When implementing ZTNA, you need to keep these three principles in mind:
Verify every request every time based on all data points available before authorizing a user or asset. Don't trust anyone or anything implicitly.
Use least-privilege and just-in-time privilege elevation to ensure that your users and assets only have just enough access to get their job done, and not more.
Assume your network is breached. Plan to limit the damage from external and insider attacks, and implement analytics and security solutions to detect and respond to threats.
Check out these infographics.The 7 tenets of Zero Trust
Traditional forms of security are referred to as perimeter-based security. This is because they rely on firewalls, VPNs, etc. to create a perimeter around their network.
Some people also refer to this security as the castle and moat approach. Traditionally when everyone was working from office alone, this security may have seemed sufficient.
However, these security models don't sufficiently account for the risks introduced by the move towards cloud solutions and hybrid workplaces.
Additionally, credential-based attacks and malicious insiders can easily bypass firewalls and VPNs, and wreak havoc within a network.
The Zero Trust approach to security seeks to solve this by focusing defenses on identities, assets, and resources instead of the network perimeter. The goal is to prevent unauthorized access to organizational resources, while making access control as granular as possible.
This ensures that even if adversaries get inside your network, they won't be able to do much damage. Zero Trust use cases aren't just limited to preventing and mitigating cyberattacks. This approach can also simplify access controls and network design, among other things.
Zero trust also simplifies network design by eliminating multiple layers and bringing
the "perimeter" closer to the resources or assets being protected.