What is ZTNA?

Zero Trust Network Access (ZTNA)

Created in April of 2019 by Gartner, the term Zero Trust Network Access (ZTNA) represents a set of new technologies designed for secure access to private applications.

Also referred to as Software-defined perimeter (SDP), ZTNA technologies use granular access policies to connect authorized users to specific applications, without the need for access to the corporate network, establish least-privileged app-level segmentation as a replacement for network segmentation, and without exposing the applications location to the public internet unlike a VPN concentrator.

Gartner expects that by 2023, 60% of organizations will even replace their VPN with ZTNA service. This has led ZTNA to become the fastest growing zero trust product in the industry, and often making it the beginning point for IT leaders looking to adopt a secure access service edge (SASE) architecture.

Understanding ZTNA Services and How They Work

It’s first important to realize that the reason ZTNA is exploding is because of the fact that every due to work from anywhere every user, application and device now connects via the Internet. This makes sense, as more business apps become SaaS and private apps continue to run in hybrid or multi-cloud environments.

The challenge is that the Internet is purely designed to connect things, not to block them. With the proper IP address and outbound call all entities have the ability to communicate. Threat actors love this, and exploit companies who do not have the proper zero trust strategies in place.

Unlike VPNs or firewalls. ZTNA services are designed to securely connect specific entities to each other, without the need for network access. In most cases these are employees and third-party users connecting from home, on the road, or in the office. But this is not limited to just users, it’s important to understand that ZTNA can also apply to application-to-application traffic as well in the form of microsegmentation.

Some key concepts about ZTNA for you to know:

1. With ZTNA access is granted based on identity and policy. The policies adapt based on changes in context (device health change, employee status change, suspicious activity etc.) – ensuring that access is always continuously adaptive. Only after proper inspection of traffic, and validation of identity dn policy, does the ZTNA service broker a secure 1:1 connection between the authorized entity and the business application.
2. In-office employee access – Avoid inherently trusting on-premises users, and leverage publicly hosted zero trust brokers, or private brokers that deploy within your own environment for a least-privilege access with simpler segmentation, faster user experience, easier compliance
3. Securing Third-party access – Use agentless access to securely enable business ecosystem partners, suppliers, vendors and customers to access critical business data, without granting access to the corporate network
4. Accelerate IT Integration during M&A or divestitures – ZTNA helps accelerate the process of each down from 9-14 months, to just days or weeks by avoiding the need to consolidate (or split) networks, to deal with NATing for overlapping IPs, or to stand up expensive VDI infrastructure

ZTNA brings significant benefits in user experience, agility, adaptability and ease of policy management. For cloud-based ZTNA offerings, scalability and ease of adoption are additional benefits. ZTNA enables digital business transformation scenarios that are ill-suited to legacy access approaches.”

Marketing Guide for Zero Trust Network Access, June 2020

Common Use Cases for ZTNA

Hopefully the above are helpful for you as you look to adopt ZTNA within your business.

They will help to frame the questions that you should ask every ZTNA vendor you are evaluating.

If you’re interested in learning more about ZTNA please feel free to schedule some time to meet with one of our experts!

Schedule a demo