GLOSSARY · Network
Zero Trust Network Access ZTNA
Access model that verifies every connection request — user, device, application, context — instead of trusting the network it comes from. The successor to "if you're on the VPN, you're trusted".
Detailed definition
Zero Trust Network Access is the access model that replaces the implicit trust of legacy VPNs. The old model said: if you reach the VPN concentrator and authenticate, you’re “on the network”, and any system on that network treats you as trusted. The new model says: every request — even from someone already authenticated, even from a corporate device, even from inside the building — gets checked for identity, device posture, and context before access is granted.
Why “trust the network” stopped working
The VPN model was designed when there was a clear inside and outside — a perimeter you could draw, with trusted users inside and threats outside. Three changes broke that:
- Cloud apps — most of what users access (Microsoft 365, Google Workspace, Slack, GitHub) lives outside the network, so VPN traffic just routes through and back out
- Remote work — there is no “inside” anymore; everyone is remote at least some of the time
- Lateral movement — once an attacker is “on the network”, they can reach everything. Most breaches start with a phishing-stolen credential, end with the attacker pivoting through the network using the legitimate VPN access of the compromised user
What ZTNA looks like in practice
- Per-application access, not network-level. You’re granted access to one specific app, not to “the network”.
- Identity-aware — every request includes user identity, MFA status, group membership.
- Device posture checks — is the device managed? Encrypted? Running current OS / EDR? Off the network if not.
- Continuous reverification — sessions are short and reauthenticated, not “logged in for 8 hours”.
We deploy ZTNA via SonicWall Cloud Secure Edge and Cloudflare Access. Both replace VPN access with per-app brokered connections that are dramatically less attractive to attackers — there’s no flat network to pivot through if a credential leaks.
HOW WE HELP
Related Bytes Unlimited services
-
SonicWall CSE
SonicWall Cloud Secure Edge — zero-trust access, threat protection, and edge security as a managed service.
-
Duo MFA
Duo multi-factor authentication rollout — app and hardware token enrollment, policy tuning, and end-user training.
-
Cloudflare
Cloudflare DNS, WAF, Turnstile, and Workers configuration. CDN + edge security on top of your origin.
AUTHORITATIVE SOURCES
External references
Need help applying ZTNA to your business?
We've done this kind of work across New York. First conversation is free.