ZTNA Is Possible for Small Businesses


Zero Trust Network Access

When you see the letters ZTNA, you may not immediately think cybersecurity, but you should, as those letters stand for zero-trust network access. This article explains what ZTNA is and why it is advisable for securing remote access.


Globally, work environments are re-opening to employees. Yet remote work is here to stay. The consulting firm McKinsey suggests that “the virus has broken through cultural and technological barriers that prevented remote work in the past, setting in motion a structural shift in where work takes place.”


That probably means a shift at your business, too. One obvious change is the need to provide remote access to systems and software. You may have provided employees with business laptops for use away from the office. Perhaps you added a virtual private network (VPN) to secure application access. Many businesses turned to cloud-based solutions as another answer.


Yet all this digital business transformation increases business cybersecurity risk. Remote workers want access from anywhere, anytime, from any device. While this supports convenient connections and collaborations online, the attack surface also grows.


Traditional methods verify users relying on IP addresses and network location, but security and risk-management leaders suggest this approach involves “excessive implicit trust.” That’s why ZTNA’s identity- and context-based verification is the latest trend for businesses.


What Is ZTNA?


ZTNA is an adaptive, context-based way to offer remote-worker access. Developed in 2010, zero trust security sees trust as a vulnerability. Trust undermines vigilance, according to ZTNA’s creator. Instead ZTNA has three key ideas:

  1. Act as if you’ve been breached already.

  2. Verify explicitly.

  3. Limit user access to just enough access and just-in-time access.

If you assume everything is a potential threat, you will verify each access attempt. ZTNA doesn’t have to replace VPN completely, but it often will, especially as ZTNA addresses hardware and bandwidth limitations of traditional VPN access.


Some businesses add multifactor authentication (MFA), too. The old model that establishes a safety perimeter based on device location is broken. Mobile and remote work have rendered it unreliable.


Why ZTNA for Remote Work?


Remote workers connect via unsecured public networks or inadequately protected home networks. They use personal devices. So, ZTNA makes sense.


ZTNA grants access based on the identity of the humans and their devices, but that’s not all. It adaptively considers contextual clues (such as time/date, geolocation, and device posture).


Adding MFA moves the verification of trust beyond single factor. For example, a hacker with stolen access credentials might get past a single-factor check, but with MFA, the hacker would also need to have access to the individual’s physical device.