Zero trust network access (ZTNA) has been a watchword in digital security for years. Recently, the technology has reached a tipping point.

Two parallel trends have increased the importance of using ZTNA to connect users with companies’ digital resources. First, ongoing development has made ZTNA solutions more affordable and feature-packed. Second, greater use of remote work models has necessitated that businesses have versatile, secure ways to support employees outside of the office walls.

Now, with more organizations looking for a ZTNA vendor, it’s a good time to weigh the features these organizations can offer. Choosing the right ZTNA vendor for a particular business is a complicated process, but by studying the offerings on the market and the capabilities of the latest technology, your company can find the ideal match.

A list of top-tier ZTNA providers operating today is available in Gartner’s recent report on the ZTNA marketplace. Below, we’ll walk through a few of the capabilities these vendors can offer, along with some details on how and why these features will help your digital operations.

The State of ZTNA Today

Before comparing the in-depth features offered by individual ZTNA vendors, it’s worth refreshing yourself on the general state of ZTNA offerings.

The core concept behind all zero trust network access solutions is that they represent a way to verify (and re-verify) the identity of remote users requesting access to applications, files, and other network assets. This is a contrast to other methodologies that grant continuous access after a user has entered credentials such as a password.

Gartner notes that the ZTNA market was once seen merely as an alternative to virtual private network (VPN) offerings. Now, however, companies are seeing the unique security value of zero trust access. Using ZTNA creates a smaller attack surface because access control is based on denying entry unless a user is authorized and appears safe at that moment, rather than giving blanket access and implicit trust to someone with the password. Furthermore, ZTNA does not require exposing resources to the internet, removing another potential attack vector.

Gartner sees the ZTNA application market growing at a year-over-year rate of 60 percent. The report notes, however, that ZTNA loses some of its appeal as an isolated solution. Increasingly, companies will use zero trust networking as a component of an overarching secure services edge (SEE) security posture.

After acknowledging that ZTNA is ready for primetime as a security technology, it’s time to delve into the capabilities offered by various vendors and match those capabilities to your organization’s approach to remote access management, cybersecurity and more.

ZTNA Vendors: Features to Look For

As part of Gartner’s research into the landscape of ZTNA providers, the research firm pulled out several of the pros and cons of various vendors. The following are just some of the traits to consider when locking in your ZTNA capabilities before implementing zero trust security.

  • In-house security and monitoring operations: Since the infrastructure underlying a ZTNA solution is responsible for keeping your company’s connections safe, it’s natural to have some questions about just how these systems are observed and monitored. Gartner asserts that companies should favor vendors that have their own teams assigned to keep up security protocols and watch for any sign of integrity issues.
  • High-performance SLAs to limit service disruption: As with any software, a ZTNA vendor’s service license agreements (SLAs) have a role to play in reliability and uptime. It’s worth checking on the SLAs for the vendor’s trust broker to make sure downtime for that system won’t hamper your employees’ ability to use the ZTNA solutions.
  • Reliable trust broker access: The connection between a ZTNA system and its trust broker solution should enable quick access to prevent excess latency. Vendors with large amounts of points of presence (PoPs) distributed around the world may be best suited to create high-redundancy, low-latency connections for all users.
  • Trust broker failover capabilities: What happens when a trust broker’s tenant isolation fails and an attacker threatens that system? Ideally, the trust broker switches to a redundant system, or at least shuts down entirely and disconnects. These are capabilities to look for in a ZTNA vendor, to defend against rare cases when hackers make a successful attack on the trust broker.
  • Strong administrator authentication requirements: Just because a ZTNA solution is an advanced approach to security, that doesn’t mean it has no possible attack surface. Administrator accounts can cause harm if compromised, so it pays to find a vendor that employs strong authentication for admin access.
  • Types of applications supported: Does your company plan to run its legacy on-premises applications through ZTNA? If so, this is something to consider during ZTNA vendor selection. Some ZTNA providers only support HTTP and HTTPS web applications, making it difficult to use legacy apps via their solutions.
  • Support for the DTLS protocol: The datagram transport layer security (DTLS) protocol is one method of protecting information during digital communications. In a ZTNA context, it’s especially important as an enabler of real-time communication applications. Gartner recommends finding a vendor that does employ DTLS if your organization plans to use these real-time solutions via ZTNA.
  • Sustainable financial backing: While this is not a trait of a ZTNA solution itself, it is a factor to consider. Gartner noted that in an era of rapid development and progress, there is no assurance that all of today’s ZTNA vendors will still exist in years to come.

Considering this list of ZTNA characteristics when entering the market for a solution can put your business on the right track and help you align your unique use case with leading vendor’s offerings. Since the market is developing so quickly, and due to the update-friendly nature of cloud software, new feature sets are constantly rolling out for your IT team to consider.

Download the Gartner report to compare the pros and cons of various ZTNA approaches.

What can ZTNA do for your security posture?

With a chosen ZTNA vendor on your side, your organization can start making impactful changes to its cyber security approach. Gartner’s market guide contains advice and guidance on this process as well, to help organizations engage meaningfully with the ZTNA marketplace.

The research organization does offer a warning that ZTNA in itself is not an all-encompassing solution. Rather, it is one part of a complete zero trust security strategy, which can itself be part of establishing SSE. With that said, Gartner does recommend moving forward with ZTNA migration.

As applications with set user bases migrate into the infrastructure-as-a-service cloud, that transition is an ideal moment to implement ZTNA as your secure remote access management method of choice. Applications running in a private cloud that can only be accessed via ZTNA become far more secure than before their migration.

Gartner also highlighted specific use cases when ZTNA service is an especially potent security choice. These include:

  • Enforcing strong security protocols for personal devices allowed onto business networks through bring-your-own technology programs. Traditional VPN approaches to secure connections can’t support these varied (and increasingly common) endpoints.
  • Opening secure application access to users outside the company ecosystem. With ZTNA, it’s possible to bring in contractors, suppliers and other partners in a simplified manner while still enforcing strict security postures.
  • Isolating the enterprise’s highest-value mission-critical applications. By setting these apps apart behind role-based security protocols, it’s possible to protect the software against insider threats.
  • Reducing the attack surface by cutting applications and networks off from the public internet. Businesses can grant remote access to users on all types of connections and unmanaged devices while limiting their attack surfaces.
  • Creating complex access control personas based on more variables, including device posture, location and user behavior. Legitimate users can log on with no friction, while suspicious activity can be quickly and effectively controlled.
  • Securing the connection between internet of things (IoT) devices and the company network as a whole. Without a secure access method such as ZTNA, IoT networks can represent a large and relatively unprotected attack surface.

Remote and hybrid workplace models have become increasingly common, alongside trends such as widespread cloud migration, IoT adoption and BYO technology use. If your business is delving into some or all of these trends, it’s wise to update your remote security protocols at the same time. This is where ZTNA shines, and why it’s being named as a top technology trend.

Download the Gartner report in full to learn more.

Where do Citrix ZTNA solutions fit in?

Citrix Secure Private Access is a ZTNA solution designed to be a critical part of network-centric remote access, protecting both cloud-based and on-premises apps from bad actors and suspicious user behavior.

The range of compatible applications covers the whole spectrum from web and software-as-a-service apps to client/server and desktop-as-a-service (DaaS) deployments. The ZTNA solutions are associated with granular and customized cloud security actions to protect resources in a way that makes sense for each organization’s needs.

The security controls associated with Citrix Secure Private Access work quietly in the background, only becoming evident when triggered and providing a smooth user experience. Depending on the assessed threat and the company’s preferences, these features may turn on watermarking for users of BYO devices, prevent downloading by users on unknown networks or simply lock down specific user access in response to suspicious behavior.

The secure access solution only enables outbound connectivity, and the applications are always hidden for security. Citrix’s Cloud Connector solution comes with fault tolerance and failover support.

Administrators also gain access to a dashboard displaying user risk profiles. This allows them to take manual action when called for and also gives them visibility into usage pattern data that will help them set policies.

All these security features are available as part of a single sign-on (SSO) access control solution. This means that not only are connections more secure, but users will also find the experience of remote access to be easy and friction-free.

Learn more about Citrix Secure Private Access, and view our demo to see the solution in action.


Market Guide for Zero Trust Network Access, 17 February 2022, By Aaron McQuaid, Neil MacDonald Et Al.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.