Zero Trust Network Access (ZTNA) was supposed to be the “VPN killer.” It promised to replace clunky, “connect-and-forget” tunnels with a sleek, identity-based approach.
But here’s the uncomfortable truth: Standard ZTNA is not that great in a remote world. The reason? Most ZTNA solutions are obsessed with the user and the work laptop, but they are completely blind to the environment those things live in. If your security stops at the edge of the corporate-issued MacBook, you’re missing 90% of the threat landscape.
Traditional ZTNA asks two questions:
Is the user who they say they are?
Is the laptop healthy?
If the answer is “Yes,” the gates open. But meanwhile, that “healthy” laptop is sitting on a home Wi-Fi network shared with a cheap, unpatched smart doorbell, a teenager’s malware-ridden gaming PC, and a router that hasn’t seen a firmware update since 2019.
Accessing a secure cloud database from a compromised network isn’t Zero Trust – it’s a gamble.
In a remote environment, the network is no longer a controlled corporate asset; it’s a shared utility. Attackers know this. They aren’t always trying to phish your CEO; they are trying to compromise a vulnerable IoT device on the CEO’s home network to gain a foothold.
Once an attacker is on the local network, they can:
Intercept Traffic: Perform Man-in-the-Middle (MITM) attacks before the data even reaches the ZTNA “gate.”
Move Laterally: Scan the corporate laptop for vulnerabilities that only appear on a local connection.
Exploit the Gateway: Take over the home router to redirect traffic or log keystrokes.
To make ZTNA actually work, it needs to move beyond identity and start looking at network-level vulnerabilities. A ZTNA solution becomes an elite security tool when it adds context about the entire remote network.
A better ZTNA proposition involves knowing exactly how many “unmanaged” devices are sitting next to your corporate assets. If a network suddenly goes from three devices to thirty, that’s a contextual signal that the risk has changed.
Imagine if your ZTNA could say: “I trust the user, and I trust the laptop, but the local router has a critical CVE-2024 vulnerability. Therefore, I will only allow ‘Read-Only’ access until the user moves to a secure connection.” That is true Zero Trust.
By monitoring for “unknowns” and vulnerabilities on the remote network, you can generate a dynamic risk score. This allows you to stay agile:
Safe Network: Access granted.
High-Vulnerability Network: MFA required for every action.
Compromised Network: Connection blocked entirely.
| Feature | Standard ZTNA | Context-Aware ZTNA |
| Primary Focus | User Identity & Laptop Health | The Entire Ecosystem |
| Network Visibility | None (Assumes “Clean” Pipe) | Discovers all devices on the local Wi-Fi |
| Risk Response | Binary (Yes/No) | Dynamic (Based on local vulnerabilities) |
| Security Posture | Reactive | Proactive & Environmental |
ZTNA is a great start, but it’s an incomplete sentence. To truly secure a remote workforce, you have to acknowledge that the “perimeter” is now an unmanaged home network full of vulnerabilities.
Knowing the devices on that network doesn’t just make your security better – it makes your Zero Trust strategy actually true.