3 Tips for Getting Your ZTNA Project Funded

binary code flowing through space picture id165615911

Most IT experts embrace the idea of the zero-trust security model. Almost everybody agrees that the zero-trust principles of ongoing verification of users and devices, creation of small zones of control, and granting minimal access to users and devices improves an organization's security.

In fact, a recent Fortinet survey confirmed that organizations understand the benefits of zero trust. Respondents rated "security across the entire digital attack surface," followed closely by a "better user experience for remote work (VPN)" as the two most significant benefits of zero trust.

Zero Trust Network Access (ZTNA) is the evolution of VPN remote access, bringing the zero-trust model to application access. It simplifies secure remote connectivity with seamless access to applications no matter where the user or the application may be located.

Zero trust sound great, so why isn't everybody doing it? Not surprisingly the biggest factors slowing down the adoption of ZTNA come down to money, internal politics, and time.

Budget constraints often push back adoption of new technology. In this case, an organization might back-burner ZTNA because their current VPN solutions are “good enough.” If what you have is working to some degree, it makes it easier to put off funding new a remote access option, no matter how much better it may be.

Organizational hierarchies, politics, and silos may be another reason ZTNA implementation falls by the wayside. Many of the perceived benefits of ZTNA fall into the security operations center (SOC) side of the organization, whereas the remote access and VPN ownership is typically on the network side. Depending on your org chart, the VP of infrastructure may be in charge of rolling out a ZTNA project, even though the CISO is the person who cares most about the risk reduction benefits and security benefits that ZTNA brings to the table. We’ve seen this same struggle with implementing a secure SD-WAN solution, where the networking team cares about the networking benefits SD-WAN brings to the table, but implementing the solution requires a very hard look at your security infrastructure and strategy to support it.

The implementation of ZTNA itself may also be a stumbling block. Depending on the solution, the requirements for enabling ZTNA can be considerable. Some cloud-based ZTNA solutions require significant changes to how the organization is structured and how applications are presented. A firewall-based client-initiated ZTNA solution on the other hand works whether users are accessing cloud-based or on-premises resources, so the ZTNA experience is seamless. Users launch the app they want to access and a client-based agent works in the background to connect securely. From an IT standpoint, firewall-based solutions simplify the ZTNA rollout because the changes can be incorporated incrementally without disruption to users.

Get Your Project Funded

Although all of these issues can seem overwhelming, they aren't insurmountable. The trick is in how ZTNA is presented. Here are three tips for improving the odds your ZTNA project gets funded.

1. Address concerns early

In sales, there's a tendency to assume that everyone makes purchasing decisions based on cost, and that the lowest price always wins. But that's not necessarily the case with technology. Many decisions come down to one fundamental question, "Can we deploy it successfully?" Understaffed organizations already overwhelmed with projects may look despairingly at ZTNA as yet another thing they have to get to work within an already complex networking environment. In fact, in the Fortinet zero-trust survey, more than 80% of respondents felt that implementing a zero-trust strategy across an extended network wasn't going to be easy. Most of them (60%) reported it would be moderately or very difficult, and another 21% said it would be extremely difficult.

These concerns are certainly valid. The first step is to do your research and find a solution that’s integrated by design, so it is easier to deploy, configure, and maintain. Taking a piecemeal approach to zero trust can leave security gaps and can be expensive and cumbersome to manage. But with tightly integrated products, it's easier to identify and classify all of the users and devices that seek network and application access, assess their state of compliance with internal security policies, automatically assign them to zones of control, and continuously monitor them, both on and off the network.

The user experience with ZTNA is also better than with a VPN. Explaining that ZTNA can actually save staff time and make remote users more productive can go a long way toward getting the project funded.

2. Focus on hybrid work

If your organization is looking at having a hybrid workforce that spends part of their time in the office and part of it working remotely, this is the perfect justification for ZTNA. By design, ZTNA provides the same security no matter where someone is located, which turns "work from anywhere" into a reality.

IT departments that are struggling to get funding can work around lack of budget by pitching ZTNA as a solution to the new hybrid workforce scenario. Because hybrid work is a recognized need for organizations, they can leverage that program as a means of securing funding for ZTNA.

3. Plan the transition

Moving to ZTNA should be done carefully and deliberately, so it doesn't risk employee productivity or innovation. The solution you select can have a big impact on implementation, so choose wisely. Some ZTNA agents are completely separate from the existing solution, such as a VPN. It's much easier if you have the same agent for both VPN and ZTNA because it simplifies deployment. The organization can use their existing VPN technology and transition over to ZTNA in a very controlled, measured fashion by doing it on one application or one part of the organization at a time.

Partner for Success

With any IT project, you never want to be turning off services and angering users who can't get their work done, so your solution choices are critical. Working with the right vendor helps you justify the funding and ensure the success of your ZTNA project. The old saying that you need to crawl before you walk, and walk before you run, applies here. Ideally, you want a solution that lets you deploy and roll out ZTNA in a controlled safe way so the organization can continue to operate at full capacity throughout the transition.

Discover how Fortinet’s Zero-Trust Access framework allows organizations to identify, authenticate, and monitor users and devices on and off the network.


Copyright © 2022 IDG Communications, Inc.