ZTNA: Zero Trust 
Network Access

Acronym Series


Written by: Ron Temske, Vice President of Strategy
Connect with Ron on LinkedIn

In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.

Acronym: ZTNA – Zero Trust Network Access 

Definition: At the most basic level, Zero Trust Network Access (ZTNA) is a principle of providing no implicit trust and requiring validation and authentication for all levels of network access. You could view ZTNA as a subset of the larger zero trust concept, explicitly focused on network and application-level access controls. ZTNA represents a departure from legacy thinking where being “on the network” or “on the virtual private network (VPN)” meant you had access to everything. Under a ZTNA structure, access is determined individually.

Explanation: 

ZTNA builds upon concepts that have been part of IT security for years, like role-based access control (RBAC), VPN, etc. There is significant confusion in the market over ZTNA concepts resulting from trying to classify ZTNA as a specific solution or product you can buy (it’s neither of those).

ZTNA can be broken down into a few core concepts and principles:

  • Access is never implicitly granted or inherited from another object
  • Access to any network, device, or application is individually evaluated and granted/denied as appropriate
  • Access is granular and not limited to just the extremes of full or no access
  • Access can be granted based on role but can also go deeper, including attributes such as device type, patch level of the device requesting access, geolocation, etc.
  • Sometimes, the term “Kipling Method Policy” is used. This is a reference to Rudyard Kipling’s 1902 poem, “I Keep Six Honest Serving Men,” where he states the questions of what, why, when, how, where, and who taught him all he knew. Similarly, these fundamental questions must be answered to provide access in a ZTNA environment.

 

Summary:

ZTNA is an important concept in the evolution of IT security. The key takeaway is that ZTNA is both a concept and a journey. You can’t buy ZTNA (though you can undoubtedly acquire services and technologies that will help you on the journey). Very few organizations can claim to be one hundred percent ZTNA-compliant. Recognize the benefits gained at each step of the journey, and don’t be discouraged when complete compliance isn’t realistic or possible.

 

Check Out More Resources