Introducing Illumio Insights — breakthrough AI-powered observability, detection, and containment.
Read more

Experienced a Breach?

|
Contact Us
|
+1 855 426 3983
back to glossary

ZTNA (Zero Trust Network Access)

Zero Trust Network Access (ZTNA) models adaptively grant access to authorized users or devices based on contextual awareness. These systems set access permissions to deny by default, and only authorized users who are approved based on identity, time, device, and other configurable parameters are provided access to your network, data, or applications. Access is never implicitly granted and is only granted on a preapproved and need-to-know basis.

Cybercrime is expected to cost society upwards of $6 trillion annually. IT departments today are responsible for managing a substantially larger attack surface than ever before. Potential attack targets include network endpoints between devices and servers (the network attack surface), code that your networks and devices run (the software attack surface), and the physical devices that are open to attack (the physical attack surface).

With the growth of remote work and the use of cloud applications for everyday tasks, it can be difficult to provide workers with the access they need while simultaneously protecting your organization from malicious attacks. This is where zero trust network access (ZTNA) comes in.

How Zero Trust Network Access (ZTNA) Works

In the ZTNA model, access is only approved once a user is authenticated by the ZTNA service which then provides an application or network access via a secure and encrypted tunnel. The service prevents users from seeing applications or data that they do not have permission to access, thereby preempting lateral movement by a would-be attacker. This kind of movement is something that would otherwise be possible if a compromised endpoint or approved credentials could be used by an unauthorized device or agent to pivot to other services or applications.

With ZTNA, protected applications are also hidden from discovery, and access to them is restricted via the ZTNA service (also known as a trust broker) to a set of preapproved entities. A trust broker will only grant access to an entity if the following conditions have been met:

  • The entity (a user, device, or network) supplies the broker with the right credentials.
  • The context in which access is requested is valid.
  • All applicable policies for access within that given context have been followed.

In ZTNA, access policies are customizable and can be changed based on system needs. For example, in addition to the requirements above, you can implement location or device-based access control that prevents vulnerable or unapproved devices from connecting to a protected network.

Zero Trust Network Access (ZTNA) Benefits

Firstly, since application access is isolated from network access in the ZTNA framework, network exposure to infection or access by compromised devices is reduced.

Secondly, ZTNA models only make outbound connections. This helps to ensure that network and application infrastructures are invisible to unauthorized or unapproved users.

Thirdly, once a user is authorized, application access is provisioned on a one-to-one basis; users can only access applications they have been explicitly granted access to instead of enjoying complete network access.

Finally, since ZTNA is software-defined, device and application management overheads can be substantially reduced.

Zero Trust Network Access (ZTNA) Use Cases

Here are a few popular use cases that illustrate the power of ZTNA security models.

Replacing VPN

VPNs are slow, relatively unsecure, and can be difficult to manage. ZTNA is fast becoming the preferred security model that is posed to replace VPN for provisioning remote access to central networks.

Reduced Third-party and Vendor Risks

Access permissions and data transfers to or from third-parties or external vendors are an inherent security gap for your IT infrastructure. With ZTNA, you can reduce these risks by ensuring that external users never gain access to a secured network unless they are authorized and that, even with access, they only have access to specific applications or databases for which they are approved access.

Deploying Zero Trust Network Access (ZTNA)

You can deploy ZTNA at your organization as follows:

  • Via gateway integration, in which any traffic attempting to cross a network boundary will be filtered by your gateway.
  • Via secure software-defined WAN that can optimize and automate network access using a built-in security stack in each network appliance.
  • Via Secure Access Service Edge (SASE) that provides software-defined WAN security via a virtual cloud appliance.

ZTNA is recognized as a cybersecurity best practice. The best thing about ZTNA is that it does not require a significant redesign of your existing network to deploy it. However, since any IT endeavor requires onboarding people and devices and redefining policies, and ensuring stakeholder buy-in, decision-makers must consider the following before partnering with a ZTNA solutions provider:

  • Does the solution help you to secure data and applications with microperimeters?
  • Can you protect data in transit?
  • Does it have default-deny segmentation and granular policy design and testing?
  • Can it be deployed irrespective of your existing infrastructure?
  • Does it provide violation alerts?
  • What kind of workload security provisions are available?
  • Does the solution provide user-based segmentation, remote access control, and lateral movement prevention?
  • Is there device-level segmentation, unknown device detection, and device quarantine?
  • Is there default containment, even before threats are identified?
  • What kinds of visibility do users have, and what kinds of audits are available?
  • What kinds of integrations are included? Consider the following:
  • Orchestration with Chef, Puppet, or Ansible
  • Container platform orchestration with Red Hat OpenShift, Kubernetes, or Docker
  • Security analytics with Splunk and IBM QRadar
  • Vulnerability management tools such as Qualys, Tenable, or Rapid7
  • Public cloud tools such as AWS Cloud Formation, AWS GuardDuty, and Azure
  • How quickly can I segment my network environments?
  • How can my existing investments such as host firewalls, switches, and load balancers be leveraged to enforce segmentation across legacy and hybrid systems?
  • What kinds of REST API integrations are supported? Important tools to check for include OneOps, Chef, Puppet, Jenkins, Docker, and OpenStack Heat/Murano
back to glossary

ZTNA (Zero Trust Network Access)

blog posts

Zero Trust Segmentation

How SWACRIT and ROS\\TECH Closed the Segmentation Gap With Illumio

See how SWACRIT and ROS\\TECH used Illumio to fix flat network architecture, stop lateral movement, and build scalable Zero Trust segmentation after a domain migration.
read now
Illumio Products

See What’s New at Illumio: Better Security, Visibility, and Efficiency

Discover the latest Illumio platform updates designed to simplify security, improve visibility, and help teams stop breaches faster across hybrid and multi-cloud environments.
read now
Zero Trust Segmentation

3 Takeaways from the 2025 Gartner® Market Guide for Network Security Microsegmentation

Explore key microsegmentation market trends, emerging capabilities, and how Illumio is helping organizations contain breaches and simplify segmentation.
read now

ZTNA (Zero Trust Network Access)

briefs

Brief

Illumio + NVIDIA Deliver Zero Trust for OT Environments

Learn how Illumio and NVIDIA help you achieve microsegmentation in critical OT environments without forcing changes to your OT devices.

read now
Brief

Accelerating Zero Trust with Proactive Threat Prevention, Visibility, and Microsegmentation

Learn how the Check Point and Illumio integration helps stop lateral movement and strengthen Zero Trust security across hybrid cloud environments.

read now
Brief

Illumio Segmentation

Control lateral movement to stop breaches and ransomware attacks from becoming cyber disasters.

read now

ZTNA (Zero Trust Network Access)

demos

Demo

Illumio Segmentation Demo

Illumio Segmentation provides real-time visibility and microsegmentation to contain breaches.

read now

ZTNA (Zero Trust Network Access)

guides

Guide

Microsegmentation Myths Debunked

Learn what's true about microsegmentation, what's not, and why it matters for your cybersecurity strategy.

read now
Guide

6 Steps to Implementing a Zero Trust Model

Learn key best practices to building stronger Zero Trust security to protect against ransomware and other cyberattacks.

read now

ZTNA (Zero Trust Network Access)

infographics

No items found.

ZTNA (Zero Trust Network Access)

reports

Report

2025 Gartner® Market Guide for Network Security Microsegmentation

Get expert insights from Gartner on the network security microsegmentation market and its recognized Representative Vendors, including Illumio Segmentation.

read now
Report

Illumio: A Leader in Microsegmentation

Download your copy of The Forrester Wave for Microsegmentation Solutions.

read now
Report

"The Time for Microsegmentation Is Now" Webinar Q&A

Forrester Sr. Analyst David Holmes offers valuable perspectives on the importance of microsegmentation and more.

read now

ZTNA (Zero Trust Network Access)

webinars

webinar

How Zero Trust Segmentation Reduces Zero-Day Vulnerabilities and Protects Assets

Join Kyndryl and Illumio for an exclusive session tailored for security and IT leaders in financial services. Cxplore how Kyndryl and Illumio can help you build a resilient Zero Trust architecture.

learn more
webinar

Inside the Forrester Wave for Microsegmentation Solutions

Join Scott Smith, analyst relations director at Illumio, as he interviews John Kindervag, Illumio’s chief evangelist and the visionary behind zero trust. Discover why microsegmentation is essential for modern networks and what Illumio's top placement in the Forrester Wave means for the future of cybersecurity.

learn more
webinar

From Vulnerable to Invincible: Reinforcing Your Network with Micro-Segmentation

Attend this webinar to discover how implementing microsegmentation with Stratejm Security-as-a-Service powered by Illumio can transform your security posture.

learn more

ZTNA (Zero Trust Network Access)

videos

Video

The Efficacy of Microsegmentation: Insights From Bishop Fox

Rob Ragan of Bishop Fox discusses the red team specialist's test on the efficacy of microsegmentation to prevent lateral movement attacks.

read now
Video

5 Best Practices for Microsegmentation in Your Cisco Data Center

Reduce complexity and enable effective microsegmentation in your Cisco data center environment.

read now

ZTNA (Zero Trust Network Access)

blog posts

No items found.

ZTNA (Zero Trust Network Access)

briefs

No items found.

ZTNA (Zero Trust Network Access)

demos

No items found.

ZTNA (Zero Trust Network Access)

reports

No items found.

ZTNA (Zero Trust Network Access)

webinars

No items found.

ZTNA (Zero Trust Network Access)

videos

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more