ZTNA is completely in its infancy,” said Matt Douglas of CBTS. “ZTNA also “forces IT shops to take a close look at how they support work-from-home “ application access. It’s a completely different model. “There were people saying a few years ago that a specific application as opposed to an the VPN client is dead, and that you have to go to environment, in which case you can then move ZTNA,” Douglas continued. “But that’s not what laterally. You can’t move laterally with ZTNA. we’re seeing in the marketplace. One of the main They are two different methodologies to achieve features that customers want in the new SASE the same goal of accessing corporate data. platform is a VPN client. If they’re moving away “ZTNA can be great in a SASE context, but not from the data center, they need cloud security, as a standalone component,” Korn continued. they’re going to move to SD-WAN with a lot of “You still need to have defense-in-depth with Internet connectivity, they’ve got to figure out access controls, policy controls, and behavioral how they’re going to get their work from home monitoring and control. You have to have all people reliably back, and they are not prepared three.” to make a massive shift to ZTNA. They just want a VPN client that’s part of their work from home Traffic must also be prioritized so that latency- and SD-WAN fabric. I think you’re going to see sensitive applications, like Voice over IP (VoIP) providers having both a ZTNA option and a VPN and Virtual Desktop Infrastructure (VDI) can option because there are going to be use cases take priority over traffic that is less dependent for both of them.” on speed. Masergy’s Rich Korn agreed. “VPN in the standard The move to ZTNA is seen as a major undertaking sense provides access to an environment,” he that is not to be taken lightly, especially within said. “ZTNA, as opposed to giving access to an environments where IT teams are running at full environment, gives access only to a specific throttle. It can also be a challenge to integrate application. Think of it as a much more focused SASE in organizations where the security team version of a VPN. It’s still a virtual private tunnel, and networking team are siloed and not able but it goes to to work closely together. Copyright © 2021 AVANT Communications, Inc. AVANT | SASE 6-12 Report | 15
Top SASE Vendors Page 14 Page 16