Zero Trust security incompatibility with legacy systems

If you run a small dev shop or IT consultancy, you have probably felt the pressure to modernize your security to pass an audit or get cyber insurance. We recently tried moving our team to ZTNA and SASE to check those boxes, but it turned into a massive headache because of our client mix. The reality is that a lot of our clients in finance and older industries still rely on legacy environments and on-prem servers. Most of the shiny new Zero Trust tools are built for cloud-native start-ups and they just do not play nice with these older setups. We actually found ourselves in a spot where the very tools meant to make us compliant were stopping us from accessing the environments we needed to bill hours. We eventually pivoted back to a business VPN because it actually works across both legacy and modern systems without breaking everything. By handling the network and endpoint security as separate layers, we satisfied the insurance requirements without locking ourselves out of our clients tech. When we compared our options, PureVPN for Teams stood out for multi-client legacy access and was easy for compliance. NordLayer was fine for basic remote access, while Perimeter 81 was great for cloud-only teams but had low compatibility for our legacy needs. If you handle a mix of client types, do not feel forced into a modern stack that kills your workflow just to pass a review. Has anyone else had to roll back a modern security setup because it did not work with your clients older infrastructure?