As insider threats and lateral attacker movements grow more sophisticated, Zero Trust Network Access (ZTNA) provides essential protection for sensitive data and systems.
In 2025, what should security leaders prioritize to identify evolving threat vectors, integrate AI-driven automation, and improve user security?
We asked three experts for their advice:
Anupam Upadhyaya, VP, Products, Palo Alto Networks Prisma SASE: Organizations should prioritize replacing legacy VPNs with a comprehensive, resilient, and scalable SASE solution that delivers true zero trust security, providing secure access to any app from any device or location.
An ideal solution should leverage a robust cloud architecture for near-perfect uptime and seamless service continuity. It must secure work across managed and unmanaged devices, browsers, support safe GenAI adoption, and offer comprehensive data protection.
Additionally, digital experience monitoring is crucial to optimize app performance, quickly remediate issues, and ensure a high-quality user experience. Ultimately, a best-in-class solution brings together best-in-class security and exceptional user experiences, meeting the evolving needs of the modern organization. Read the full Q&A.
Nirav Shah, SVP, Products and Services, Fortinet: If any enterprise is planning on adopting ZTNA in 2025, their first step is ensuring they have the foundational technologies in place to move to zero trust. Often this means a form of identity management that lays the groundwork for deploying zero trust. It’s also critical to identify the top applications used in an environment and the data that needs protecting. With this information, organizations can handle their most pressing needs first. (And it’s always a good idea to take stock of application and data spread once ZTNA has been deployed to make sure everything is covered properly).
If an organization has already deployed a ZTNA solution, maintenance is key. Take a look at your configurations for opportunities to streamline. Assessing user and administrative experience to ensure low latency and infrastructure consolidation should also be high on the list. Read the full Q&A.
Andrius Buinovskis, Head of Product, NordLayer: I suggest companies allocate more resources to increase awareness and help employees stay conscious during cyber activity.
Also, companies should invest in regular audits (not only in the ZTNA context), update existing security toolsets, and add some new ones if there are any unprotected attack areas. Businesspeople should also remember that the right toolset and awareness are key in the cybersecurity field.
Trained employees will adopt cybersecurity tools more easily, stay alert, and report possible incidents to their IT administrators so that successful attacks can be averted. Read the full Q&A.
Further reading:
