Skip to main content

GLOSSARY · Network

Zero Trust Network Access ZTNA

Access model that verifies every connection request — user, device, application, context — instead of trusting the network it comes from. The successor to "if you're on the VPN, you're trusted".

Detailed definition

Zero Trust Network Access is the access model that replaces the implicit trust of legacy VPNs. The old model said: if you reach the VPN concentrator and authenticate, you’re “on the network”, and any system on that network treats you as trusted. The new model says: every request — even from someone already authenticated, even from a corporate device, even from inside the building — gets checked for identity, device posture, and context before access is granted.

Why “trust the network” stopped working

The VPN model was designed when there was a clear inside and outside — a perimeter you could draw, with trusted users inside and threats outside. Three changes broke that:

  1. Cloud apps — most of what users access (Microsoft 365, Google Workspace, Slack, GitHub) lives outside the network, so VPN traffic just routes through and back out
  2. Remote work — there is no “inside” anymore; everyone is remote at least some of the time
  3. Lateral movement — once an attacker is “on the network”, they can reach everything. Most breaches start with a phishing-stolen credential, end with the attacker pivoting through the network using the legitimate VPN access of the compromised user

What ZTNA looks like in practice

  • Per-application access, not network-level. You’re granted access to one specific app, not to “the network”.
  • Identity-aware — every request includes user identity, MFA status, group membership.
  • Device posture checks — is the device managed? Encrypted? Running current OS / EDR? Off the network if not.
  • Continuous reverification — sessions are short and reauthenticated, not “logged in for 8 hours”.

We deploy ZTNA via SonicWall Cloud Secure Edge and Cloudflare Access. Both replace VPN access with per-app brokered connections that are dramatically less attractive to attackers — there’s no flat network to pivot through if a credential leaks.

RELATED TERMS

Need help applying ZTNA to your business?

We've done this kind of work across New York. First conversation is free.