Business & Technology

Fortinet Supports ZTNA On-Premises and in the Cloud

By Peter Newton | November 29, 2022

In cybersecurity, the terms zero trust and cloud are tossed around a lot, which has led to no end of confusion. While zero trust has been associated with cloud-based services, it should really be leveraged in any environment where security services exist, both in the cloud and on-premises.

At the same time, because of increasing threats and evolving security needs, the zero trust network security philosophy has received more attention. Zero trust is founded on the principle that no one and nothing can be implicitly trusted, and they must be authenticated per session. Every request for network access is considered to be a potential threat until the requestor’s identity is verified. And then the user’s identity must be continually verified. Even within a session, users and devices are monitored and verified to detect any changes that might indicate a compromise (or would make the user open to compromise).

The adoption of a zero-trust strategy has resulted in the popularity of zero trust network access (ZTNA), which controls access to applications. ZTNA verifies users and devices before every application session. It supports multi-factor authentication (MFA), so users must provide proof they are who they say they are before given access to an application.

Because ZTNA is often prioritized when organization move to the cloud, it’s often assumed that cloud is required to implement zero trust. The prevalence of cloud-only ZTNA solutions that are available from most vendors would have you believing this were true. But that’s not the case for all solutions, and for various reasons cloud-only ZTNA is not the right choice for many organizations.

Although cloud technology makes sense in many situations, it’s not for everyone. For example, many companies simply want to manage their own networks in house. They don’t want other companies managing critical capabilities. Or there are compliance issues that make cloud problematic for organizations in highly regulated industries such as financial services or healthcare. And some organizations want self-contained networks because they don’t have reliable connections to the cloud because they are in a remote area or on a ship in the middle of the ocean.

Additionally, although the roll out of a cloud-based ZTNA may work well for implementing a zero-trust strategy to protect cloud-only environments, it is not an ideal solution for organizations that have hybrid environments or haven’t moved any of their data or systems to the cloud. And for those organizations that haven’t completely moved to the cloud, Fortinet has an on-premises ZTNA solution.

ZTNA Doesn’t Need to Be In the Cloud

With Fortinet, organizations have the option of both cloud-based and on-premises ZTNA, the latter allowing you to own, control, and manage your infrastructure and policies yourself in your own environment. For organizations that don’t completely trust the cloud, worry about losing critical capabilities, or can’t move to the cloud for compliance reasons, Fortinet Universal ZTNA means you can still enjoy the benefits of ZTNA.

And while Fortinet can provide cloud-based ZTNA services as well as on-premises, a big reason our Universal ZTNA solution has gained such rapid traction in the market is that it is a powerful option to support hybrid networks that need both. 

"When organizations are ready to go to the cloud, Fortinet supports cloud-based services and hybrid networks whereas other vendors are limited by their cloud-based architecture."

How Can Fortinet Offer On-Premises ZTNA When Competitors Can’t?

Unlike Fortinet, many ZTNA providers are “cloud-first” organizations. To use their service, ZTNA is either part of a secure access service edge (SASE) solution or it’s part of a cloud-hosted service. Because of the architecture of our solution, Fortinet is uniquely capable of providing ZTNA as part of our SaaS solution and as a feature in our products that organizations can own and control.

When organizations are ready to go to the cloud, Fortinet supports cloud-based services and hybrid networks whereas other vendors are limited by their cloud-based architecture. The Fortinet approach is unique and enables on-premises and in the cloud because Fortinet ZTNA is integrated into FortiOS, our flagship operating system that enables the convergence of networking and security that is consistent whether delivered as an appliance, virtual machine, cloud-delivered service, and container.

If you already use our FortiGate next-generation firewalls, then you have half of the Fortinet ZTNA solution already. If you don’t have FortiGates in your network, it’s easy to use them in a ZTNA enforcement role as ZTNA application gateways deployed within your existing security environment.

For those organizations that need to support users both on and off site, the best choice is a “ZTNA Anywhere” solution like Fortinet Universal ZTNA. And it’s one reason why according to the Gartner® Market Share report, Fortinet is ranked amongst the top five ZTNA vendors with the fastest growing revenue quarter-over-quarter and year-over-year.

Learn more about how Fortinet Universal ZTNA improves secure access to applications anywhere for remote users.