What Is Zero Trust Network Access (ZTNA)?
Zero Trust Network Access (ZTNA) is a security service that verifies users and grants access to specific applications based on identity and context policies. ZTNA removes implicit trust to restrict network movement and reduce attack surfaces.
Learn more about how a zero trust solution will secure your applications, networks, and data.
Contact Cisco
-
-
Call Sales:
- 1-800-553-6387
- US/CAN | 5am-5pm PT
Why is ZTNA needed?
Organizations need ZTNA because they face challenges with cloud migration, hybrid and remote working, and IT infrastructures built from multiple environments. They are looking for a streamlined solution to secure cloud and on-premises assets so they can serve their diverse and remote workforce.
What does ZTNA do?
Zero trust application access hides apps and services from discovery and authorizes access only to specific applications. By not allowing access to an entire network, ZTNA lowers the impact of a breach, reduces business visibility on the public internet, and minimizes security risk.
What are the benefits of zero trust network security?
Zero trust network security helps protect data, reduce risk, and build resilience by providing:
- Adaptive, context-aware access policies
- Continual user and device behavior monitoring
- Fast, secure access to cloud and network applications
- Unified management
- Scalable, simple adoption
How does ZTNA work?
ZTNA protects data by:
- Granting role-based, least-privileged access
- Setting perimeters around assets and controls network flow
- Hiding applications from the public internet
How does ZTNA protect organizations?
ZTNA protects organizations in these ways:
- Minimal access. A trust broker authorizes all connection requests based on identity and context policies and limits access to applications on a need-to-know basis.
- Segmentation. Perimeters around individual assets segment a network to control traffic flow and limit threat movement in a breach.
- Invisibility. ZTNA conceals infrastructure by hiding applications from public discovery and bridging users to applications without connecting to the network.
How do I set up a zero trust network?
You can set up a zero trust network by first assessing the value and vulnerability of corporate assets. Next, define and automate multi-factor authentication (MFA) policies to allow users and devices access to the assets they need. Finally, continuously monitor and verify access.
How does ZTNA help you achieve a zero trust architecture?
Achieving a zero trust architecture takes time, but ZTNA is a good start. In zero trust security, all access requests to applications, resources, and assets default to denial until trust is established. ZTNA applies the same policy to access gateways.
Does zero trust mean no VPN?
ZTNA can replace VPNs for remote, in-person, and hybrid work environments. VPNs provide broad network protection, but zero trust network access is a comprehensive solution that empowers organizations with more granular control.
Authorization
A VPN verifies users at point of entry to the private corporate network with a login and password. But mature ZTNA solutions perform continuous background monitoring of user and device context to adapt access levels at every connection request.
Accessibility
When users log in to a VPN, they are granted complete access to the entire network. ZTNA solutions connect authorized users directly to applications rather than to the network—and only to those applications they are authorized to access on need-to-know-based policies.
Speed
ZTNA solutions are faster than VPNs because they connect users directly to applications rather than sending traffic through a corporate data center. Resources can also be stored on the cloud and don't require a local network, which also leads to faster access.
Security
VPNs provide users full access to a network's resources, running the risk of exposing the network. Because ZTNA limits user connections to specific applications and continually verifies user and device trust, zero trust security can better reduce risk and build security resilience than VPNs can.