Zero Trust has been all the rage for several years; it states, “never trust, always verify” and assumes every attempt to access the network or an application could be a threat. For the last several years, zero trust network access (ZTNA) has become the common term to describe this type of approach for securing remote users as they access private applications. While I applaud the progress that has been made, major challenges remain in the way vendors have addressed the problem and organizations have implemented solutions. To start with, the name itself is fundamentally flawed. Zero trust network access is based on the logical security philosophy of least privilege. Thus, the objective is to verify a set of identity, posture, and context related elements and then provide the appropriate access to the specific application or resource required…not network level access […]
