Securing Remote Access: VPNs, ZTNA, and Identity

As remote work continues to evolve, SMBs face growing challenges in securing remote access. Gone are the days of relying solely on traditional VPNs. The modern approach blends Zero Trust principles, Identity & Access Management (IAM), and continuous validation of device posture and behavior.

🔐 The Problem with Legacy VPNs

While VPNs extend network access beyond the office, they also expand your attack surface. Once connected, users often gain broad access to internal systems—even if they don’t need it. Misconfigured VPN clients, shared credentials, and poor visibility into remote sessions all contribute to risk.

🛡️ Enter Zero Trust Network Access (ZTNA)

ZTNA flips the security model. Instead of implicit trust, it assumes all devices and users are untrusted by default. Access is granted only after continuous verification—based on identity, device health, and context (e.g., location, time of day).

• Granular access: ZTNA policies grant access per-app or per-resource—not the full network.
• Better auditability: Every request is logged and can be traced to a user/device.
• Cloud-native: Many ZTNA solutions integrate with identity providers like Azure AD, Okta, and Google Workspace.

🧩 IAM as the Foundation

Whether you use VPN or ZTNA, strong identity controls are essential. Multi-factor authentication (MFA), single sign-on (SSO), and role-based access are non-negotiable. Without them, users become the weakest link in your security chain.

📈 Maturity Roadmap for SMBs

1. Start with enforcing MFA across all accounts
2. Audit VPN access and restrict by need
3. Introduce identity-based access policies (per application)
4. Evaluate ZTNA solutions that work with your existing stack
5. Train staff on remote access hygiene and phishing avoidance

🔍 Choosing the Right Tool

Compare solutions like Azure Conditional Access, Google BeyondCorp, Tailscale, NordLayer, and Cloudflare Access. Key evaluation factors include:

• Directory integration (Azure, LDAP, etc.)
• Ease of deployment and device compatibility
• Audit trails and policy enforcement
• Latency and user experience

🧠 Best Practices

• Maintain a real-time inventory of remote endpoints
• Use device certificates for authentication when possible
• Monitor failed login attempts and alert on anomalies
• Segment networks and isolate high-value systems

🤝 How Virtus Group Helps

We support New Zealand SMBs with secure remote access planning and implementation. Whether you're starting with VPN hardening or adopting ZTNA, we help you align technology with practical, scalable policies.

Eduardo Wnorowski is a Technologist and Director at Virtus Group Ltd.
With over 27 years of experience in IT and consulting, he brings deep expertise in networking, security, infrastructure, and transformation.
Eduardo helps New Zealand businesses navigate change with clarity, security, and trust.
🔗 Connect on LinkedIn