Research details risks of legacy VPNs and NAC

Recent findings illustrate the difficulties organizations encounter with traditional VPNs and network access controls in a cloud-first hybrid environment, underscoring the necessity for zero trust access solutions.

The reality of legacy access

The research shows that more than half of organizations have experienced at least one security incident related to VPNs within the past year. Vulnerabilities, such as the Ivanti CVE-2025-0282, enable unauthorized remote code execution, leading to increased data leaks and operational issues due to the extensive trust granted by legacy VPNs.

Furthermore, many respondents express skepticism about the effectiveness of Network Access Control (NAC) systems against contemporary threats, highlighting their limitations as hybrid workforces and cloud environments become prominent.

The shift to zero trust

In response to these issues, organizations are increasingly adopting Zero-Trust Network Access (ZTNA), with 26% already implementing it and 37% planning to do so in the coming year. The urgency for this shift is largely motivated by the need for enhanced security and simpler infrastructure management.

Demand for integrated solutions

Organizations are seeking ZTNA not just as a substitute for VPNs and NAC but also as a tool for real-time visibility and effective policy enforcement. Integrating ZTNA into a broader Security Services Edge (SSE) platform is an important step for data protection and threat prevention.

Rethinking access security

The shift to ZTNA requires a comprehensive approach to access security, emphasizing least-privilege access and continual verification of users and devices. This strategy aims to ensure security across all applications while guiding security professionals on transitioning from legacy systems.

This summary reflects a timely, fact-based overview of the discussed research findings and their implications for organizations looking to upgrade their access security frameworks.