With remote working here to stay, companies must have secure ways for remote workers to access internal network resources like applications, databases, and servers. Traditionally, this is done with a virtual private network (VPN) (opens in new tab), but zero trust network access (ZTNA) solutions are becoming more common.
In this ZTNA vs VPN comparison, we look at the main differences between the two approaches, including their features, performance, and customer support, so you can decide which is best for your business.
VPNs enable workers to remotely access resources on the company network as if they were on a device physically connected to the network. However, offering remote users complete access to all resources on a company network is a security risk.
ZTNA solutions also provide remote access to resources, but they have more restrictive and customizable user authentication. The best ZTNA solutions (opens in new tab) make the remote use of company resources more secure and make it easier for employees to access them.
(opens in new tab)ZTNA vs VPN: Features
VPNs and ZTNA remote access solutions have much crossover when it comes to features. We can consider ZTNA as evolved VPNs, extending the features of VPNs while fixing some of their inherent security weaknesses.
Trust model
VPNs largely work on the assumption that any user and device connected to the local company network is trusted. These trusted devices can access all the other devices and applications on the network. When you connect remotely through a VPN, your device becomes another one of these trusted devices.
ZTNA is based on the Zero Trust security model, which works on a “never trust, always verify” basis. Whether a user is connecting from a local computer or a remote one, this model always authenticates the user and device each time they make a new request. This is fundamentally more secure than the basic VPN model that would enable a compromised remote machine to access the entire internal network.
Access model
VPNs work on the network level and only have visibility of the low-level network traffic being sent back and forth. While you can set up rules for which parts of your network will be accessible and to whom with some VPNs, you can’t set up very advanced rules because VPNs don’t know much about the applications users are accessing.
ZTNA is different in that it works on the application level. Users are not given access to networks—instead, they only have access to the specific applications they are authorized to use. This makes ZTNA much more secure than basic VPNs. Even malicious users would only be able to do a limited amount of damage if they gained access to the network.
Authentication
ZTNA has a much more robust authentication system than VPNs. VPNs often just require a username and password to connect, and then the remote user has complete access to the network.
In contrast, every request on a ZTNA infrastructure first goes through a trust broker. The trust broker checks that the user is who they say they are, that they have the right to make the request they are making, and that there are no red flags in their security.
ZTNA can deny requests if the remote computer doesn’t have the latest security updates or malware is detected, for example. This cuts down on the chance of a compromised remote computer being used to access sensitive company data.
ZTNA vs VPN: Performance
Speed
ZTNA can be significantly faster than VPNs. This is because ZTNA allows authenticated users to connect directly to applications instead of requiring all traffic to be sent through a central point in a corporate data center. The user first validates with the trust broker, then they’re able to directly access the resources they need without having to transmit all data through a VPN.
Another significant advantage of a ZTNA approach is that the resources users access don’t need to be on your local corporate network at all—they can be on the cloud. The trust broker authenticates the user, who is then given access to the cloud-based resource. Having your resources on the cloud allows for massive scalability and improved speeds.
Ease of Use
Accessing company resources through a VPN requires the download and setup of a VPN client. The employee must also remember to connect to the VPN each time they want to use these resources, and this is especially annoying if they need to use different VPNs for different aspects of their job.
When set up correctly, ZTNA doesn’t require a separate program to be run in the background. As long as the user authenticates themselves, they simply run the company application they want to from wherever they are. From the user’s point of view, this is much more straightforward and convenient.
ZTNA vs VPN: Support
While VPN and ZTNA providers all offer some level of customer support, ZTNA solution companies provide more hands-on support overall. ZTNA is more focused on enterprise-level security for larger companies, whereas VPNs are often used on a smaller scale or for personal use.
ZTNA cybersecurity experience platform Perimeter 81 (opens in new tab) offers 24/7 phone, chat, and email support to enterprise clients, alongside a dedicated customer success manager and self-service knowledge base. Most business VPN providers don’t match this level of support.
ZTNA vs VPN: Pricing and plans
The cost of ZTNA and VPN solutions depends on which service you choose, whether you buy a monthly or annual plan, and what kind of features you’re looking for.
On average, ZTNA solutions cost anywhere from $2 to $12 per user per month, though some enterprise plans may cost more or require custom pricing. VPNs generally cost anywhere from $2 to $15 per month. With either solution, you can save money by paying annually instead of monthly.
Some VPNs are free, but we’d only recommend these for small businesses or personal use. Aside from being loaded with ads, the free solutions often aren’t as robust and may have slower speeds than their paid counterparts.
Likewise, some ZTNA providers offer free starter plans for individuals and small businesses. However, these plans only offer a minimum amount of security and often have limits on how many locations they can be used from.
ZTNA vs VPN: Verdict
A VPN solution is one of the simplest ways to enable remote workers to access resources on your company network. We continue to recommend VPNs for small businesses that have only a few employees because they’re relatively easy to put into place.
However, ZTNA solutions are the clear winner for larger companies with multiple different resources that need to be shared remotely. ZTNA’s application-based access model solves the problem of users getting access to resources they shouldn’t have access to. Furthermore, the “never trust, always verify” approach ensures all requests, local or remote, are authorized. And, once ZTNA is fully implemented in your business, it’s even easier for employees to use than a VPN.
