Secure Private Access (ZTNA)
Secure Private Access (ZTNA) provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies. Unlike Virtual Private Networks (VPNs), which grant access to an entire network, Secure Private Access grants access only to specific services or applications. Because more and more users are accessing resources from anywhere, Secure Private Access can help eliminate gaps in other secure remote access technologies and methods.
Secure Private Access enforces granular, adaptive, and context-aware policies for providing secure and seamless access to private applications hosted across clouds and corporate data centers, from any remote location and from any device. That context can be a combination of user identity, user or service location, time of the day, type of service, and security posture of the device.
Secure Private Access allows "least privilege" access only to specific applications within a network, reducing the attack surface and preventing lateral movement of threats from compromised accounts or devices. Secure Private Access builds upon the concept of Zero Trust, which asserts that to ensure data safety and integrity, organizations must not trust any entity inside or outside the security perimeters.
Instead, they must verify every user or device before granting access to sensitive resources. Secure Private Access addresses these common use cases:
- Secure remote access to private applications. As organizations move their business-critical applications across multiple cloud environments for easy collaboration, they are challenged to monitor each device to secure access and prevent data exfiltration. Secure Private Access enables adaptive, context-aware access to private apps from any location and device. Access is denied by default unless explicitly allowed. The context for app access may include identity, device type, user location, and device security posture.
- Enhance or replace VPN connections. Securing remote user access through software and hardware-intensive VPNs can increase the capital expenditure and bandwidth costs. Secure Private Access provides fast, direct access to cloud applications, reducing networking complexity, cost, and latency while optimizing the remote workforce.
- Limit user access. Perimeter-based security solutions permit full network access to any user with valid login credentials, potentially exposing sensitive data to compromised accounts and insider threats. Once they have access to the entire network, bad actors can move freely through the network, largely undetected. With Secure Private Access, user access is restricted to specific applications as well as on a need-to-know basis. All connections are verified before access is granted to specific internal resources.