Zero Trust Network Access (ZTNA)
What is Zero Trust Network Access (ZTNA)?

Zero Trust Network Access (ZTNA) represents a set of innovative technologies designed for secure access to private applications. Also referred to as software-defined perimeter (SDP), ZTNA technologies use granular access policies to connect authorized users to specific applications without the need for access to the entire corporate network, establishing least-privilege app-level segmentation as a replacement for network segmentation and, unlike a VPN concentrator, avoiding exposure of the applications’ location to the public internet.

Zero Trust Network Access (ZTNA).
  • ZTNA explained
  • Key concepts of ZTNA
  • ZTNA use cases
  • HPE Aruba Networking ZTNA
ZTNA explained
Diagram: Understanding ZTNA services and how they work.

ZTNA explained

The reason ZTNA adoption is becoming more prevalent is due to the need to work from anywhere, whereby every user, application and device now safely connects via the internet. This makes sense, as more business apps become SaaS-based and private apps continue to run in hybrid or multi-cloud environments.

The challenge is that the Internet is purely designed to connect things, not to block them. With a proper IP address and outbound call capabilities, all devices can communicate through the Internet. Threat actors exploit organizations that do not have the proper Zero Trust strategies in place.

Unlike VPNs or firewalls, ZTNA services are designed to securely connect specific entities to each other, without the need for overall network access. In most cases these are employees and third-party users connecting from home, on the road, or in the office. But this is not limited to just users; ZTNA can also apply to application-to-application traffic as well in the form of microsegmentation.

Related products, solutions or services

HPE Aruba Networking SSE

Enable seamless and secure access for every user, device, and application from anywhere with Security Service Edge (SSE).

Related topics

Zero Trust

Security Service Edge (SSE)

Secure Access Service Edge (SASE)