While many are familiar with the advantages and challenges of VPN for remote user access, many are less familiar with Zero Trust network access (ZTNA). For those who don’t know, ZTNA is the next-generation VPN solution designed for high security and compliance organizations that require high productivity from remote staff.
Because of its security and compliance focus, ZTNA is ideal for industries such as banking. The best way to exemplify the impact of ZTNA in a banking organization is to walk through a day in the life of a banking employee.
Comparing VPN and ZTNA
Bank A and Bank B have both been challenged with enabling a greater number of their employees to work remotely. Both organizations have been able to get some staff working on old systems, but have struggled to balance modern infrastructure and user needs with their security and compliance requirements.
In the past, Bank A has enabled a select number of its high-level executives to work remotely by giving them VPN access into their network and enterprise applications. They are looking to expand VPN access to more users.
Bank B used VPN sparingly as well, but when faced with an expansion in the number of users needing remote access, adopted ZTNA connectivity instead. Both companies are able to allow more individuals to work remotely, but there are some distinct differences.
The VPN Example
Due to the need to create a more flexible work environment for its employees, a loan officer at Bank A has been shifted to working remotely for the next several weeks. At the beginning of the workday this employee starts the VPN client on his laptop and begins to access his email and applications from home. In the background, the VPN client on his device connects with an on-premise appliance to create an encrypted tunnel between his laptop and the office network. The office network is home to several of the applications he accesses through the course of his workday.
As he begins to work he notices that access to his applications is much slower than when he is in the office. As he continues to work, running multiple applications concurrently as he normally does, the lag on his applications slows to a crawl and his work performance suffers over the course of the day.
The reason for this delay resides in the on-premise VPN appliance and its limited ability to serve its new number of concurrent users. The recent shift to more employees working remotely is taxing the VPN appliance and pushing it to the limit of its capacity. In order to expand on its capacity the bank would need to quickly purchase and configure more appliances. These appliances, usually running in the thousands of dollars each, will require weeks of configuration and provide incrementally more capacity but do little to boost the security of its IT infrastructure. Additionally, the purchase of appliances moves the bank in the opposite direction of its other IT initiatives which have moved key services away from the data center and into the cloud.
The ZTNA Example
Bank B has instead chosen to move to ZTNA. ZTNA provides a more secure, flexible and scalable alternative to VPN. Instead of relying on expensive, proprietary appliances housed in data centers, ZTNA relies on public cloud infrastructure which can easily scale to accommodate new users.
So why is ZTNA a better option for banks?
ZTNA is a connectivity solution that grants application access based on a user’s identity and related security policies. Instead of granting access to large network segments where applications reside, ZTNA creates micro-segments that form a direct connection between a user and an application. These micro-segments eliminate the need to backhaul all traffic through an expensive on-premise VPN appliance, eliminating VPN related latencies, and removing the need to add additional on-premise hardware to support additional users.
With ZTNA, Bank B is able to secure access based on policy controls, monitor user activity, and continuously assess risk without deploying user device agents. Users access all applications through a browser-delivered portal and new data center or cloud environments can be added by dropping in low-cost software-defined network nodes into existing infrastructure without requiring a rip and replace of legacy IT investments.
Additionally, the protections of ZTNA make no distinction between a user’s location. On-premise users and remote user connectivity are treated the same, resulting in a consistent application of security policy and user experience across the entire organization.
And while Bank A may continue buying expensive VPN appliances in an attempt to build capacity for peak usage, Bank B’s ZTNA solution requires that they only pay for the capacity they use. When compared to VPN, ZTNA presents a number of advantages:
- Enhanced security posture
- Simplified management
- Ability to easily scale
- Lower costs
- Better user experience
Banking has been one of the last great industries to fully embrace remote work. High compliance and security requirements coupled with preference for face-to-face communications means there has been little desire to enable large swaths of employees to work remote. But as the rising tides of change in both technology and office dynamics have moved the needle on what is required to maintain productivity, many are exploring ways to update their technology to match the needs of its business realties.
ZTNA presents one of those opportunities and provides a future-proof way to improve flexibility and cost structures while increasing security.
Join us for our webcast “Securing a Remote Workforce” as we discuss the benefits of ZTNA for banks and credit unions.