By now, you likely have a ZTNA strategy. But what about universal ZTNA? Universal zero trust network access refers to the use of ZTNA for on-premises and remote users, with no distinction made as to the user’s location. Using the principle of least privilege, regardless of location, universal ZTNA allows secure remote access anywhere — and businesses are taking notice of this model.
According to Gartner®: “Universal zero-trust network access is expected to grow to widespread adoption, greater than 40%, by 2027.” The shift to focus on hybrid workers, rather than solely remote workers, is driving this change, and requires a broader look at ZTNA overall.
Download the Gartner report: Emerging Tech: Universal ZTNA Drives Secure Access Consolidation for a deeper look into how to better support the hybrid workforce.
Our key takeaways
We believe this Gartner® report will help you gain insight into:
- The boom in universal ZTNA for secure remote access and what businesses can expect to see from this shift.
- Recommended actions for the next six to 18 months.
- Ways to evolve to universal ZTNA and what this means for your IT and Ops teams.
Frequently asked questions about ZTNA
Everything you need to know to get started on your ZTNA journey.
Q: What is the purpose of ZTNA?
A: Zero Trust Network Access (ZTNA) aims to enhance security by assuming that threats could exist inside and outside a company’s private network perimeter. ZTNA tenets include least privilege access, hiding your applications from public view, and using digital certificates for users and devices.
Q: What is the difference between ZTNA and universal ZTNA?
A: Universal ZTNA applies the same least privilege access policies regardless of the user. In traditional ZTNA, there may be differing policies for those located at an office or branch location rather than a remote employee working from a coffee shop or from home — but Universal ZTNA applies the same standards to both.
Q: How is ZTNA different from Zero Trust?
A: Zero trust is the overall strategy that relies on the core principle “never trust, always verify.”
According to Gartner, “Zero trust network access (ZTNA) creates identity- and context-based, logical-access boundaries around users, devices and applications.” Doing this hides the apps from discovery and restricts access using a trust broker and a set of named entities. The broker verifies users based on identity, context, and policies — and stops lateral movement in the network. Because application assets are removed from public visibility, potential attack surface is reduced.
However, it’s crucial to note that Zero Trust is not any one singular product or service; rather, it is a collection of services and solutions that work together to accomplish the principles of zero trust and least privilege.
In other words, zero trust is the strategy, and zero trust network access is the tool or technology used to get there.
Q: Do you need a VPN for ZTNA?
A: A VPN can help your business achieve the tenets of zero trust, including:
- Identity-driven authorization policies, which enforce secure access to only authorized applications and not the entire network.
- Use of additional security checks based on device identity, device security posture and user’s location context.
- Prevention of lateral movement on your network with strong identity authentication and network-level authorization for services access.
- Defining access controls based on user groups.
Q: What are the core principles of ZTNA?
A: There are three basic principles of ZTNA:
- Explicit verification — Each user and machine log-in must be verified using two-factor authentication (2FA) or multi-factor authentication (MFA). No access is permitted until requests are fully authenticated.
- Use of least privilege access — No single user or account has access to all applications. Not even high-level employees, management, or executives. Each user is assigned the permissions required to fulfill their tasks — nothing more.
- Assume data breach attacks are underway — Network administrators and IT teams operate as if each connection is a potential threat. No user is trusted unless authenticated, and possible injections and other attacks could be hiding on the network and have yet to be discovered.
Q: What specific environments are the best for ZTNA?
A: Remote or hybrid work environments are often the most in need of ZTNA technology. However, any business, from small and midsize to enterprise level can benefit from the zero trust strategy.
Q: How does ZTNA fit into the SASE framework?
A: ZTNA segments access based on user profiles and their associated trust levels for a more risk-informed access strategy. This is just one piece of the SASE framework.
Gartner, Emerging Tech: Universal ZTNA Drives Secure Access Consolidation, Charanpal Bhogal, Andrew Lerner, et. al., 20 December 2024.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.