Definition

Zero Trust Network Access (ZTNA) provides per-application access to internal resources instead of network-level VPN access. Users authenticate to a specific application, posture is verified, a session is granted for that application - they cannot see or reach any other internal resource. ZTNA replaces the flat-network risk of VPN: a compromised VPN credential is a network-wide problem; a compromised ZTNA credential is one-app problem. Modern ZTNA supports web apps (HTTPS), legacy protocols (RDP, SSH, databases), agent-based and clientless modes. Identity is the core dependency: ZTNA requires a working IdP. Symantec ZTNA (historically Secure Access Cloud) is part of the Symantec SSE stack. The VPN-to-ZTNA migration is typically 6-12 months for an enterprise; see our 90-day plan.

Symantec products that implement this

  • Symantec ZTNA (Zero Trust Network Access) - Identity-and-application-aware Zero Trust access to internal apps. Replace VPN with per-app policy enforcement, posture checks, and least-privilege access for hybrid work.

Related terms

  • SSE (Security Service Edge) - The security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.
  • SASE (Secure Access Service Edge) - Convergence of WAN networking (SD-WAN) and cloud-delivered security services (SWG, CASB, ZTNA, FWaaS) into a single platform.
  • Zero Trust - A security model based on "never trust, always verify" - every access request is authenticated, authorized, and encrypted regardless of network location.
  • IAM (Identity and Access Management) - Discipline for managing digital identities, authentication, authorization, and access control across enterprise systems.

Deep-dives on ZTNA