This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

kiwi
Community Team Member

‎10-14-2025 01:08 AM

Hi @W.Granada ,

 

Classic VPN models are often setup in an all-or-nothing configuration (they don't have to be but are often setup as such) sending all traffic back through the corporate network This backhauling can add significant latency.

 

Your instincts are correct. ZTNA is an alternative to explore. 

 

It operates on the principle of "never trust, always verify." No user or device is trusted by default, regardless of their location. Every access request is verified based on factors like user identity, device posture (is it up-to-date with security patches?), and context.  Its model enforces the principle of least privilege. So instead of granting network access, ZTNA provides highly granular, application-specific access. A remote trader would only be granted access to the specific trading platform and data resources they need for a single session. This significantly reduces the attack surface and minimizes the risk of lateral movement if a device is compromised.

ZTNA is often a cloud-based service, which can improve performance. It establishes secure, direct, one-to-one connections between the user and the specific application, bypassing the need to backhaul all traffic through a central data center. This "split-tunneling" approach can lead to lower latency and a better user experience.  ZTNA can be more seamless for users. It works transparently in the background, without requiring the user to manually connect to a VPN client.

 

An alternative solution for trading can be to use VPS (Virtual Private Server).  Your remote traders would connect to a high-performance VPS, which is typically located in a data center with ultra-low latency connectivity.  This bypasses the latency and connectivity issues of the home user's ISP. The connection between the VPS and the trading exchange is optimized for speed. It also ensures 24/7 uptime for automated strategies, regardless of the home user's internet connectivity.  That said, it's a different operational model and might not be the right fit if your traders need to access other internal applications directly from their home computers.

 

Sources:

https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices

https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna

https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-2-0

 

Hope this helps,

Kim.

 

 

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks