Notifications
Clear all
Topic starter
07/06/2026 9:13 pm
TL;DR: User-centric ZTNA can simplify remote access, but it does not solve the deeper identity problem of how databases, servers, Kubernetes, and privileged credentials are governed at scale, according to StrongDM. The real issue is whether access, observability, and offboarding are unified across human and non-human workflows, not whether the VPN disappears.
NHIMG editorial — based on content published by StrongDM: competitors and alternatives to Proofpoint 2026
Questions worth separating out
Q: How should security teams govern privileged access in user-centric ZTNA environments?
A: Treat ZTNA as the entry layer, not the governance layer.
Q: Why do hidden credentials change the NHI risk model?
A: Hidden credentials still exist as identities even when users never see them.
Q: What do security teams get wrong about session recording?
A: They often treat recording as proof of control when it is only proof of activity.
Practitioner guidance
- Separate ingress control from privilege governance Use ZTNA for user entry, but keep privileged database, server, and Kubernetes access under explicit entitlement and review workflows.
- Inventory hidden credentials as NHI assets Track every credential the control plane brokers on behalf of users, including SSH keys, database logins, and service tokens.
- Tie session logs to access expiry Use query, shell, and command recordings as evidence for review, then connect that evidence to entitlement expiry and recertification.
What's in the full article
StrongDM's full blog covers the operational detail this post intentionally leaves for the source:
- The product-by-product comparison of Proofpoint alternatives, including where each option fits in user-centric remote access.
- The specific deployment and pricing trade-offs StrongDM claims around databases, servers, and Kubernetes access.
- The feature-level description of session recording, query logging, and offboarding workflows for privileged users.
- The practical differences between VPN replacement and access brokering across hybrid environments.
👉 Read StrongDM's comparison of Proofpoint alternatives for secure access →
Proofpoint alternatives and the governance gap in user-centric ZTNA?
Explore further
08/06/2026 9:05 am
User-centric ZTNA is only one layer of access governance. The article shows that replacing VPN access with browser or client-based zero trust does not by itself solve privileged access management. Databases, servers, and Kubernetes still require identity-mediated control that is separate from the remote entry point. Practitioners should treat ZTNA as ingress control, not as a complete governance model.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Should organisations replace VPNs before fixing privileged access governance?
A: Not usually. Replacing VPNs may improve user experience and reduce network exposure, but it does not fix overbroad access, unmanaged credentials, or weak offboarding. Organisations should first define how privileged access is brokered, logged, and removed across human and non-human workflows, then decide where ZTNA fits.
👉 Read our full editorial: Proofpoint access alternatives expose the limits of user-centric ZTNA
