Banyan Security, a leading provider of Zero Trust Network Access (ZTNA) solutions, today revealed new research highlighting organizations’ preferences and hesitations for adopting modern remote access solutions. The independent survey was conducted by Sapio Research and engaged over 400 senior decision makers from mid- to large-sized companies in the U.S. and Canada, who are responsible for IT security and are aware of both virtual private networks (VPN) and ZTNA. The key findings from this study include:
Over half (54%) of VPN owners stated that secure remote access is a priority at this time.
VPN usage is still prevalent among a majority (90%) of security teams who have highlighted cost, time, and difficulty as reasons to not move forward with ZTNA adoption.
Almost all organizations (97%) say that adopting a zero trust model is a priority, with 93% of organizations having committed a budget to enhance their VPN or move toward ZTNA within the next year or two.
More than half (53%) of respondents have already started rolling out zero trust solutions.
Personal Devices and VPNs Do Not Mix
The last two years have shifted how we work, producing a new remote workforce that was essentially created overnight. As highlighted in this study, this has resulted in most workers – in this case 51% of respondents – using a combination of corporate and personal devices to connect to business applications and resources. Personal devices often used by less security-conscious family members. This creates a very risky environment as personal devices are easy targets for threat actors especially since IT teams cannot fully monitor activity on these devices. Additionally, personal devices are often used by other family members – particularly children – which make them even more susceptible to malware and other viruses.
Despite known security issues, VPN usage continues to thrive, with 90% of respondents currently using a VPN in some capacity for secure remote access. When access is permitted on a personal device, it creates a risky situation for not only the user, but the entire organization. VPNs lack many of the application-level access controls and integrated security that are common in ZTNA solutions. As a result, cybercriminals will often target VPNs because a single set of compromised credentials can provide all of the access needed to carry out a data breach, ransomware incident, or other attacks.
Key Drivers for ZTNA
“As this study shows, VPN usage continues to be prevalent, often viewed as ‘good enough’ for remote access among organizations simply because that is what they have always used, What this doesn’t account for is the poor administrative and end user experience, not to mention that on-premises access must be handled with separate, siloed tools. We have plenty of evidence to show that legacy VPNs no longer adequately protect nor provide consistent and easy access to corporate resources for today’s ‘work from anywhere’ workforce.”
Jayanth Gummaraju, CEO & Co-Founder of Banyan Security
A majority of the respondents (97%) stated that adopting a zero trust model is a priority for their organization, where 44% said they have plans to roll out zero trust but are in the early stages, while 53% said they have already begun to roll out zero trust solutions. For organizations who have begun to roll out ZTNA solutions, the survey revealed that secure remote access (48%), improving the end user experience (34%) and eliminating exposure to VPN vulnerabilities (34%) were the top three drivers in their decision to choose ZTNA. Unlike VPNs, ZTNA provides access on a case-by-case basis, which is decided based on user, device, and application-level access and security controls.
What’s Holding VPN Users Back from Making the Switch?
Over two thirds of organizations (69%) believe implementing a ZTNA strategy would require a large undertaking. Aside from the general familiarity and comfortable usage of their traditional VPN solution, organizations stated that cost/budget constraints are the biggest barriers (62%) for VPN users to adopt ZTNA. Thirty percent of VPN owners said that it would be difficult to implement ZTNA infrastructure in their current security environment; however, 82% of respondents stated they would likely implement ZTNA if there was an easily deployable, inexpensive option. Apathy also appears to be one of the biggest barriers preventing VPN owners from adopting ZTNA solutions with 46% of respondents stating that modern, secure remote access is not a priority at this time.
“While it is good to see that awareness of ZTNA solutions amongst IT security professionals continues to grow, the actual implementation of a ZTNA architecture is still considerably low, with just over 17% of respondents having truly begun to roll out a ZTNA strategy,” continued Gummaraju. “As we look toward a future where remote and hybrid work are the standard for most organizations, it’s encouraging to see that IT teams are looking beyond VPNs at more comprehensive zero trust network access solutions.”
The survey was conducted among 410 Senior Decision Makers from mid- to large-sized companies in the U.S. and Canada, who are responsible for IT security and are aware of both VPN and ZTNA. The interviews were conducted online by Sapio Research in April 2022 using an email invitation and an online survey, with results accurate to ± 4.8% at 95% confidence limits.
About Banyan Security
Banyan Security provides secure, zero trust “work from anywhere” access to infrastructure and applications for employees, developers, and third parties without relying on network-centric legacy VPNs. Deep visibility provides actionable insight while continuous authorization with device trust scoring and least privilege access deliver the highest level of protection with a great end user experience. Banyan Security protects tens of thousands of employees across multiple industries, including finance, healthcare, manufacturing, and technology.