Enterprise VPNs And Network Access

Q&A: Fortinet’s SVP Nirav Shah On Universal ZTNA, Transitioning From VPNs, And Evolving Threats

Expert Insights interviews Nirav Shah, SVP, Products and Services, Fortinet.

Nirav Shah Cover

As organizations transition from traditional VPNs to Zero Trust Network Access (ZTNA), they face an array of challenges ranging from user adoption to integration with existing technologies. Nirav Shah, SVP of Products and Services at Fortinet, emphasizes that the shift isn’t just about adopting a new solution—it’s about ensuring seamless functionality, reducing latency, and staying ahead of increasingly sophisticated cyber threats.

“Many organizations are transitioning from VPN to ZTNA, which can be a time-consuming undertaking. It’s hard for any company to fully transition to a new technology and user adoption can be slow, even if rolled out with proper training and timelines,” Shah explains.

In this Q&A, Shah provides his insights and recommendations for CISOs and shares his predictions on the trends that will shape ZTNA strategies in 2025.

Q. What are the biggest challenges for customers in the enterprise VPN and ZTNA space today and how are threats evolving?

There are several challenges that enterprises encounter when considering ZTNA. Firstly, many organizations are transitioning from VPN to ZTNA, which can be a time-consuming undertaking. It’s hard for any company to fully transition to a new technology and user adoption can be slow, even if rolled out with proper training and timelines.

Speaking of transitioning technologies, many organizations are also integrating ZTNA with their endpoint security for more comprehensive protections, the ability to enforce policies throughout their network, and to prevent the spread of attackers within a network. Unfortunately, to properly integrate these solutions, many organizations have to manage multiple tools, agents, and point products. This makes it challenging to ensure user adoption and maintain proper deployments, especially given the shortage of skilled IT staff.

Then there’s the question of managing latency when securing the cloud and applications, both SaaS and on-premises. How do you steer traffic without impacting network performance? This is important because employees tend to bypass solutions when they impact user experience.

Regarding threats, attackers are getting smarter, and their methods are growing in sophistication.

Q. How does Fortinet Universal ZTNA help teams address these challenges, and how do you differentiate yourselves from competitors?

Fortinet Universal ZTNA is part of the Fortinet Security Fabric platform and is built on the unified Fortinet operating system, FortiOS. This makes it uniquely scalable and flexible for both cloud-delivered or on-premises deployments, covering users whether they are in the office or remote. Because ZTNA functionality is built into Fortinet infrastructure, customers can enable it as a feature on their existing products, so it has a lower total cost and less impact on IT teams compared to deploying a standalone solution.

Fortinet Universal ZTNA also leverages a single client for both VPN and ZTNA. This streamlines the transition from VPN to ZTNA, which remains a big challenge for organizations as mentioned above. The unified agent also empowers organizations to manage multiple functionalities from the same screen and use security features, including vulnerability scans and web filtering, across multiple solutions simultaneously.

Finally, Fortinet Universal ZTNA provides deep traffic inspection, continuous endpoint posture validation, and granular access control. These advanced features ensure customers have the most cutting-edge capabilities available to stay ahead of threats.

Q. What are your top recommendations for CISOs in the process of looking for an enterprise VPN and ZTNA solution?

The most important thing is to find a ZTNA solution that already works with your existing technology and infrastructure. This will make the rollout easier and streamline operations. IT time is precious, so it’s important to optimize and save on costs.

A solution that leverages a unified client for both VPN and ZTNA will also make the transition to ZTNA easier, keep business operations efficient, and reduce risk overall. Bonus points if the client also covers endpoint.

Going beyond ZTNA with Universal ZNTA is also important. Universal ZTNA applies zero-trust principles across the network no matter the location. This ensures all users have the same experience whether they are working remotely or onsite.

Additionally, it’s critical to choose a ZTNA solution that is regularly updated against new and emerging threats and has a track record of covering new use cases. This ensures you’re continually protected as the threat landscape evolves and future-proofed against new business needs like thin edges and Operational Technology (OT). 

Q. What trends do you expect to see in the ZTNA space in 2025?

ZTNA adoption will continue to grow in 2025 as organizations look for more ways to strengthen their security posture to protect against advanced threats and reduce their attack surface.

Many enterprises will also move from ZTNA, which enables secure access for remote employees, to Universal ZTNA, which provides secure access for all users no matter the location. Universal ZTNA provides consistent security and user experience across the entire network.

The last trend I want to touch on is privileged access for OT environments. Most OT devices don’t have an agent, which is the most common way ZTNA is applied to a device or system. Privileged access is a strategy that ensures all end user devices and accounts with key OT permissions have the proper ZTNA applied. It’s the best way to ensure OT environments are protected from improper access, and we’ll see its popularity continue to increase in the new year. 

Q.  In your view, what should organizations’ top ZTNA planning priorities for 2025 be?

If any enterprise is planning on adopting ZTNA in 2025, their first step is ensuring they have the foundational technologies in place to move to zero trust. Often this means a form of identity management that lays the groundwork for deploying zero trust. It’s also critical to identify the top applications used in an environment and the data that needs protecting. With this information, organizations can handle their most pressing needs first. (And it’s always a good idea to take stock of application and data spread once ZTNA has been deployed to make sure everything is covered properly).

If an organization has already deployed a ZTNA solution, maintenance is key. Take a look at your configurations for opportunities to streamline. Assessing user and administrative experience to ensure low latency and infrastructure consolidation should also be high on the list.


Further reading