Socwise logo
close
Norbert Bedő
08/28/2025

Taking Zero Trust to the Next Level: How ZTNA Replaces VPN?

Norbert Bedő
VPNs are no longer enough. Learn how HPE Aruba Zero Trust Network Access delivers granular control, full visibility, and a better user experience—while reducing costs and boosting corporate security in the cloud era.

Corporate IT security is undergoing unprecedented change. The working environment, the rise of cloud services, and the spread of hybrid working have fundamentally reshaped the risk landscape. The classic security perimeter has virtually disappeared: employees work from home, external partners and subcontractors use their own devices, and companies increasingly work from the cloud. In this world, previous basic solutions, including VPN, are no longer sufficient. The number of attacks is growing dramatically, VPN monitoring and related security solutions have become more complex, and the user experience is poor.

The answer is an increasingly widespread security model: Zero Trust Network Access (ZTNA), offered by HPE Aruba with a modern, cloud-based, and scalable approach. The solution is not just a simple technological change, but a shift in mindset: no one is trusted until proven otherwise and only those who have been explicitly granted rights have access to resources.

Why is VPN no longer sufficient?

VPNs have been a key tool for remote working, especially during the Covid pandemic, when suddenly everyone started working from home. However, their use carries serious security risks. Once a user logs in, the entire corporate network becomes accessible to them – and, potentially, to an attacker. Regulating/restricting access requires separate policies and, in some cases, the use of additional security solutions. This "all or nothing" logic makes VPNs an easy target: during the pandemic, the number of VPN breaches exploiting known vulnerabilities increased fifteenfold.

Operation is also problematic. In a large enterprise environment, separate VPN concentrators must be installed on every continent, and it is up to users to decide where to connect, so they often access resources via detours and slow connections. This not only compromises security, but also degrades performance and the employee experience.

Hungarian practice is not immune to problems either: a medium-sized company was hit by a classic ransomware attack, during which the attackers knew from VPN logs that the system administrators would not be monitoring the network over the weekend. Through slow, persistent work, they gained access, mapped out the file servers and backup systems, and then encrypted all the data and deleted the tape backups over the long weekend. The ransom demand reached one billion Hungarian forints—exactly matching the average annual data breach cost of five million dollars published by IBM.

The Zero Trust principle: "no one is trusted"

ZTNA breaks with the basic logic of VPN. Instead of giving all logged-in users open network access, it only makes the necessary applications and resources available through a web portal. Network connections are always built from the so-called connectors in the network outwards towards the cloud service, so the firewall remains closed to external traffic in the inward direction.

This "upside-down world" requires a fundamentally different way of thinking: employees, subcontractors, or maintenance personnel can only access designated resources via a secure web portal after multi-factor authentication, and nothing else. All access is rule-based and can be tracked precisely.

HPE Aruba ZTNA: More than just access

HPE Aruba's ZTNA solution not only replaces VPN, but also gives companies much broader functionality.

  • Unified client program: Available on Windows, Linux, macOS, and mobile devices. The client automatically measures which major cloud provider (e.g., AWS, Azure, Google, Oracle) has the best route and always chooses that one.
  • Web access without a client: occasional partners can access the systems they are authorized to use from a browser via a secure portal.
  • Secure Web Gateway integration: the client allows all Internet traffic to pass through the company's rules system, blocking access to risky sites.
  • Cloud Access Security Broker (CASB): the system can detect and block attempts by employees to upload company files to Dropbox, for example. It recognizes more than 10,000 cloud services and is updated daily.
  • Malware protection: the cloud sandbox can run and check suspicious files even at the moment of download.
  • Digital Experience Monitoring: measures in real time how quickly users access resources, giving the company an accurate picture of the efficiency of hybrid working.

SD-WAN integration and cost reduction

ZTNA becomes truly powerful when combined with an SD-WAN solution. Through integration, traffic passes through the same security rules at every point, regardless of whether it originates from the office or home. Even WAN or Internet traffic from devices that cannot run clients from an SD-WAN network, such as IoT devices, can be controlled with central rules.

The benefits of SD-WAN automation are clear: for example, an international clothing chain switched 40 stores to Aruba ZTNA and SD-WAN in just one week, with only five IT staff. This not only means fast deployment, but also 50-90% savings on line charges, as high quality is guaranteed even with a few parallel internet connections instead of traditional leased lines, even with 10% packet loss, thanks to WAN conditioning capabilities.

ClearPass: Access in Multi-Vendor Environments

ClearPass Network Access Control is an important part of the HPE Aruba portfolio. While lack of support is often a problem with other manufacturers, ClearPass is compatible with devices from more than 108 manufacturers—with TAC support for cooperation with third-party devices—ensuring Zero Trust-based access even in mixed environments.

What I would highlight

Companies around the world have recognized that VPNs are now not only outdated, but also risky. Bugs and vulnerabilities provide attack surfaces, operation is complicated, and the user experience is poor.

In contrast, HPE Aruba Zero Trust Network Access offers granular access control, complete visibility, and simple management. It combines ZTNA, Secure Web Gateway, and CASB, complements the benefits of SD-WAN, and works seamlessly with ClearPass in a multi-vendor environment using classic radius.

The corporate security model of the future is not a continuation of VPN, but Zero Trust-based access, which provides high-level protection, cost reduction, and a better user experience all at once.

Zero Trust is no longer an option—it's a necessity.

SOCWISE © 2022 ALL RIGHTS RESERVED  Business value protection in expert hands.
crossmenu
SOCWISE
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.