Select Page

Jan 11, 2024

Clientless ZTNA: How It Protects Remotely Accessible Applications


Hillstone Networks is a big proponent of zero trust network access (ZTNA) for protecting enterprise networks and clouds. There are numerous ways to implement a zero-trust strategy, including something known as clientless ZTNA. Learning more about clientless ZTNA might be beneficial if your organization allows remote access to private applications within your cloud or network. 

In a nutshell, clientless ZTNA is a means of providing secure and remote access to online resources without requiring a user to download and install some kind of agent software. The strategy utilizes a browser plugin instead. That plugin creates a temporary tunnel through which private resources can be accessed securely.

Zero Trust With Ease of Use

Among the many advantages clientless ZTNA brings to the table is offering zero trust with ease of use. With browser plugin installed, a remote user simply logs in to a web portal using previously established credentials. From the user’s standpoint, it is no different than logging in while on-site. Meanwhile, in the background:

  • Authorization is analyzed. The clientless ZTNA system examines and verifies the user’s credentials, then confirms the person has the necessary permissions to access the resources in question.
  • A tunnel is created. Assuming the user’s credentials are sufficient, a temporary tunnel is created to the desired resource. All other resources are inaccessible from that tunnel. It is a single tunnel to a single destination.
  • The browser is the agent. Because no additional agent software is necessary, the user’s browser acts as the agent. All interaction with the private resource happens through the browser via the secure tunnel.

There are obvious advantages to deploying clientless ZTNA for remote access. At the top of the list is comparatively simple deployment and management. This is especially important to organizations with large numbers of devices given access to resources. A browser plugin takes the place of agent software having to be installed on every device.

Other advantages include:

  • Increased security by way of specified tunnel access.
  • More flexibility in supporting a variety of devices.
  • A better experience for users able to use in the most convenient way.

Of course, clientless ZTNA does have its downsides as well. Perhaps they are a topic for a future post. For now, however, let us look at some typical use cases for clientless ZTNA.

Four Use Cases

Here at Hillstone Networks, we make a point of analyzing each client’s specific needs before recommending a ZTNA solution. We can suggest a number of use cases that would be ideal for clientless ZTNA. Here are just four of them:

  1. BYOD – Instituting a bring your own device (BYOD) policy can save companies money while also making employees happier and more productive. However, installing agent software on user devices is problematic. Clientless ZTNA solves that problem.
  1. Supporting Internal Apps – Internal, private apps accessible only to employees still need to be protected against intrusion from the outside world. Clientless ZTNA offers that protection while simultaneously keeping employees out of resources they don’t have the credentials to access.
  1. Temporary Access – Clientless ZTNA is ideal for providing temporary access to contractors and temp workers. With a clientless solution, there is never a need to give these individuals full network access.
  1. Legacy Applications – Legacy apps not designed for the cloud still need to be protected. Clientless ZTNA is the best way to do so seamlessly and without requiring considerable customizations.

Hillstone Networks stands firmly behind ZTNA as one of the best tools for protecting clouds and networks. We can help you design and deploy the perfect ZTNA solution for your organization. If you are ready to get started, so are we.