VPN vs Zero-Trust Network Access

Lauren Abshire
Director of Content Strategy   United States Cybersecurity Magazine

Virtual Private Networks (VPN) has provided remote workers with privacy while they are connected to a public connection for many years. While zero-trust is newer, it has proven to be quite effective. Especially in an age where remote work continues to increase, as does cyber-attacks. Noticeably, on VPNs. This begs the question, which is more effective at protecting your data? Henceforth, VPN vs zero-trust network access (ZTNA).


A VPN creates a private connection ran by a VPN host through a specially designated server, as opposed to using your Internet Provider. Meaning, data is transmitted through the VPN server rather than your computer. VPNs allow the user to access data from their office(s) network while working remotely.


Zero-trust can be simply understood by the name itself. ZERO. TRUST. The zero-trust network access does not trust anyone, whether inside or outside the network. At least, not by default. Zero-trust was designed to suspect that everyone is an attacker; therefore, zero-trust requires the user to go through authentication, authorization and verification continuously. Zero-trust restricts access to users at almost every turn.

VPN vs Zero-Trust Network Access:


While VPN and zero-trust both aim to provide security for the user (and a company itself) they are practically on opposite ends of the security spectrum. VPNs are utilized to grant access as well as connectivity for the user. While zero-trust (as above mentioned) frequently restricts that access to the user. 

One notable issue with a VPN is that it’s designed to secure the perimeter, so to speak. And if your perimeter is what is being secured, well, you are not protected from an insider threat. If your logon information is stolen by a bad actor, the bad actor has then breached your perimeter and is inside the main house. The bad actor then has free roam of your house and all the sensitive information living there. This can take place in a matter of seconds. A VPN is not continually adapting and suspecting as a zero-trust network does. VPNs can bring in unwanted traffic from a home device, creating a vulnerability, and then send that traffic out again. Moreover, once a bad actor has been authenticated within a VPN, they have all the time in the world to look around your house. And just how many devices do they now have access to?

Zero-trust network access:

With zero-trust network access this bad actor would still be restricted, regardless of stealing the user logon information. Remember, zero-trust does not trust anyone and suspects everyone. Zero-trust has been defined as an end-to-end approach to security. To the perimeter and beyond! With a zero-trust network access an organization can implement specific access control policies, relating directly to the user(s). These policies should only grant enough access to users to complete work-related tasks, and nothing more. If a user on a zero-trust network has a vulnerable device that they are using, the access control policy will prevent the user from accessing the company’s data. A zero-trust network access has several principles it abides by: micro-segmentation, multi-factor authentication (MFA), real-time monitoring and as mentioned above, access control policies. A zero-trust network access can be used and implemented from both inside the workplace and out (remote workers). This, coupled with the principles of zero-trust, ensures that everyone attempting to access the network are authenticated and verified (in real-time).

But which is the best for you?

When comparing VPN vs Zero-Trust Network Access, there are several factors to consider.

VPNs can be considered outdated, especially when taking into consideration that cyber-attacks and the hackers themselves, are continuously evolving. And with a VPN only covering the perimeter methodology, your information can be seriously vulnerable. VPNs were designed over 20 years ago; therefore, VPNs did not account for cloud-based data, again leaving data far more vulnerable. However, zero-trust networks are not technically a technology, but a methodology. Zero-trust network access require several technologies, such as identity and access management (IAM), MFA, and endpoint security, to all work in conjunction with one another. Notably, Gartner predicts that by 2023, 60% of enterprises will phase out most of their VPNs in favor of zero-trust network access. But with many companies on a budget, especially given COVID-19 and the current business climate, reworking their entire network can seem overwhelming. Especially if companies already have a hefty investment in their VPN. Nevertheless, these same companies cannot afford the cost of a cyber-attack, breach or data loss. Perhaps the most practical approach is to find a zero-trust network access that can coincide with the current VPN. The cost of trying to mitigate or fix a breach will pale in comparison to the cost of adding zero-trust network access security to your business. With zero-trust you can rest easy knowing that access to your network will be verified and authenticated, whether from in the office or out.

Lauren Abshire

Tags: , , , , ,