Zero Trust Network Access (ZTNA) is a network security architecture that applies zero trust principles to provide application access to users and devices based on their identity and context. ZTNA is a cybersecurity model that migrates the access control of applications from network-based perimeters to a context and policy based approach, which grants user and device access to only resources they need within the enterprise. Zero trust principles assume no clients are implicitly trusted solely based on their network locations, and authentication and authorization are performed against the client before connectivity to the requested application is established.
Attributes of ZTNA that enforce the zero trust principles include:
- Implicitly deny all connectivity even if the end device is inside the enterprise network. Trust is not granted entirely based on network properties.
- Authentication and authorization of users and devices creates identity and context-based policies that provide access to only the data and apps requested.
- Access restricted via trusted entities (i.e. IDP) which verifies the identity and context. No session is established from the end device before access is granted.
- Continuous monitoring, granular visibility and enforcement to assure users abide by the adhered policies.
Zero Trust Network Access is a hot topic in the post-pandemic era as remote access is becoming as vital as ever to organizations as they go on a journey of digital transformation. The requirements for a dynamic secure access architecture to increase user productivity have greatly driven the demand and adoption of ZTNA.
Traditionally, remote access relied on VPN technologies that connected client devices to VPN concentrators in the data center. Once the end devices are authenticated, they are granted full access to the local networks in the data center. This legacy method of connecting users to the data center has become obsolete as more workloads are running in the cloud and more applications are consumed via SaaS than the data center.
In summary, there are three major trends driving the need for ZTNA:
- Digital business transformation – services and software consumed by businesses are more dynamic than ever and they require low-latency and optimal connectivity from anywhere. The traditional method of hairpinning authorized users through the data center is simply too slow.
- End Users – the dramatic increase in remote workers post-pandemic and demand for BYOD and unmanaged devices within organizations have brought up security requirements that traditional VPN cannot address. It has become critical to protect the resources rather than network segments, and apply policies with a least-privilege model in terms of application access.
- Applications – business-critical applications that users consume have shifted to SaaS services outside of enterprise infrastructure and these applications require additional capabilities to apply user-aware policies.
Zero Trust Network Access addresses these challenges by providing controlled access to resources, reducing the surface area for attack, and inserting a trust entity to broker the connections between applications and end users.