en

Zero Trust starts here: why ZTNA is the strategic first move

Zero Trust
IT Transformations
Zero Trust is not an all-or-nothing strategy. Organizations can take a phased approach that delivers tangible value early in the journey. Kicking off Zero Trust with ZTNA—a foundational building block of the Zero Trust model—is a smart first move. It delivers fast security wins, reduces attack surfaces, and improves compliance without disrupting the user experience.
06 August 2025 minute read

Key takeaways about Zero Trust

  • Legacy perimeter-based security no longer fits today’s hybrid, cloud-first reality
  • ZTNA replaces VPNs with identity-based, application-specific access
  • A phased Zero Trust rollout reduces operational disruption while improving security posture
  • ZTNA helps meet compliance requirements such as NIS2 and DORA


      Understanding Zero Trust and the role of ZTNA

      Zero Trust is a modern cybersecurity framework that challenges the outdated assumption that everything inside the network is safe. Built on the principle of "never trust, always verify", it continuously validates user identity, device health and access context, regardless of location. Instead of relying on a static perimeter, Zero Trust enforces least-privilege access dynamically, helping reduce the attack surface, limit lateral movement, and strengthen overall security posture.

      Organizations are turning to Zero Trust in response to two fundamental shifts: the disappearance of the traditional network perimeter and the rise of identity as the new security control point. In practice, this reflects a broader business transformation: cloud-first IT strategies, hybrid workforces, and increased regulatory pressure demand a smarter, more flexible model for managing access and risk.

      ZTNA (Zero Trust Network Access) is one of the foundational components of that model. It's a smart first step because it delivers measurable security improvements quickly, enabling transformation without major architectural overhauls or user disruption. It supports key use cases such as enabling a work-from-anywhere workforce, improving productivity through seamless access, and helping meet evolving compliance demands.

      ZTNA enables secure, identity-based access to applications—whether on-prem or in the cloud. It improves governance, supports streamlined access, and simplifies tooling through consolidation. By replacing legacy VPNs with adaptive, least-privilege controls, it boosts security without adding user friction.

      Industry shifts making ZTNA essential




      • The rise of remote work has rendered traditional VPNs obsolete
        VPNs provide broad network access and often struggle with performance, scalability, and security. As organizations adopt hybrid work models, there’s a growing need for application-specific, identity-aware access. This is because traditional VPNs grant broad network access, increasing risk and reducing visibility. In contrast, ZTNA allows precise access control per application and user, better aligning with modern hybrid work models and cloud-first strategies. In fact, 92% of organizations express concerns that VPNs may jeopardize their ability to maintain a secure environment [1].

      • Compliance demands are intensifying across industries
        Regulations such as NIS2, DORA, and GDPR now require organizations to demonstrate strong access controls, visibility, and auditing capabilities. ZTNA helps organizations align with these requirements by:
        o Enforcing least-privilege access
        o Providing detailed access logs for audit readiness
        o Centralizing controls to simplify compliance reporting

        These capabilities make it easier to meet and demonstrate adherence to regulatory frameworks. In line with this trend, 80% of security leaders are pursuing vendor consolidation strategies to streamline compliance efforts and reduce complexity [2]. ZTNA supports this by replacing fragmented remote access tools with a single, identity-driven platform that simplifies control and compliance.
      • Identity is the new perimeter 
        As users access resources from anywhere, identity has become the foundational element of security. ZTNA enables dynamic access decisions based on user identity, role, device posture, and behavior, providing more precise control than traditional network-based models. Gartner highlights that misuse of credentials remains one of the most common attack vectors, reinforcing the importance of identity-centric controls [3]. By tying access strictly to verified identity, role, and device context, identity-centric controls prevent unauthorized access even when credentials are stolen, reducing the risk of lateral movement and privilege escalation.

      • Security must be continuous and adaptive
        Threats evolve rapidly, exploiting even minor security gaps in seconds. Static policies can’t keep up—access decisions must adapt in real time based on changing risk signals, user behavior, and threat intelligence. This adaptive access control allows organizations to align user privileges with evolving threats and compliance needs while helping mitigate insider threats and lateral attack movement. Gartner has identified Identity Threat Detection and Response (ITDR) as a key strategy in enabling this level of continuous security posture management [4].


      The future of security with Zero Trust


      Zero Trust is a continuous journey, not a one-time deployment. Kicking off with ZTNA creates momentum, strengthens your foundation, and sets the stage for broader transformation. It enables secure, scalable access and reduces exposure while keeping your workforce productive. If you’re serious about modernizing your security posture, ZTNA is where that journey begins.


      Sources:
      1. https://www.cybersecurity-insiders.com/2024-vpn-risk-report-hpe/
      2. https://www.cybersecuritydive.com/news/security-risk-management-trends-gartner/608452/
      3. https://www.gartner.com/en/newsroom/press-releases/2022-03-07-gartner-identifies-top-security-and-risk-management-trends-for-2022
      4. https://www.gartner.com/en/newsroom/press-releases/2022-03-07-gartner-identifies-top-security-and-risk-management-trends-for-2022





        Maarten Vervoorn CTO