Francis Dinha is CEO and cofounder of OpenVPN Inc., a leading enterprise network security company.
In an era where cyberthreats evolve faster than businesses can adapt, cybersecurity is no longer just an IT issue—it’s a boardroom priority.
Unfortunately, many executives stubbornly view security as a cost center rather than a strategic advantage. CEOs who fail to integrate cybersecurity into their core business strategies risk not only breaches but also reputational damage, revenue loss and stifled innovation.
However, for many executives, there are certain buzzwords they may associate with higher costs, like zero trust. What started as a nebulous new cybersecurity term defined by Forester analyst John Kindevag in 2009 has morphed and changed through the years into the concept of zero trust network access (ZTNA). The intrigue has continued, unabated, with 61% of businesses claiming to have a zero trust strategy in 2023, according to a report by Okta.
A 2025 survey conducted by Enterprise Strategy Group study sponsored by my company, OpenVPN, found that 72% of all respondents, on average, reported significant or moderate improvements in key performance indicators (KPIs) from zero trust initiatives.
Unfortunately, the same study found that 25% of respondents felt that zero trust requires too many tools, 23% felt it complicates employee access and 30% reported that zero trust is too complex. Further, although the traditional ZTNA model creates barriers for bad actors, it only extends to certain users or devices, leaving others vulnerable.
To mitigate these challenges, universal zero trust network access (UZTNA) builds upon the traditional parameters of ZTNA. UZTNA is intended to ensure every access request is continuously verified and contextually assessed, regardless of where the user or device is located.
Universal ZTNA Basics
Unlike traditional ZTNA, which often tailors security policies based on remote access needs, universal zero trust enforces a consistent security framework for both on-premises and remote users—and the same security protocols apply to all users, regardless of their role, location or device.
For example, while a remote customer service rep would be required to use a VPN and multifactor authentication to access protected software-as-a-service (SaaS) applications or critical systems for their role, what about an executive who is in an office on-site?
With UZTNA, they would follow the same protocols to access the systems and applications critical to their business functions. The same protection would be applied to SaaS apps, the internet, Internet of Things (IoT) devices, etc. There is no distinction in zero trust protocols between the executive or the customer service rep, nor the system being accessed.
The principle of least privilege is enforced across all locations and devices, giving everyone the same experience they’d have if they were in the office on a secure network.
This approach eliminates discrepancies between different access environments, ensuring that security policies remain seamless across all infrastructures—cloud, hybrid and on-premises—without disrupting business operations.
Personally, I think the term “seamless” zero trust is more fitting, as it emphasizes the necessity of an integrated, frictionless security experience. A truly seamless zero trust strategy ensures that security measures work invisibly in the background, allowing employees and stakeholders to operate efficiently without encountering unnecessary access barriers.
How To Make Universal ZTNA Part Of Your Business Strategy
UZTNA works as part of a broader strategy that aligns security with business growth, innovation and operational agility, rather than treating it as a restrictive or burdensome IT policy.
Some of the most successful companies have treated security as a business enabler rather than merely a compliance requirement. For example, Google has fully embraced zero trust principles across its enterprise, eliminating traditional network perimeters and ensuring that all users—whether on-premises or remote—verify their identity and device integrity before accessing resources.
On the surface, this seems to be a traditional use of zero trust. However, it’s closer to universal zero trust because the same verification rules apply to all employees, whether on-site or working from home, and policy enforcement is at the core.
Recent research from Gartner indicates that UZTNA “is expected to grow to widespread adoption, greater than 40%, by 2027. Vendors will evolve their existing ZTNA offerings to offer a unified approach regardless of a user or device’s physical location.”
How can CEOs across industries follow suit? To effectively incorporate universal zero trust into their organizations, CEOs must lead with a strategic mindset that integrates security into the core of business culture and operations. Here are three key strategies for executive leadership:
1. Establish a security-first culture. Cybersecurity must be embedded into the DNA of an organization. CEOs should ensure that every department, from HR to finance, understands the importance of security and follows universal zero trust principles. This means regular security awareness training, clear communication about cyber risks and making security a shared responsibility across the company.
2. Align cybersecurity with business objectives. Security should not be seen as a roadblock but as an enabler of growth. CEOs must work with their leadership teams to integrate universal zero trust into digital transformation initiatives, mergers and acquisitions and customer experience strategies. By positioning security as a competitive advantage, companies can enhance trust and resilience while maintaining agility.
3. Invest in seamless security infrastructure: CEOs must ensure their IT and security teams have the resources needed to implement the universal zero trust model. This includes adopting technologies that enforce consistent security policies across all environments—on-premises, cloud and remote—without disrupting productivity. By prioritizing solutions that provide frictionless security, businesses can achieve protection without sacrificing efficiency.
It’s important to note that not every organization is fully remote, and a one-size-fits-all zero trust model isn’t realistic. The key is to implement seamless security—solutions that work across all environments without disrupting workflows.
CEOs must move beyond viewing zero trust as an IT framework and instead see it as a strategic advantage that protects revenue, reputation and innovation. The future of business security lies in making security an inherent part of corporate strategy, not an afterthought.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Source link
