The future of VPNs: Are they being replaced by SASE and ZTNA?

By Eduard Bardají on Jun 17, 2025 12:21:27 PM

The future of VPN

Virtual private networks (VPNs) have been the go-to solution for ensuring secure connections to corporate networks for years. However, with the rise of remote work, the adoption of multi-cloud environments, and the increase in cyber threats, companies are rethinking their access security strategies. In this context, two new technologies are gaining popularity: SASE (Secure Access Service Edge) and ZTNA (Zero Trust Network Access).

At ESED, we felt it necessary to analyze the current role of VPNs, their limitations, and how SASE and ZTNA are emerging as safer and more efficient alternatives for businesses.

These options are on our radar as cybersecurity specialists to see how they continue to evolve and develop.

About traditional VPNs

While VPNs have been an effective solution for connecting remote employees and satellite offices to corporate networks, they are starting to show some limitations, especially with the rise of cyber threats and the emergence of new technologies like Artificial Intelligence:

  • Limited security:
    Traditional VPNs allow access to the entire internal network, meaning that if a user’s credentials are compromised, cybercriminals can move laterally within the corporate infrastructure. This represents a significant risk in a world where internal threats and cyberattacks are becoming more sophisticated.

  • Slowness:
    VPNs can be slow and affect employee productivity, as they often introduce latency due to the need to route traffic through centralized servers. Additionally, they require manual configurations that can be complicated for end users.

  • Limited scalability:
    VPNs were not designed for cloud-based environments. With the growth of remote work and the adoption of SaaS applications, companies need secure access solutions that can scale efficiently without relying on traditional network infrastructure.

  • Management and maintenance:
    Managing a VPN infrastructure can be complex, especially for companies with globally dispersed employees. Configuration, monitoring, and enforcing security policies require a considerable investment of time and resources.

SASE and ZTNA: the natural evolution of access security

In light of these limitations, organizations are adopting more modern approaches like SASE and ZTNA, which offer greater security, flexibility, and efficiency in managing remote access.

ZTNA (Zero Trust Network Access): Security based on zero trust

The concept of Zero Trust Network Access is based on the principle of "never trust, always verify." Instead of granting full access to the network, as VPNs do, ZTNA provides limited and context-based access to specific resources that each user needs.

Key advantages of ZTNA:

  • Segmented access: Users can only access the applications and data they require, minimizing the risk of lateral movement in the event of a security breach.
  • Continuous authentication: The identity and context of the user are constantly verified, ensuring secure access.
  • Greater protection against internal and external threats: Reduces system exposure by limiting network visibility.

SASE (Secure Access Service Edge): An integrated cloud solution

SASE is a security framework defined by Gartner that combines ZTNA, SD-WAN, next-gen firewalls (FWaaS), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB) in a cloud-based model. Its goal is to provide a secure and optimized access solution for remote employees, branches, and cloud resources.

Key advantages of SASE:

  • Unified security: Integrates multiple security solutions into a single managed cloud service.
  • Performance optimization: Reduces latency by intelligently routing traffic through the most efficient network.
  • Global scalability: Easily adapts to companies with distributed access needs without requiring physical hardware.

Differences between VPN, SASE, and ZTNA

To better understand which option is best for each organization, it’s important to analyze the differences between these three approaches:

Aspect

VPN

SASE

ZTNA

Security

Low, full access to the network

High, security integrated with centralized policies

Very high, segmented access based on identity

User experience

Can be slow and cause latency

Optimized, lower latency

Seamless, no persistent connections needed

Scalability

Limited, requires additional hardware

High, cloud-based

High, adaptable to any infraestructure

Access model

Based on implicit trust

Unified security with multiple layers

Zero trust, granular access

Recommended use

Secure access to corporate network

Companies with multi-cloud and remote infraestructures

Remote access to specific applications

 

Which option is best for your company?

The choice between VPN, SASE, and ZTNA depends on each organization’s specific needs:

  • VPN: Ideal for companies with traditional IT infrastructure that need a quick and simple solution to connect remote employees.
  • ZTNA: Recommended for organizations looking to enhance security and minimize unauthorized access risks, especially in remote and distributed environments.
  • SASE: The best option for companies seeking a scalable, efficient cloud-based security solution to protect hybrid networks and remote access.

Will SASE and ZTNA completely replace VPNs?

Technology continues to evolve, and some technologies are eventually replaced by others with improved versions to meet real market needs. However, VPNs are expected to continue being used for specific cases, such as secure connections within corporate networks. Nevertheless, there is a growing trend of choosing SASE and ZTNA as secure connection methods in businesses.

How to transition from VPN to SASE or ZTNA

For organizations looking to modernize their access security approach, transitioning from VPN to ZTNA or SASE should be planned progressively:

  • Risk and needs assessment: Identify the weak points in the current VPN infrastructure.
  • ZTNA implementation for critical access: Prioritize sensitive applications and remote users.
  • Gradual migration to SASE: Integrate cloud services to enhance security and optimize performance.
  • Continuous monitoring and adjustments: Review access policies to adapt them to the organization’s evolution.

While VPNs will still exist in some environments, companies looking to improve security, scalability, and user experience are adopting ZTNA and SASE-based models.

Investing in these technologies not only reduces the risks of cyberattacks but also optimizes remote access and cloud network management. In a world where security and agility are crucial for business continuity, transitioning to solutions like ZTNA and SASE is an essential strategic decision for modern companies.
Previous story
← Ransomware in Biotech: how to protect yourself
Next story
Cybersecurity audits in the Biotech sector: Protect your innovation with ESED Attack →
Proactive vs reactive cybersecurity
proactiva vs reactiva
Cybersecurity

Proactive vs reactive cybersecurity

Jan 13, 2025 11:44:00 AM 2 min read
Solutions that will help you keep phishing at bay in your company
Keep phishing at bay
Cybersecurity

Solutions that will help you keep phishing at bay in your company

Nov 3, 2023 3:36:00 PM 3 min read
20 Advantages of outsourcing cybersecurity in your company
ventajas externalizar ciberseguridad
Cybersecurity

20 Advantages of outsourcing cybersecurity in your company

Oct 1, 2024 4:12:10 PM 3 min read

Subscribe to our newsletter and stay updated on the latest in technology and cybersecurity.
accio-10-negre (1)
pyme_innovadora_meic-SP_web
kit consulting cabecera