Remote access has gone from edge case to default in most organisations. The way that access gets delivered, however, varies wildly. Some businesses still rely on traditional VPNs that grant network-level connectivity. Others have moved to zero trust network access.
VPNs Are Not What They Used to Be
Traditional VPN concentrators served a clear purpose when staff worked in offices and remote access was occasional. Today, that same model creates problems. A compromised device gets the same network-level access as the legitimate user, and lateral movement begins immediately.
Zero Trust Network Access Reframes the Problem
ZTNA inverts the traditional model. Rather than placing the user on the network, it brokers individual application connections through an identity-aware proxy. Each request gets evaluated against policy, including device posture, user identity, application sensitivity.
Expert Commentary
Name: William Fieldhouse
Title: Director of Aardwolf Security Ltd
“Many of my clients are mid-migration from VPN to ZTNA, with both running side by side for an extended period. The mid-migration state is often the riskiest part.”
Device Posture Matters More Than People Realise
Both VPN and ZTNA can incorporate device posture checks. A laptop with disabled antivirus or an outdated operating system should not have the same access as a fully managed corporate device.
Authentication Cannot Be an Afterthought
Whether you use VPN or ZTNA, the authentication layer is where most attacks land. Phish-resistant authentication using FIDO2 or platform credentials raises the bar substantially.
Logging and Detection Specific to Remote Access
Watch for impossible travel, unusual access times, and connections from regions where you have no staff. Most VPN and ZTNA products produce excellent logs out of the box, but few organisations set up the alerting that turns those logs into actionable intelligence.
Building the Right Stack
If you still rely entirely on a traditional VPN, consider whether ZTNA would reduce your exposure for high-value applications without forcing a complete migration. Remote access is too important to leave to default settings.
