A Zero Trust approach to cyber security is a concept that has been around for decades, but thanks to advances in technology and the need to adapt cyber security capabilities to support secure hybrid working models and ways of doing business in the digital era, it has never been more relevant.
As businesses embrace Digital Transformation and become increasingly cloud-native, mobile, and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate protection from these threats.
Zero Trust architectures have gained popularity as a more secure, yet flexible and future-proof alternative to traditional perimeter-based security. By eliminating the very notion of a trusted system, ZT architectures enforce strict identity verification and least-privilege access policies for every user, device, or application, regardless of where they are located.
Zero Trust Network Access (ZTNA) solutions apply this concept to network-based access to existing applications and other systems. By creating a logical identity- and context-based overlay for existing networks and preventing discovery and access of applications for unauthorized users, ZTNA solutions enforce strict, fine-grained policies, thus eliminating the possibility of implicit trust and unchecked access to sensitive resources.
ZTNA is the key technology that enables modern Zero Trust architectures, together with comprehensive identity management, strong multi-factor authentication, and real-time behavior analytics. End user organizations have a multitude of solutions to choose from that promise to address various usage scenarios from cloud migration, and seamless hybrid and multi-cloud architectures, to modern replacements for VPN.
“ Existing ZTNA solutions might be based on different underlying technologies and focus on different aspects of the Zero Trust methodology, but fundamentally, all of them solve the same problem: enabling secure yet convenient access to business applications and other resources for users regardless of their location, whether in an office, at home or anywhere else.”
— Alexei Balaganski, Lead Analyst, KuppingerCole
Because we understand the importance of effective cyber security in the digital era, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats about implementing a Zero Trust approach.
Research
Get to grips with the ZTNA solutions market by reading the recently published Leadership Compass on Zero Trust Network Access, which will help you to understand what is available and to find the solution that best meets your needs.
Understand the relationship between CASBs and ZTNA, and which CASBs provide ZTNA functionality and support in this Market Compass on Cloud Access Security Brokers. And for further exploration of the role of ZTNA in cloud security, have a look at this Market Compass on Cloud-delivered Security.
Advisories
Understand the relationship between ZTNA and SASE by reading this Advisory Note on Implementing SASE, which looks at the definition and promise of SASE, and provides a way of assessing whether SASE is a good fit for your organization.
Audio/video
If you would like to hear what our analysts have to say on the topic of ZTNA, listen to this Analyst Chat on Practical Zero Trust, which looks at practical approaches to implementing Zero Trust for specific, real-world use cases.
For broader perspectives, listen to these Analyst Chats on Zero Trust as a Concept for … Trust and Security, and why Zero Trust Means Zero Blind Spots.
Other broad perspective presentations from past KuppingerCole events include these on Zero Trust Use Cases, Zero Trust 101, and Alignment of Zero Trust with Business Strategy.
There are also several panel discussions to choose from. Have a look at the following list and select those that are most interesting or applicable to your organization:
- Zero Trust in the Enterprise
- Zeroing in on Zero Trust: A Paradigm Shift in Cybersecurity
- Why Segmentation Must Be an Essential Part of Your Zero Trust Program
Blogs
Ivanti’s acquisition of MobileIron and Pulse Secure in 2020 brought together UEM and device security, VPN and ZTNA, and strong MFA. For an analysis of this acquisition, have a look at this blog post entitled: Ivanti’s Zero Trust Journey.
For some short, incisive pieces about the broader topic of implementing Zero Trust, have a look at the following list of blog posts:
- Zero Trust Paradigm for the Future of Security
- Zero Trust: We’re Nowhere Near the End of the Story Yet
- Why Digital Trust Is at the Top of CXOs’ Agenda… Even if They Don’t Realise It
- User Experience Above All - Secure Access for Employees, Devices and Applications!
Webinars
Get a thorough understanding of the Zero Trust concept, its importance to the digital enterprise, and how ZTNA can be integrated into a Zero Trust approach in this Webinar entitled: Zero Trust Through Dynamic Authorization and Policy Driven Access.
Improve your understanding of the essential components of a Zero Trust Architecture, find out why policy-based access management is essential, and learn how Dynamic Authorization drives Zero Trust in this Webinar entitled: Zero Trust: Now Is the Time and PBAC Is Key.
Whitepapers
"Don't trust, always verify" is the foundation of the Zero Trust principle. Discover how identity is at the core of Zero Trust in this Whitepaper on The Role of Identity for Zero Trust.
Insight
No matter where your organization is in the journey to Zero Trust, have a look at KuppingerCole’s Comprehensive Guide to Zero Trust Implementation. Whether you are looking for help on how to start or just to check you are on the right track, this guide is essential to any organization seeking to protect modern hybrid IT environments.
Tech Investment
Organizations investing in technologies to support Zero Trust can have a look at some of the related technology solutions that we have evaluated:
- Akamai Zero Trust Security
- Cisco Zero Trust Security
- Google's Cloud Identity
- Safe-T Software Defined Access
- Zscaler Security-as-a-Service Platform
- PortSys Total Access Control
- Nucleon Smart Endpoint
- Cisco Zero Trust Security
- ARCON PAM SaaS