hunting AI with additional insight to better detect advanced threats.
For organizations that host their own infrastructure in the cloud, managed ZTNA cloud solutions provide the simplest integration and the most out-of-the-box solutions available in this type of environment. This enables organizations to effectively provide zero-trust network access with deep insight and analysis that can support threat detection and response.
With managed ZTNA solutions, organizations have much more flexibility and agility than traditional security solutions that offer ZTNA features, because the provider eases the burden of developing, planning, supporting, and implementing solutions. No one from inside the organization must be involved if that is a requirement. This allows IT and security teams to keep their resources focused on their day jobs.
Managed ZTNA solutions can be delivered in several ways to fit into many types of environments. At the edge, the solutions are usually provided by and managed by the edge connectivity provider. They may deliver a virtual appliance that can be dropped into the organization’s on-premise infrastructure and can managed remotely by the provider. Managed ZTNA can also come as a cloud delivered solution, where customers often find a variety of predefined rules and policy templates that are derived from common use cases. Cloud managed solutions are usually easier to implement and maintain.
As organizations adopt ZTNA, the customer can expect to integrate ZTNA solutions with their SIEM in order to centralize log storage and to ensure that relevant notifications are generated in case of any risky or unusual contextual circumstances related to access that was granted or denied. Using AI or ML for analyzing access events can serve as a force multiplier, but it cannot completely replace human operators. When taking a response action or when AI doesn’t have enough context for high confidence, there will usually need to be an internal or external human resource to review and make decisions based on the information available. When detection and response are delivered as managed services, the customer needs to dictate how to handle these prior to signing any contract as there may be an abundance of requests escalated to them by the service provider that require a human interaction, especially at the beginning of the deployment.
Most ZTNA solutions offer some level of reporting capability, ranging from canned executive summary reports to fully customizable reports. This capability may be supported or replaced by superior reporting capabilities which often accompany a SIEM platform.
Once a solution design has been determined, the provider will deliver whatever resources are required to implement the solution, as well as provide instructions on how the testing will take place to fine-tune the solution to be as efficient as possible while requiring as little human interaction as possible. When implementing a solution that includes AI, this process will include a period for ‘learning’ where normal access activities are being determined and algorithms are being trained.
With out-of-the-box configurations, one can be certain that they are never the same and differ from solution to solution. Because of this, customers must understand what is being provided by the provider they are working with. Some customers are finding that these solutions are largely encompassing of their needs out-of-the-box, and not much effort needs to go into creating new rules during testing. However, this isn’t always the case. There will always be the need for tuning and maintenance throughout the solution’s lifecycle.
Round-the-clock support is a critical component of any managed service offering. Due to the nature of access control, it is crucial that the customer knows that they can get help immediately in case access isn’t granted as expected. Managed services generally have varying levels or tiers for support which may differ based on response time, onsite vs. remote, or contact methods (e-mail, phone, chat, etc.), so it’s important to ensure that the level of support you’re getting aligns with your business requirements before entering into any managed services agreement.
Account management is a large part of ZTNA, as access is determined based on a given account’s entitlements. Therefore, it is important that the customers knows whether it will be the service provider or the customer who onboards, modifies, or disables accounts.
A managed service provider’s service level agreement (SLA) is possibly the most important artefact they will provide to you during the onboarding process. SLAs serve to set expectations for how all issues and incidents’ are handled. The SLA often varies depending on the tier purchased or price paid for ongoing technical support.
Managed ZTNA provides security for organizations that have remote users by analyzing context and metadata and reacting in real-time to grant or deny access to a specific resource for a specific user. This simplifies the protection of corporate network resources and remote users, regardless of their location inside or outside of the network perimeter. Many solutions also allow for automated approval workflows, allowing requests to pass several validations or checks and be approved seamlessly to the user, and without human interaction.
ZTNA provides access to resources, networks and applications based on a given user’s entitlements for that specific resource, network, or application. This is a significant improvement in security to the traditional perimeter security model, where users are trusted completely to access any resource once they’re within the secure perimeter.
ZTNA can be achieved with a do-it-yourself (DIY) approach, or it can be acquired as a service from a provider. Managed solutions are delivered and supported by a service provider, while DIY solutions are comprised of various network security tools which may be purchased or developed, implemented, and supported by a customer’s internal security team.
ZTNA is a vital part of the SASE (Secure Access Security Edge) because ZTNA ensures the security of resources and infrastructure by controlling access everywhere, including the edge. ZTNA is also enabled by SASE, because many of the components which comprise SASE, like secure gateways, proxies, and identity and access management solutions, are necessary in order to implement access control which is consistent with zero trust principles.
Consider the items below when creating your vendor shortlist.
The ZTNA market recently (2020) was valued around $20 billion and is expected to be valued around $50 billion by 2028. The market growth is substantial and currently, it is estimated that market adoption will grow substantially for the foreseeable future at around 15.5% year-over-year.
(measured in billions USD)
Netify assessments are free to use, answer 10 questions to begin finding your perfect SD WAN or Cybersecurity solution.
