Why switching from VPNs to ZTNA could protect the public sector

Public sector organisations are often a target for cyber-attacks. From operating vital public services to holding sensitive citizen data, its digital assets must be protected. In recent years there has been an increase of major security breaches – a growing risk according to The National Cyber Security Centre (NCSC).  

This year hackers targeted King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, which led to more than 800 planned operations and 700 outpatient appointments being postponed.  

Local authorities are also frequently targeted. Hackney Council was recently reprimanded after an investigation by the Information Commissioner’s Office (ICO) which found the council “failed to effectively implement sufficient measures” to protect its systems from attack, resulting in a data breach that affected 288,000 residents.  

As the sophistication of these attacks evolve, so must the protection we implement into our most vulnerable services.  

What is ZTNA?  

Zero Trust Network Access (ZTNA) has changed position from a cybersecurity buzzword to an increasingly critical part of modern networking. As IT leaders navigate the complexities of protecting their digital assets in an ever evolving and threatening landscape, ZTNA is emerging as an alternative that offers security, scalability, and an enhanced user experience. 

Virtual Private Networks (VPNs) have long been the go-to solution for remote access, providing users with a route into entire networks and suites of applications. However, this wide-spread access can be a double-edged sword, with the potential for significant security risks if a user’s credentials are compromised.

While ZTNA won’t signal the death of VPNs just yet, many organisations in the public sector are looking to it as a robust, scalable, and secure alternative. ZTNA offers a more granular approach to access control, providing users with access to specific applications rather than entire networks. This fundamental difference not only enhances security, but it also reduces the risk of widespread network breaches. 

Continuous trust verification  

One of the most prominent features of ZTNA is its ability to continuously authorise and authenticate users, ensuring that only those who are legitimate can access specific applications. Unlike VPNs, which grant broad access on initial authentication, ZTNA enforces granular access control by evaluating user profiles and applying appropriate authentication methods.

For critical applications accessed by a select group of users, multi-factor authentication can be enforced, whereas for general applications accessible to all staff, simpler authentication methods can be used.  

This flexibility enhances security without compromising the user experience and significantly improves an organisation’s security posture. By restricting access to single applications, ZTNA minimises the potential attack surface. In the event of a compromise, attackers can only gain access to one application, not the entire network and this contains any potential damage. This is a stark contrast to VPNs, where a single compromised credential can lead to a full-scale network breach. 

Anytime, anywhere user access 

User experience is a big consideration when it comes to adopting any new technology, especially when working with the expansive teams found in organisations such as hospitals or councils. Using single sign-on capabilities, ZTNA allows users to authenticate through platforms like Microsoft Office 365 or Google Suite without needing to remember multiple passwords.

This seamless experience enhances the convenience for users and reduces the likelihood of password fatigue. Unlike VPNs, which often involve clunky connections and frequent disconnections requiring re-authentication. ZTNA provides a smoother, more reliable user experience. With continuous authentication checks almost every 20 seconds, users remain securely connected without any manual intervention. 

A requirements-driven ZTNA strategy 

While ZTNA offers numerous benefits, successful implementation requires careful planning and consideration. IT professionals should consider several key points to ensure a smooth transition.  

Firstly, it’s important to ensure compatibility and integration with existing infrastructure and applications. Assess the ports and protocols that are in place to support this model and if required, update legacy systems or integrate new authentication methods to avoid disruption. Next, consider performance and scalability.

Evaluate the performance of ZTNA solutions under varying workloads to ensure they can scale and accommodate growth. This includes ensuring the chosen solution can handle peak activity without compromising performance.  

It goes without saying that choosing the right ZTNA solution provider is critical. Assessing vendors based on reputation, reliability, and alignment with organisational needs ensures long-term compatibility and support for evolving security requirements.  

Lastly and the key takeaway here, is to ensure the requirements define the solution, not the other way around. For example, you may need to lock down specific web applications, grant secure access to programmes and services across multiple cloud environments or even limit access to third-party contractors. These are all great use cases for a solution like ZTNA.

By letting the requirements define the solution, it ensures that technology implementations like this are purposeful, efficient, and aligned with organisational needs. This not only maximises the value of the investment but also enhances security, compliance, and the user experience. 

Robust and adaptable security   

Today, ZTNA has matured into a critical security model that addresses the limitations of traditional VPNs. By offering granular access control, enhanced security, scalability, and a superior user experience, ZTNA provides a compelling solution for modern organisations. It’s software-driven architecture makes it an attractive commercial offering for organisations of all sizes.  

Unlike VPNs, which often require over-provisioning and substantial upfront investment, ZTNA allows organisations to scale their access solutions as they grow. This eliminates the need for significant initial investment and gives room for a more flexible, pay-as-you-grow model. For organisations with fluctuating or unpredictable user numbers, ZTNA offers a balance of cost efficiency and scalability.  

As the public sector continues to navigate the complexities of digital transformation, adopting a requirements-driven ZTNA strategy will be crucial for organisations aiming to stay ahead of security threats and maintain a robust, resilient network infrastructure. 

Stephen McConnell is Chief Technology Officer at Cloud Gateway, responsible for setting the business’s technical strategy and development of their platform, and has worked with organisations like Lloyds Banking Group, Capita, the Ministry of Justice and BetFred.