In my ten years building enterprise security systems — from early network access control implementations to now architecting F5’s modern application delivery solutions — I’ve witnessed many security transformations that promised simplification. Most delivered more complexity instead. But what I’m observing in 2025 is different, and, frankly, more concerning.
The enterprise security landscape presents a troubling paradox: at the very moment when artificial intelligence promises to intelligently manage access control across our hybrid infrastructure, the complexity of that infrastructure is preventing organizations from effectively deploying AI-powered security solutions. When I analyzed F5’s latest State of Application Strategy Report alongside recent industry research, the data revealed a disconnect between zero trust aspirations and operational reality that I recognize from my own work with enterprise customers.
We’re facing the ultimate irony in network security: Organizations can’t use AI to solve their access control problems because their existing access control systems prevent them from utilizing AI.
What I’m seeing in zero-trust deployments
The real story isn’t in the survey data — it’s in the conversations I’m having with enterprise security architects trying to implement zero trust strategies. Last month, I worked with a financial services company that had spent eighteen months evaluating ZTNA solutions. They’d built requirements documents, conducted vendor demos and mapped their application inventory. But when it came time to deploy, they hit a wall.
The problem wasn’t technology. Gartner’s Magic Quadrant shows vendors like Palo Alto Networks, Netskope and Zscaler have mature platforms. The problem was that implementing these solutions required untangling years of VPN configurations, documenting legacy application dependencies and coordinating with stretched application teams.
What struck me was hearing their CISO say, “We bought this ZTNA platform for intelligent, automated access control. Instead, we’re spending more time on manual policy creation than with our old VPN.” That’s when I realized we’re dealing with a deeper issue than technology selection.
When F5’s research shows 60% of IT teams are buried in manual tasks, and A10’s data reveals 58% struggling with API complexity, I see teams that want AI-driven automation but can’t escape the tactical firefighting consuming their days. The AI capabilities to solve these problems already exist — behavioral analysis, automated policy generation and real-time threat adaptation. But deploying them requires operational bandwidth most teams don’t have.
The multi-cloud access management reality
The complexity I’m witnessing goes beyond traditional VPN sprawl challenges. Take a healthcare enterprise I worked with: patient management on AWS, legacy billing on-premises, analytics on Azure and disaster recovery in a third cloud. Each environment has different access controls, identity providers and security policies. A nurse accessing patient data might touch four authentication systems — all managed by different teams with different tools.
This creates what I call “access policy drift” — where documented security policies increasingly diverge from actual access patterns needed to keep business running. Teams create exceptions and workarounds that become permanent fixtures.
This is particularly challenging for AI implementation because machine learning needs consistent, clean data to generate effective policies. When access patterns are a patchwork of exceptions across multiple platforms, the data feeding AI systems becomes unreliable. You can’t train intelligent access systems on inconsistent patterns and expect coherent policies.
How AI changes the access control game
The breakthrough with AI-powered ZTNA isn’t automating existing processes — it’s fundamentally changing how we approach access management. Instead of starting with policies and enforcing them, AI systems start with behavior and work backward to generate policies that reflect how people actually need to work.
A manufacturing client had spent months creating ZTNA policies for plant floor systems. Engineers needed OT systems and cloud design applications, quality control required read-only database access and maintenance teams needed elevated privileges during specific windows.
Instead of mapping access patterns upfront, the AI system spent two weeks in learning mode, analyzing actual behaviors and application interdependencies. It discovered that quality control processes required temporary write access to “read-only” systems. Maintenance staff needed broader access during night shifts when senior engineers weren’t available. Most importantly, it revealed undocumented communication pathways between legacy plant systems and cloud applications.
This is where AI fundamentally changes access control. Rather than forcing business processes to conform to security policies, AI-powered ZTNA generates policies that enable secure business processes. The system creates “behavioral baselines” — understanding not just what access is requested, but when, why and in what context.
For legacy applications — systems traditional ZTNA struggles with—AI can wrap applications with intelligent controls that understand actual usage patterns without requiring modifications or complex integration projects.
Why security teams stay trapped in firefighting
The most frustrating aspect isn’t technical challenges — it’s watching talented security professionals trapped in operational cycles, preventing them from implementing solutions they know they need.
I worked with a global logistics company where the CISO had advocated for AI-powered access automation for over a year. The business case was solid, the budget was approved and leadership was supportive. Nine months later, the project remained stalled.
The problem wasn’t resistance or lack of expertise. The team understood zero trust, had cloud security experience and held advanced certifications. They couldn’t find consecutive weeks to focus on implementation because of constant access-related incidents — emergency production access for failed deployments, M&A user integration and compliance audit gaps.
This is the “access management trap” — manual work maintaining current systems prevents implementing automated systems that could eliminate that work. Traditional ZTNA implementations often worsen this in the short term, requiring extensive upfront policy definition and application mapping.
The skills gap F5’s research identifies — 54% lacking AI expertise — is really a symptom. Security professionals can learn AI concepts; they can’t find time while managing daily operational demands.
Rethinking access control as business strategy
There’s a moment in every successful AI-powered ZTNA implementation I watch for. It’s not when the system goes live or dashboards show green. It’s when someone casually mentions they can’t remember the last time they troubleshot an access issue.
That moment represents intelligent access control becoming seamless and invisible. The AI isn’t just automating policies — it’s anticipating needs before they become problems. Users get access when needed without thinking about it. Security teams focus on strategic initiatives instead of firefighting.
But this only happens when organizations stop thinking about AI-powered ZTNA as a security tool and start seeing it as a business enabler. Successful companies ask different evaluation questions: “How will this remove friction from business processes?” rather than “How will this improve security posture?” “What new capabilities will this unlock?” instead of “What compliance requirements will this meet?”
This perspective shift transforms AI-powered ZTNA from defensive security into an offensive business capability. I’ve seen organizations use intelligent access control to enable real-time partner collaboration, accelerate digital transformation and generate policies dynamically for new applications.
The future belongs to organizations that understand this distinction. AI-powered access control isn’t the destination — it’s the foundation enabling everything else. Enterprises embracing this perspective find that intelligent access becomes invisible infrastructure, enabling their most ambitious business goals.
The choice isn’t which AI-powered ZTNA solution to implement. It’s whether your organization is ready to think about access control as a business accelerator rather than a security constraint. That mindset shift might be the most important transformation of all.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
No Responses