Research highlights risks of legacy VPNs and NAC

Recent research highlights the challenges organizations face with legacy VPNs and network access controls (network access control (NAC)) in a cloud-first and hybrid environment, emphasizing the need for modern, zero trust access solutions.

The alarming reality of legacy access

The findings reveal that over half of organizations have experienced at least one VPN-related security incident in the past year, often exacerbated by vulnerabilities like the Ivanti CVE-2025-0282, which allows remote code execution without authentication. VPNs, originally designed for a different Edge Resource Allocator (ERA), now grant extensive trust access that adversaries exploit, increasing data leaks and operational disruptions.

Additionally, Network Access Control (NAC) systems are also proving ineffective against modern threats, with more than half of respondents doubting their security capabilities. As hybrid workforces and cloud infrastructures become the norm, NACs struggle to adapt effectively.

The imperative shift to zero trust

Despite these challenges, organizations are responding by adopting Zero-Trust Network Access (ZTNA), with 26% already implementing it and 37% planning to do so within the next year. The increasing urgency is driven by a desire for stronger security, simpler infrastructure management, and improved application performance.

Demand for integrated approaches

Organizations are not only looking for ZTNA to replace Virtual Private Network (VPN) and NAC but also expecting it to provide real-time visibility and seamless policy enforcement across their environments. The integration of ZTNA into a broader Secure Service Edge (Security Services Edge (SSE)) platform is crucial for effective data protection and threat prevention.

Rethinking access security

The report emphasizes that moving to ZTNA involves more than replacement; it requires a proactive approach to access security that reflects current hybrid and cloud-based operational realities. The transition focuses on enforcing least-privilege access and continuously verifying user and device context to ensure robust security across all applications.

This analysis serves as a guide for security professionals, providing insights and strategies to move beyond outdated systems and build more adaptable and secure access frameworks.

https://www.wayfair.com/home-improvement/pdp/vinnova-24-single-bathroom-vanity-set-w100069614.html?piid=736742425%2C736742431