Cyber Security

Can "Zero Trust Network Access" (ZTNA) completely replace your legacy VPNs by 2026?

ED Asked by Edward Norton · 28-01-2025
0 upvotes 7,892 views 0 comments
The question

My team is evaluating moving away from our corporate VPN in favor of a ZTNA model like Cloudflare One or Zscaler. I’m worried about the impact on our "legacy" on-prem apps that don't support modern identity protocols. Have you successfully made the switch? How do you handle the "blast radius" if an identity provider like Okta gets compromised while you’re in a Zero Trust setup?

3 answers

0
SH
Answered on 10-04-2025

We finished our VPN retirement project last summer. For the legacy apps, we used a "ZTNA Connector" that acts as a proxy. The user authenticates with their modern IDP, and the connector handles the legacy handshake behind the scenes. Regarding the "Okta compromise" fear—that's why we implemented "Device Posture" checks. Even if an attacker has a valid session token, if they aren't on a company-managed laptop with the latest patches and an active EDR, they get blocked. You have to move the trust from the "network" to a combination of "identity" and "device health."

0
PH
Answered on 15-05-2025

Sharon, did your remote employees complain about the "always-on" monitoring of their devices? Some of our staff are very sensitive about privacy when working from home.

TH 20-06-2025

Philip, we were very transparent. We told them the tool only checks for "Security Vitals" (Is the disk encrypted? Is the firewall on?) and doesn't log their browsing history. We also created a "Privacy Dashboard" where they can see exactly what the security team sees. Once they realized it meant they no longer had to deal with the slow, clunky VPN, most of the complaints disappeared.

0
RE
Answered on 02-07-2025

We use a "Continuous Authentication" model where the session is re-evaluated every 15 minutes based on behavior. If the user's location jumps from NYC to London, it triggers an MFA prompt.

ED 15-07-2025

Behavioral triggers are essential for Zero Trust. It turns security into a moving target for hackers, which is exactly where we need to be in 2025.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session