close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
          chevron Experience Netskope
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
            chevron Get the report
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
              chevron Get the eBook
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                chevron Get the eBook
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                  chevron Get the eBook
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                    chevron Watch the demo
                            The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                            The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                            Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                            chevron Get the eBook
                              Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                              Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                              chevron Read the case study
                                Netskope GovCloud
                                Netskope achieves FedRAMP High Authorization
                                Choose Netskope GovCloud to accelerate your agency’s transformation.
                                chevron Learn about Netskope GovCloud
                                  Let's Do Great Things Together
                                  Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                  chevron Netskope Partners
                                    Netskope solutions
                                    Netskope Cloud Exchange
                                    Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                    chevron Learn about Cloud Exchange
                                        Netskope Technical Support
                                        Netskope Technical Support
                                        Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                        chevron Technical Support
                                          Netskope video
                                          Netskope Training
                                          Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
                                          chevron Explore Netskope Training
                                            Netskope video
                                            Achieve Business Value with Netskope One SSE
                                            Netskope One Security Service Edge (SSE) enables enterprises to achieve considerable business value by consolidating business critical security services within the Netskope One platform
                                            chevron Get the study

                                              What is ZTNA?

                                              Zero Trust Network Access (ZTNA) is the modern remote access solution built on the principle of Zero Trust. ZTNA creates a new security and access framework for connecting users everywhere with enterprise resources. This security solution not only provides a modern security structure, but also enhances user experience with seamless connectivity to enterprise resources. With the rise of hybrid work and cloud adoption, it’s become increasingly important to evolve access management to your key enterprise applications–no matter where they are hosted.
                                              Netskope video

                                              Jump to a section

                                              Zero Trust Security Principles How does ZTNA work?
                                              Securing remote user access to resources Enable third-party access and BYOD policies Allows for smoother cloud migrations Simpler merger and acquisition integration Streamlined DevOps access Aids the security transformation journey
                                              What are the benefits of ZTNA architecture? What is the difference between ZTNA and a VPN replacement? How does ZTNA fit within Security Service Edge (SSE)? What are the most common use cases of ZTNA? Introducing ZTNA Next, Netskope’s Solution for a Cloud-Based ZTNA
                                              5 min read

                                              Zero Trust Security Principles link link

                                              ZTNA creates a new security framework, based on the zero trust security model, for connecting users with enterprise resources. Private applications connect to the ZTNA broker via application gateways. When a user connects, the cloud-based ZTNA broker verifies the user’s identity and security posture before connecting users to the authorized applications.

                                              Users everywhere, using any device, gain direct access to applications hosted anywhere, providing superior user experience with consistent policy controls.

                                              Because ZTNA only grants application-specific access, not network access, it eliminates unauthorized lateral movement. With ZTNA, there is no inbound connectivity to the enterprise network and the resources remain hidden from discovery, reducing the digital attack surface.

                                               

                                              How does ZTNA work? link link

                                              ZTNA works by providing both full visibility and control over users, applications, and devices that have access to a growing number of systems and services. The Netskope zero trust model creates secure environments for all kinds of previously difficult or risky situations.

                                              ZTNA applications include:

                                              Securing remote user access to resources

                                              Netskope zero trust capabilities provide application access for authenticated and authorized users. By eliminating implicit trust privileges, our platform reduces the risks and exposure associated with traditional remote access VPN. These users will have access to everything they need and nothing that they don’t, all while consistently reaffirming their identities to prevent unauthorized access.

                                              Enable third-party access and BYOD policies

                                              Sometimes it’s necessary to grant access to individuals or devices outside of the immediate enterprise’s network. Using ZTNA, administrators can safely provision access to contractors, suppliers, and other third-party users using the browser access (clientless) to web applications. Additionally, ZTNA creates safeguards to allow network access to personal devices while protecting permissions to more sensitive systems and information.

                                              Allows for smoother cloud migrations

                                              Whether it’s today, tomorrow, or next year, we are all moving to the cloud. ZTNA makes these migrations simpler by creating direct, secure access to all kinds of cloud applications and infrastructures. Utilizing the streamlined nature of the cloud, ZTNA allows users to set up and deploy in minutes, creating seamless direct access to resources hosted in public cloud environments, without the complex network routing.

                                              Simpler merger and acquisition integration

                                              Mergers are complex, but combining systems and providing access doesn’t have to be. ZTNA provides approved users with “day one” access to internal resources without the complexity of combining networks. This way you can get up and running with new employees and processes faster than ever before.

                                              Streamlined DevOps access

                                              In today’s world, developers can’t always be expected to work on-site. ZTNA provides secure native access to resources regardless of where they are hosted in data centers and Virtual Private Clouds (VPC).

                                              Aids the security transformation journey

                                              Everything about the way we do business is changing at an ever more rapid pace, necessitating the need for new security and networking technologies. ZTNA applies zero trust principles to application and network access, therefore reducing the overall attack surface area by eliminating the exposure of protocols and services to the public internet.

                                               

                                               ZTNA works by providing both full visibility and control over users, applications, and devices that have access to a growing number of systems and services.

                                              What are the benefits of ZTNA architecture? link link

                                              A Zero Trust Network Access (ZTNA) architecture enhances security by ensuring only authenticated and authorized users can access resources, reducing the risk of breaches. It also improves user experience by providing seamless and secure remote access to applications without relying on traditional VPNs.

                                              Benefits of a ZTNA architecture include:

                                              • Zero trust access to private applications: Protect data and resources with application-level access control based on user identity, authorization, and security posture.
                                              • Seamless and direct access to public cloud(s): Connect users anywhere directly to applications in public cloud environments–no need to hairpin through corporate infrastructure.
                                              • Reduce digital attack surface: Ensure that applications hosted anywhere, in public cloud and private data centers, are never exposed to the internet. Eliminate the need for hosting applications in the DMZ or maintaining public facing services such as VPN. Avoid the brand damage, fines, and remediation costs associated with private application breaches.
                                              • Simplified IT operations: Modernize network architecture and increase security for internet use using a scalable, cloud-based platform that unifies ZTNA, with cloud security (CASB) and web security (SWG).

                                               

                                               A Zero Trust Network Access (ZTNA) architecture enhances security by ensuring only authenticated and authorized users can access resources, reducing the risk of breaches.

                                              What is the difference between ZTNA and a VPN replacement? link link

                                              ZTNA differs from a traditional VPN in that it provides granular access controls and verifies every user, device, and application before granting access to specific resources, rather than VPNs which usually allow broad network-level access after authentication. ZTNA is considered a better solution than a VPN because it reduces the attack surface by eliminating vulnerabilities associated with overly permissive network access, provides greater visibility and control over who is accessing what resources, and aligns with modern security principles of zero trust by not assuming any user or device is trustworthy by default.

                                               

                                               ZTNA differs from a traditional VPN in that it provides granular access controls and verifies every user, device, and application before granting access to specific resources, rather than VPNs which usually allow broad network-level access after authentication.

                                              How does ZTNA fit within Security Service Edge (SSE)? link link

                                              ZTNA is a core component of the Security Service Edge (SSE) architecture, which provides a unified, cloud-native solution for secure access and threat protection across diverse environments. With the rise of remote work, ZTNA provides a secure way to access applications and data without using traditional VPNs. By integrating with other SSE capabilities like SWG and CASB, ZTNA provides comprehensive threat protection and real-time monitoring and control over user access and data flows across the entire network.

                                               

                                               ZTNA is a core component of the Security Service Edge (SSE) architecture, which provides a unified, cloud-native solution for secure access and threat protection across diverse environments.

                                              What are the most common use cases of ZTNA? link link

                                              In an enterprise system, it is primarily used to secure remote access to applications, data, and resources across on-premises and multi-cloud environments.

                                              ZTNA use cases:

                                              • Serves as a replacement for traditional VPNs by providing granular, context-aware access controls based on user identity, device posture, and other risk factors.
                                              • Enables secure access to SaaS applications and cloud resources, ensuring consistent security policies and visibility regardless of where the applications and data reside.
                                              • Ensures enterprises can reduce their attack surface, improve security posture, and enable a more secure and productive remote workforce.

                                               

                                               In an enterprise system, Zero Trust Network Access (ZTNA) is primarily used to secure remote access to applications, data, and resources across on-premises and multi-cloud environments.

                                              Introducing ZTNA Next, Netskope’s Solution for a Cloud-Based ZTNA link link

                                              ZTNA Next is an advanced solution that builds upon core principles to provide enhanced capabilities and streamlined operations. With ZTNA Next, organizations can offer direct platform access to authorized users, enabling them to securely access and interact with applications, data, and resources without the need for traditional remote desktop or VPN connections.

                                              This approach not only simplifies operations by eliminating the complexities associated with managing remote access solutions but also enhances security by minimizing the attack surface. Additionally, ZTNA Next often includes features like remote assistance, which allows authorized support personnel to securely access and troubleshoot issues on end-user devices, further improving operational efficiency and end-user experience.

                                               

                                              Netskope ZTNA Next Architecture

                                               

                                               In an enterprise system, Zero Trust Network Access (ZTNA) is primarily used to secure remote access to applications, data, and resources across on-premises and multi-cloud environments.

                                              The End of the VPN Era and the Rise of ZTNA

                                              VPNs have had a good run as the de facto standard for remote access. The pandemic however, has introduced a massive shift towards zero trust and with it a shift to the end of the VPN era and with it, the rise of Zero Trust Network Access (ZTNA).

                                              Watch the replay
                                              The End of the VPN Era and the Rise of ZTNA

                                              Related resources

                                              Results