Chris ScheelsApril 16, 2021
Guide To ZTNA, Part 1: What is ZTNA? ZTNA Definition And Overview
This blog is the first of our 4-part guide to Zero Trust Network Access (ZTNA). Part 1 provides a ZTNA definition and general conceptual overview; part 2 describes different architectural approaches; part 3 explains what you should look for in a ZTNA solution; and part 4 reviews top considerations you should keep in mind during ZTNA implementation.
Traditional security perimeters have eroded as cloud applications, remote work and edge computing trends accelerate. With cyberthreats also intensifying, legacy network security control deficiencies are regularly cited as the cause of major data breaches. “Connect first, authenticate second” can no longer defend digital assets from malicious actors. Zero Trust Network Access (ZTNA) offers more robust protection and is now the industry-leading standard for secure enterprise access control.
Want to learn more about ZTNA?
Read the eBook:
What is ZTNA?
Zero Trust Network Access is based on the fundamental principle that no user—human or machine—should be automatically granted access to anything. It is the ultimate extension of the “principle of least privilege.” With ZTNA, a user is denied access to networks and digital assets by default and is only permitted access after their identity (user + device + context) is extensively authenticated. Dynamic policies and entitlements are then granted to the identity, provisioning limited access to authorized resources. These surgical entitlements are conditional and based on context and risk tolerance defined by your business.
Zero Trust Network Access is based on the fundamental principle that no user—human or machine—should be automatically granted access to anything. This “principle of least privilege” only grants access if conditional entitlements are verified and extensive identity and context authentication are satisfied.
Authenticating a user’s identity and access authorization is a multi-dimensional process. As depicted above, ZTNA starts by verifying the identity of the user/device to determine proper entitlements. Access is only granted to approved resources based on the context the user presents when connecting. In this way, the controller is acting as a Zero Trust policy decision point (PDP) and the gateway as a policy enforcement point (PEP). It’s infinitely more secure than using an IP address and username/password combo because the theft of basic credentials, IP spoofing and brute force attacks have made these traditional authentication methods vulnerable. ZTNA is a more dynamic solution that considers contextual factors.
The Zero Trust approach starts from a “default deny” posture, then extends limited, earned trust that is continuously reevaluated.
ZTNA also monitors to determine if access privileges should be adjusted or entirely revoked. It continuously evaluates the user and device in context, including the user’s role, device security posture, location, time and date and a range of other conditional requirements. This makes it possible to immediately interrupt suspicious behavior before it causes harm.
ZTNA permits access only after considering the full context. The platform monitors the environment for changes after access is granted and reevaluates a user’s conditions and privileges to ensure real-time protection.
In addition to improved secure access, another critical benefit of ZTNA is its ability to cloak your entire infrastructure and shrink the attack surface. This means all resources are 100% invisible to malicious actors and only visible to authenticated and authorized trusted users, providing yet another layer of security. Now that you understand the ZTNA definition let us compare ZTNA vs. SDP.
What is ZTNA Compared to SDP?
ZTNA was initially known as the Software-Defined Perimeter (SDP) and the names are often used interchangeably. By using these architectures, enterprises can modernize network security and:
- Strengthen and simplify access controls
- Reduce the attack surface
- Remove policy management complexity for admins
- Improve the end-user experience
- Unleash operations with integrations and automation
Ubiquitous enterprise perimeters are the main factor driving ZTNA adoption. It’s where the tailwinds of digital transformation efforts meet the headwinds of failing legacy network security solutions.
The most common initiatives driving ZTNA adoption are:
- Secure remote access and workforce enablement
- Privileged user and third-party risk reduction
- Secure multi-cloud/hybrid IT access and DevOps
- Café-style networking and overall network transformation
What is ZTNA? It’s the Modern Security Solution Enterprises Need
The days of siloed, legacy network access are over. These outdated solutions no longer support the security and agility requirements of digital businesses. The enterprise perimeter has been turned inside out, driving demand for a secure access solution capable of protecting all resources in a lightweight and flexible manner. That’s what ZTNA delivers.
Want to learn how ZTNA compares to other access controls and how to successfully implement ZTNA?
Want to see our ZTNA solution in action?
Schedule a demo