There are few everyday things more uncomfortably awkward than seeing an acquaintance you haven't seen in a long while, approaching them for a hug or handshake, then getting a fist bump shoved at you instead (“Whoops!”). It's all about alignment; if you both had been on the same page, a much more comfortable greeting would have occurred.

Same thing with IT. When storage, servers, networking, and security services are lined up correctly in any IT system, there's a far better opportunity for workloads to traverse all the hoops they face and get from one place to the next swiftly and safely.

That being said, security – being one of the standard checkpoints in this data-movement progression – is often guilty of causing snags in workflows. These include friction from increased complexity around multifactor authentication (MFA), hassles with password policies, and credentialing for access-control lists (ACLs).

Frequent MFA prompts can disrupt workflows, especially when users need to access multiple applications. Complex password requirements and frequent password changes can be cumbersome. Overly restrictive ACLs can prevent users from accessing necessary resources, hindering their ability to perform tasks.

With the increasing use of zero-trust network access (ZTNA) as a new level of identity security inside cloud-native secure access service edge (SASE) deployments in the last decade, enterprises have seen its value firsthand in daily use cases.

ZTNA, which prescreens all its users, began to achieve significant prominence as organizations sought alternatives to traditional virtual private networks (VPNs) for secure remote access. The concept of zero trust itself has been around for more than a decade, but ZTNA gained widespread attention and adoption during the COVID-19 pandemic, which accelerated the need for secure remote work solutions.

Because it works so seamlessly, ZTNA is fast becoming a standard. As a result, alignment of this security approach – which is brought to the market from SASE companies, who in turn all have their own feature sets – is becoming sought-after to make security more user-friendly for line-of-business users.

Universal ZTNA comes to the front of the room So now the concept of universal ZTNA is coming to the fore, and SASE buyers of SASE are seeing if this will work even better long-term for their enterprises. This is about connecting securely on IT handshakes and fist bumps – even when internet connectivity is lost, for example.

Zscaler describes universal ZTNA as “the use of ZTNA for on-premises and remote users, with no distinction made as to the user’s location. With universal ZTNA users are granted secure access based on the principle of least privilege whether they’re working in the office, at home, or on the road. [Universal] ZTNA can serve as a conduit for digital transformation, giving organizations the best possible framework for zero-trust initiatives.”

ZK Research’s Zeus Kerravala said that while “I do like universal ZTNA,” he added “I'm not sure how it differs that much from just 'ZTNA.'”

“We don't say networking and universal networking,” Kerravala said. “The internet is built on the concept that any device can talk to any other, which is why the internet is so fast. The downside of this is that, if breached, the threat actor has access to every corporate resource. VPNs work on the premise that authenticated devices are trusted. So if a worker VPNs in, they have access to all endpoints. If an IoT device is connected, it can see all other devices on the company network.”

But ZTNA changes all this.

“ZTNA flips the network and enforces least-privilege access where a device cannot connect with any other system unless explicitly (thus previously) allowed,” Kerravala said. “This means a worker that connects via ZTNA will only be able to connect to the apps they use, which is the way it should be. … Universal ZTNA applies these principles across the network to all apps, devices, endpoints, and so on.”

Key advantages of universal ZTNA In a world increasingly reliant on remote access and cloud services, universal ZTNA optimizes data paths at a new high level. Here are some key points regarding its viability.

● Smooth migration from legacy systems: Many universal ZTNA solutions offer features that facilitate the transition from traditional VPNs to more secure zero-trust models. This includes central deployment capabilities through mobile device management (MDM) systems, which can ease the administrative burden during migration.

● Wide coverage of devices: Universal ZTNA solutions are designed to support a range of devices and operating systems, including Windows, MacOS, iOS, Android, and Linux. This flexibility allows organizations to secure both corporate-owned and bring-your-own-device (BYOD) environments, making it a versatile option for diverse workforces.

● High availability and resilience: For universal ZTNA to be effective, it must be designed to eliminate single points of failure and maintain local access control, even when internet connectivity is lost. This resilience is important for ensuring continuous access to resources without compromising security.

● Market demand and adoption: The growing trend toward remote work and cloud services has created a strong demand for universal ZTNA solutions. Organizations are increasingly recognizing the limitations of traditional security models and are looking for more robust alternatives that universal ZTNA provides.

Companies that supply universal ZTNA solutions Several SASE companies offer universal ZTNA capabilities, including Zscaler, Palo Alto Networks, Cato Networks, Netskope, and Fortinet.

Zscaler's SASE platform, Zscaler Zero Trust Exchange, is a cloud-native platform that consolidates multiple security functions into a single solution, including ZTNA.

Palo Alto Networks' Prisma SASE is a cloud-based solution that combines network security, SD-WAN, and autonomous digital experience management, offering ZTNA security for various applications used by a hybrid workforce.

Cato Networks focuses on combining SASE and ZTNA, offering a converged architecture, autonomous artificial intelligence (AI) (AI)-driven operations, a global private cloud network, and unified management and integration.

Netskope's NewEdge SASE platform targets security at the edge, securing cloud data and offering ZTNA capabilities.

Fortinet's FortiSASE solution integrates Fortinet's threat intelligence from FortiGuard Labs and offers proactive security measures across its SASE solution, including ZTNA.

Overall, universal ZTNA can be a viable and effective step for handling increasingly difficult cybersecurity challenges. Its ability to provide comprehensive coverage, enhance security, facilitate migration from legacy systems, and ensure high availability makes it an attractive option for organizations aiming to adopt a zero-trust security model.