ZTNA: Zero Trust
Written by: Ron Temske, Vice President of Strategy
Connect with Ron on LinkedIn
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.
Acronym: ZTNA – Zero Trust Network Access
Definition: At the most basic level, Zero Trust Network Access (ZTNA) is a principle of providing no implicit trust and requiring validation and authentication for all levels of network access. You could view ZTNA as a subset of the larger zero trust concept, explicitly focused on network and application-level access controls. ZTNA represents a departure from legacy thinking where being “on the network” or “on the virtual private network (VPN)” meant you had access to everything. Under a ZTNA structure, access is determined individually.
ZTNA builds upon concepts that have been part of IT security for years, like role-based access control (RBAC), VPN, etc. There is significant confusion in the market over ZTNA concepts resulting from trying to classify ZTNA as a specific solution or product you can buy (it’s neither of those).
ZTNA can be broken down into a few core concepts and principles:
- Access is never implicitly granted or inherited from another object
- Access to any network, device, or application is individually evaluated and granted/denied as appropriate
- Access is granular and not limited to just the extremes of full or no access
- Access can be granted based on role but can also go deeper, including attributes such as device type, patch level of the device requesting access, geolocation, etc.
- Sometimes, the term “Kipling Method Policy” is used. This is a reference to Rudyard Kipling’s 1902 poem, “I Keep Six Honest Serving Men,” where he states the questions of what, why, when, how, where, and who taught him all he knew. Similarly, these fundamental questions must be answered to provide access in a ZTNA environment.
ZTNA is an important concept in the evolution of IT security. The key takeaway is that ZTNA is both a concept and a journey. You can’t buy ZTNA (though you can undoubtedly acquire services and technologies that will help you on the journey). Very few organizations can claim to be one hundred percent ZTNA-compliant. Recognize the benefits gained at each step of the journey, and don’t be discouraged when complete compliance isn’t realistic or possible.
Check Out More Resources
Wireless LAN Professionals Conference 2023
Nexum attended this year’s Wireless LAN Professionals Conference (WLPC) in Phoenix, AZ. Check out the recap!
SNOCC Quarterly Threat Update Q1 2023
Each quarter, the managed security team at Nexum shares insights from our first*defense SNOCCs. In this post, macro trends include vulnerabilities in Exchange, socially engineered phishing, IoT, Edge and infrastructure devices, and geo-blocking.
DNS Privacy (DoT & DoH) & Enterprise Security
DNS privacy and security are two considerations with competing goals. DoT and DoH undermine enterprise security for the benefit of privacy. ECS erodes privacy for distributed cloud-based resources. Let’s look at how these standards work and your options in defense or offense.