How to Select the Right ZTNA Offering: Gartner Report

Webinar: Transitioning to a ZTNA Model

Watch this webinar replay to hear from analyst John Grady from Enterprise Strategy Group (ESG) for a roadmap to begin the journey to ZTNA in your SMB.

Watch the replay -->

The IT Admin’s Guide to Evaluating Network Security Solutions

Point vs. platform; VPN vs. SASE vs. SSE vs. ZTNA; vendor reputation — where do you begin? Cut through the marketing jargon with our guide and free vendor evaluation checklist.

Download the guide -->

Enforce ZTNA with a VPN

Enforcing Zero Trust Access is a critical layer of a reliable security program. Find out how a VPN like CloudConnexa can help.

Zero Trust VPN -->

ZTNA — Beyond the Acronym

Learn how to incorporate the tenets of ZTNA and get started on your ZTNA journey.

Getting started with ZTNA -->

What is the purpose of ZTNA?

Zero Trust Network Access (ZTNA) aims to enhance security by assuming that threats could exist inside and outside a company’s private network perimeter. ZTNA tenets include least privilege access, hiding your applications from public view, and using digital certificates for users and devices.

How is ZTNA different from Zero Trust?

Zero trust is the overall strategy that relies on the core principle “never trust, always verify.”

According to Gartner, “Zero trust network access (ZTNA) creates identity- and context-based, logical-access boundaries around users, devices and applications..” Doing this hides the apps from discovery and restricts access using a trust broker and a set of named entities. The broker verifies users based on identity, context, and policies — and stops lateral movement in the network. Because application assets are removed from public visibility, potential attack surface is reduced.

However, it’s crucial to note that Zero Trust is not any one singular product or service, rather it is a collection of services and solutions that work together to accomplish the principles of zero trust and least privilege.

In other words, zero trust is the strategy, zero trust network access is the tool or technology used to get there.

Do you need a VPN for ZTNA?

A VPN can help your business achieve the tenets of zero trust including:

Identity-driven authorization policies, which enforce secure access to only authorized applications and not the entire network.
Use of additional security checks based on device identity, device security posture and user’s location context.
Prevention of lateral movement on your network with strong identity authentication and network-level authorization for services access.
Defining access controls based on user groups.

What are the core principles of ZTNA?

There are three basic principles of ZTNA:

Explicit verification — Each user and machine log-in must be verified using two-factor authentication (2FA) or multi-factor authentication (MFA). No access is permitted until requests are fully authenticated.
Use of least privilege access — No single user or account has access to all applications. Not even high-level employees, management, or executives. Each user is assigned the permissions required to fulfill their tasks — nothing more
Assume data breach attacks are underway — Network administrators and IT teams operate as if each connection is a potential threat. No user is trusted unless authenticated, and possible injections and other attacks could be hiding on the network and have yet to be discovered.

What specific environments are the best for ZTNA?

Remote or hybrid work environments are often the most in need of ZTNA technology. However, any business, from small and midsize to enterprise level can benefit from the zero trust strategy.

How does ZTNA fit into the SASE framework?

ZTNA segments access based on user profiles and their associated trust levels for a more risk-informed access strategy. This is just one piece of the SASE framework.

Oops! Looks like that report is no longer available.

Additional Resources