Introduction
The traditional perimeter-based security model — the “castle and moat” approach that trusts everything inside the corporate network — is obsolete. Remote work, cloud migration, and distributed architectures have dissolved the network perimeter. Every access request now originates from untrusted networks, unmanaged devices, or unknown locations.
Zero Trust Network Access (ZTNA) is the security paradigm that replaces perimeter-based access. Instead of trusting devices and users based on their network location, ZTNA verifies identity, device posture, and context for every request. Gartner projects that 70% of new remote access deployments will use ZTNA by 2026, up from less than 10% in 2021. The ZTNA market is expected to grow from $1.34 billion in 2025 to $4.18 billion by 2030 at a 25.5% CAGR.
This guide covers ZTNA architecture, how it works, key deployment models, a detailed comparison with VPN, leading solutions, implementation best practices, and the future of zero trust access — including the major 2026 shift toward ZTNA for AI agents and machine identities. For hands-on configuration walkthroughs, see the companion guide on ZTNA with Cloudflare Tunnel and WireGuard.
The ZTNA market reached an estimated $30 billion in 2026, with global adoption rising 53% in 2025 as 80% of organizations embraced zero trust to secure cloud migrations and hybrid workforces. Gartner projects 70% of new remote access deployments will use ZTNA by 2026, and the market is forecast to grow at a 25.06% CAGR to $14.74 billion by 2033. The driving forces: the dissolution of the network perimeter, the rise of AI agent workloads requiring secure access, and the shift from human-centric to identity-agnostic access models.
Core Zero Trust Principles
Never Trust, Always Verify
Zero Trust operates on a simple rule: no entity is inherently trustworthy. Every access request — regardless of whether it comes from inside the corporate network or from a remote cafe — must be fully authenticated, authorized, and encrypted before granting access.
Assume Breach
Design your security architecture assuming an attacker is already inside the network. This means minimizing blast radius through microsegmentation, encrypting all traffic, and continuously monitoring for anomalous behavior. ZTNA implements this by never granting network-level access — only application-level, session-specific tunnels.
Least Privilege Access
Users and devices receive the minimum access necessary to perform their function. ZTNA enforces this at the application layer: a developer may access the code repository and CI/CD system but not the HR database. Access is scoped per-application, per-session, with just-in-time (JIT) provisioning that expires automatically.
The 7 Pillars of Zero Trust
NIST SP 800-207 defines seven pillars that comprehensive zero trust architectures address:
- Identity — Every user and service account is verified before access
- Device — Every device is evaluated for compliance (OS version, patch level, disk encryption, EDR status)
- Network — Microsegmentation and ZTNA replace VPN-based network access
- Application — Workload-to-workload access is authenticated and authorized
- Data — Encryption and classification protect data in transit and at rest
- Infrastructure — API-driven policy enforcement across clouds and on-premises
- Analytics & Visibility — Continuous monitoring and behavioral analytics detect anomalies
ZTNA primarily addresses pillars 1, 2, 3, and 7 — identity, device, network, and analytics — but integrates with all seven in a mature deployment.
The 8th Pillar: Machine Identity
The 2026 update to zero trust thinking adds an eighth pillar: machine identity. AI agents, service accounts, API tokens, and automated workloads now outnumber human users in most enterprise environments. According to NIST, machine identities represent one of the fastest-growing attack surfaces in zero trust architectures. Traditional ZTNA was designed for human workflows — interactive login, MFA, session timeouts. Machine identities require a fundamentally different approach:
- Non-interactive authentication — Agents cannot click MFA prompts. They need OAuth2 device flows, SPIFFE/SPIRE workload identity, or short-lived X.509 certificates.
- Rate-limited, scoped access — An AI agent that queries an API every 200ms behaves differently from a human browsing a web app. ZTNA policies must account for machine-speed access patterns.
- Automated revocation — When a container is destroyed or a CI/CD pipeline completes, its access must be revoked instantly — not at the next session timeout.
- Audit trails for non-human actions — Every API call an agent makes must be logged with agent identity, not just a shared service account name.
Cloudflare, Zscaler, and Microsoft all introduced machine identity features in 2026. Cloudflare’s Mesh product (April 2026) provides scoped, identity-based network access for agents, while Zscaler’s AI-powered app discovery identifies machine-to-machine traffic patterns automatically.
How ZTNA Works
Architecture Overview
A ZTNA deployment consists of several components that work together to broker secure, identity-based connections between users and applications.
flowchart LR
subgraph Users["Users"]
U1[Employee Laptop]
U2[Contractor Device]
U3[Mobile Phone]
end
subgraph ZTNA["ZTNA Control Plane"]
PE[Policy Engine]
CB[Connection Broker]
IdP[Identity Provider]
DP[Device Posture Service]
end
subgraph Apps["Protected Resources"]
A1[CRM App]
A2[Code Repository]
A3[Internal Wiki]
A4[Database Admin]
end
U1 -->|Auth + posture| IdP
U2 -->|Auth + posture| IdP
U3 -->|Auth + posture| IdP
IdP -->|Verify identity| PE
DP -->|Device score| PE
PE -->|Policy decision| CB
CB -->|Provision encrypted tunnel| U1
CB -->|Connect to approved app| A1
CB -->|Connect to approved app| A2
U2 -.->|Blocked| A4
The policy engine evaluates each access request against configured rules. The connection broker facilitates encrypted tunnels between approved users and specific applications — it never exposes the full network. The identity provider handles authentication and MFA. The device posture service checks OS version, antivirus status, encryption, and other health indicators.
Access Flow: Step by Step
sequenceDiagram
participant U as User
participant C as ZTNA Client
participant IdP as Identity Provider
participant PE as Policy Engine
participant CB as Connection Broker
participant App as Application
U->>C: Request access to App
C->>IdP: Authenticate (MFA)
IdP-->>C: Token + identity claims
C->>PE: Access request + device posture
PE->>PE: Evaluate policy<br/>(identity, device, context)
alt Approved
PE->>CB: Provision connection
CB->>App: Initiate outbound tunnel
App-->>CB: Tunnel established
CB-->>C: Connection details
C->>App: Direct encrypted session
Note over C,App: Session monitored continuously
else Denied
PE-->>C: Access denied
C-->>U: Blocked
end
The key insight: the connection broker never allows direct network access. It creates per-session, per-application encrypted tunnels. If a user’s device becomes non-compliant mid-session (antivirus disabled, OS patch missing), the policy engine can revoke access in real time.
ZTNA for AI Agents and Machine Identities
The single biggest shift in ZTNA through 2026 is the expansion from human-only access to identity-agnostic access — treating AI agents, CI/CD pipelines, and service accounts as first-class identities alongside human users.
sequenceDiagram
participant A as AI Agent
participant IdP as Machine IdP
participant PE as Policy Engine
participant CB as ZTNA Broker
participant API as Private API
A->>IdP: Present workload identity (SPIFFE JWT)
IdP->>IdP: Validate certificate chain
IdP-->>A: Signed identity token + scope
A->>PE: Access request (identity + intent)
PE->>PE: Evaluate policy<br/>(workload, scope, rate limit)
alt Approved
PE->>CB: Provision scoped tunnel
CB->>API: Outbound connector
API-->>CB: Tunnel ready
CB-->>A: Connection granted
A->>API: Encrypted API calls
Note over A,API: Rate-limited, audited per call
else Rate limit exceeded
PE-->>A: Throttled
end
Why this matters in 2026: Cloudflare’s Agents Week (April 2026) introduced Cloudflare Mesh, the first large-scale private networking solution built for AI agents. Mesh gives every agent a distinct identity, scoped access through Workers VPC bindings, and post-quantum encrypted tunnels — all without VPNs or bastion hosts. Zscaler and Microsoft followed with similar machine identity capabilities. As Network World noted, “the networking and access models built for humans do not work for autonomous software.”
Key differences between human ZTNA and agent ZTNA:
| Dimension | Human ZTNA | Agent ZTNA |
|---|---|---|
| Authentication | Interactive (MFA, SSO) | Automated (JWT, mTLS, SPIFFE) |
| Session model | Long-lived browser sessions | Per-request or short-lived tokens |
| Policy triggers | Role, group, location | Workload type, scope, rate |
| Revocation | Session timeout + manual | Instant on container shutdown |
| Audit | User-level logs | Per-call agent identity trail |
| Rate limiting | Human-speed defaults | Machine-speed (sub-second) |
For a deeper dive on securing AI agents, see the companion article on zero trust for AI agents.
Key Technical Capabilities
Application cloaking — Resources are invisible to unauthorized users. Port scans, DNS lookups, and network probes return nothing for applications the user is not authenticated to access. This eliminates entire classes of reconnaissance attacks.
Per-session encryption — Every user-application pair gets a unique encrypted tunnel. Compromising one session does not expose others.
Continuous verification — Trust is re-evaluated throughout the session. Behavioral anomalies, device posture changes, or context shifts trigger re-authentication or access revocation.
Microsegmentation at the application layer — Unlike network-layer microsegmentation that requires complex VLAN and firewall rules, ZTNA segments at the application layer. User A accessing App 1 cannot see App 2, even if both run on the same server.
ZTNA vs VPN: Detailed Comparison
Traditional VPNs provide network-level access through an encrypted tunnel. Once connected, users can reach any system on the corporate network — a design that violates every zero trust principle.
Side-by-Side Comparison
| Dimension | VPN | ZTNA |
|---|---|---|
| Access model | Network-level (entire subnet) | Application-level (specific apps) |
| Trust model | Trust after authentication | Never trust, always verify |
| Lateral movement | Full access once inside | Blocked — app-level segmentation |
| Device posture | Rarely checked | Checked per session, continuously |
| Performance | Backhaul through concentrator | Direct or edge-proxied connections |
| Scalability | Hardware-limited concentrators | Cloud-native, auto-scaling |
| Visibility | IP and connection logs | Per-request audit trail |
| User experience | Manual connect/disconnect | Transparent, always-on |
| Cloud optimization | Traffic tromboning | Direct-to-cloud routing |
| Third-party access | Full network or nothing | Granular, per-app policies |
| Zero trust alignment | Does not align | Built on zero trust principles |
When VPN Still Makes Sense
ZTNA is not a universal replacement. VPNs remain appropriate for:
- Small teams (<20 users) with minimal IT support — cloud VPNs like Tailscale or WireGuard are simpler to deploy
- Legacy applications that require network-layer protocols (raw TCP, UDP multicast) not supported by ZTNA proxies
- Temporary site-to-site connectivity where both sides need full network access for migrations or disaster recovery
- Compliance requirements that mandate full traffic inspection through a central point
Most organizations run a hybrid model: ZTNA for application access, VPN for specific legacy or site-to-site use cases.
ZTNA Deployment Models
Agent-Based vs Agentless
| Feature | Agent-Based | Agentless |
|---|---|---|
| Device posture | Full (OS, AV, disk encryption, jailbreak detection) | Limited (browser signals only) |
| Application support | All TCP/UDP apps | Web apps only (HTTP/HTTPS) |
| User experience | Seamless, always-on | Browser-based, per-session |
| Deployment effort | Requires endpoint installation | Zero install — browser only |
| Use case | Managed corporate devices | BYOD, contractors, guest access |
Most enterprises deploy both: agent-based for full-time employees with managed devices, agentless for contractors, partners, and personal device access.
Gateway-Based (Reverse Proxy)
The ZTNA gateway sits in front of protected applications. Users authenticate to the gateway, which proxies requests to the application. The application never sees direct traffic from users — only from the gateway.
This model is common for web applications and is offered by Cloudflare Access, Zscaler Private Access, and Netskope Private Access. It works well for HTTP-based apps and supports browser-based SSH and RDP.
Software-Defined Perimeter (SDP)
SDP creates individual, encrypted connections between each user and each resource. There is no central gateway — the control plane orchestrates connections, but data travels directly between user and application (or through a lightweight edge connector).
This model supports non-web protocols (SSH, RDP, database connections) and is offered by Twingate, Perimeter 81, and Appgate. SDP generally provides lower latency than gateway-based models because traffic does not route through a central point.
Universal ZTNA
Universal ZTNA (offered by Fortinet and Netskope) provides consistent access policies across all users, devices, and locations — whether they are remote or on-premises. It unifies ZTNA with SD-WAN and security functions into a single policy framework. The same identity-based access policy applies to a user working from home and the same user working from the office.
Practical Implementation: Configuration Examples
Cloudflare Access with Terraform
Cloudflare Access provides gateway-based ZTNA. Applications are protected behind Cloudflare’s edge network, and users authenticate through Cloudflare’s global network before reaching the app.
Define a self-hosted application protected by Cloudflare Access. This Terraform configuration creates an access policy that requires valid user identity and a compliant device:
resource "cloudflare_access_application" "internal_crm" {
zone_id = var.cloudflare_zone_id
name = "Internal CRM"
domain = "crm.internal.example.com"
session_duration = "24h"
}
resource "cloudflare_access_policy" "crm_policy" {
application_id = cloudflare_access_application.internal_crm.id
zone_id = var.cloudflare_zone_id
name = "CRM Access Policy"
decision = "allow"
include {
email_domain = ["example.com"]
}
require {
auth_method = "mfa"
}
}
resource "cloudflare_access_policy" "crm_device_posture" {
application_id = cloudflare_access_application.internal_crm.id
zone_id = var.cloudflare_zone_id
name = "CRM Device Posture Check"
decision = "non_identity"
require {
device_posture_rule_ids = [cloudflare_device_posture_rule.managed.id]
}
}
Apply this configuration to protect the CRM application. Only authenticated users with managed, compliant devices can access crm.internal.example.com. All others are blocked at Cloudflare’s edge — the application server never sees the connection attempt.
Zscaler Private Access: Application Segment
Zscaler uses a different model: a lightweight connector (App Connector) deployed in the application network establishes outbound-only connections to Zscaler’s cloud. Users connect through Zscaler Client Connector, and the Zscaler Zero Trust Exchange brokers the connection.
Define a ZPA application segment that maps a private application to an access policy:
resource "zpa_application_segment" "jenkins" {
name = "Jenkins CI"
description = "Internal CI/CD system"
enabled = true
health_reporting = "ON"
bypass_type = "NEVER"
tcp_port_ranges = ["8080", "443"]
domain_names = ["jenkins.internal.example.com"]
segment_group_id = zpa_segment_group.internal_apps.id
clientless_apps {
name = "jenkins_web"
application_protocol = "HTTP"
application_port = "8080"
certificate_id = data.zpa_pki_certificate.internal.id
}
server_group {
id = zpa_server_group.jenkins_connectors.id
}
}
resource "zpa_policy_access_rule" "jenkins_access" {
name = "Jenkins: Engineering Team"
description = "Engineering team access to Jenkins"
action = "ALLOW"
operator = "AND"
policy_set_id = data.zpa_policy_type.access_policy.id
app_connector_group_ids = [zpa_app_connector_group.main.id]
app_server_group_ids = [zpa_server_group.jenkins_connectors.id]
conditions {
operator = "OR"
operands {
object_type = "IDP"
entry_values {
idp_id = data.zpa_idp_controller.azure_ad.id
}
}
}
conditions {
operator = "OR"
operands {
object_type = "POSTURE"
entry_values {
posture_id = data.zpa_posture_profile.antivirus_enabled.id
}
}
}
}
This configuration grants the Engineering team access to Jenkins only when their device has antivirus enabled. Any device without the required posture is blocked — even if the user has valid credentials.
Open-Source ZTNA with OpenZiti
For organizations that need full control over their ZTNA infrastructure, OpenZiti provides an open-source platform for embedding zero trust directly into applications. Unlike gateway-based solutions that proxy traffic through a cloud edge, OpenZiti creates an overlay network where identity — not IP — is the foundation of connectivity. Every connection is explicitly authenticated and authorized before it exists, with no open ports, no VPNs, and no exposed IPs.
Deploy a basic OpenZiti network with a controller, router, and enrolled endpoint:
# Deploy the OpenZiti controller (policy decision point)
docker compose -f https://raw.githubusercontent.com/openziti/quickstart/main/docker-compose.yml up -d
# Create an identity for the application server
ziti edge create identity "app-server" -a "servers" -o app-server.jwt
# Create an identity for the client
ziti edge create identity "dev-client" -a "clients" -o dev-client.jwt
# Create a service and authorize the server to host it
ziti edge create service "internal-api" \
--role-attributes "services"
ziti edge create service-policy "serve-internal-api" Bind \
--identity-roles "#servers" --service-roles "#services"
ziti edge create service-policy "dial-internal-api" Dial \
--identity-roles "#clients" --service-roles "#services"
Enroll both sides with their JWT tokens, and the client can reach the server’s internal-api service over the zero trust overlay — no firewall ports, no NAT, no VPN. The application never listens on a public or private IP; it binds only to the OpenZiti network interface.
When to use open-source ZTNA:
- You need to protect non-web protocols (raw TCP, UDP, custom binaries) that gateway-based ZTNA cannot proxy
- You operate in regulated industries (finance, healthcare, defense) that restrict cloud dependency
- You want application-embedded zero trust where the app itself enforces policy without external agents
- You need to bridge OT, IoT, and IT environments under a single access model
Other open-source options include Pomerium (identity-aware proxy with OIDC/OAuth) and NetBird (WireGuard-based mesh with a management plane). NetBird raised €8.5M in Series A funding in January 2026 as a European alternative to US-based ZTNA vendors.
Internal Linking: Related CalmOps Articles
ZTNA is one component of a broader zero trust strategy. The following CalmOps articles provide complementary content:
- ZTNA with Cloudflare Tunnel and WireGuard — Hands-on configuration walkthrough for two ZTNA implementations, with Terraform and WireGuard configs
- Enterprise VPN vs ZTNA Comparison — Detailed cost, security, and complexity analysis for organizations evaluating the migration
- Zero Trust Architecture Implementation Guide — Broader zero trust architecture covering identity, microsegmentation, and continuous verification beyond just network access
- SASE: Secure Access Service Edge Guide — How ZTNA fits into the converged SASE framework with SD-WAN, SWG, and CASB
- Network Security Best Practices — Defense in depth and zero trust segmentation for enterprise networks
Leading ZTNA Solutions
The ZTNA market has consolidated around several categories: cloud-native SSE platforms, SASE-focused vendors, endpoint-first solutions, and open-source alternatives.
Cloudflare Access
Cloudflare Access runs on Cloudflare’s global edge network (330+ data centers). It provides gateway-based ZTNA for web applications, browser-based SSH/RDP, and supports both agent-based (WARP client) and agentless access.
Best for: Organizations that want a fast rollout with minimal infrastructure. Cloudflare’s global network provides low-latency access from anywhere. Strong integration with Cloudflare’s broader security platform (DDoS, WAF, CDN, Secure Web Gateway).
Key strengths: Clientless access for contractors, Terraform provider for policy-as-code, comprehensive logging with Logpush to SIEM, and SSH/ RDP access through the browser without client software.
Limitations: Non-web protocols require the WARP client. Pricing scales with the number of users and may be expensive for large deployments.
Zscaler Private Access (ZPA)
ZPA uses the Zscaler Zero Trust Exchange, a cloud-native switchboard that never places users on the network or exposes applications to the internet. It connects users directly to applications, not to the network.
Best for: Large enterprises with complex, multi-cloud environments. Strong integration with Zscaler Internet Access (ZIA) for a complete SSE platform.
Key strengths: User-to-app segmentation that prevents lateral movement, AI-powered application discovery that auto-detects shadow IT, and granular posture checking with third-party EDR integration.
Limitations: Requires the Zscaler Client Connector on all devices. On-premises connector deployment can be complex. No built-in microsegmentation for east-west traffic.
Palo Alto Networks Prisma Access
Prisma Access provides ZTNA as part of Palo Alto’s cloud-delivered security platform. It emphasizes “ZTNA 2.0” with continuous trust verification, application-based segmentation, and integrated threat prevention.
Best for: Organizations already invested in Palo Alto’s ecosystem (firewalls, Cortex XDR, panorama).
Key strengths: Deep packet inspection at ZTNA gateways, integrated threat prevention (IPS, antivirus, URL filtering), and consistent policy across on-premises and cloud.
Limitations: Can be expensive. Best value realized with broad Palo Alto adoption.
Microsoft Entra Private Access
Microsoft Entra Private Access replaces VPNs with identity-centric, conditional access to private applications. It is built on Microsoft’s global network and integrates natively with Azure AD Conditional Access policies.
Best for: Microsoft 365-centric organizations that want ZTNA without a third-party vendor. Entra ID already provides identity for most Microsoft shops.
Key strengths: No additional agent on Azure AD-joined devices, unified Conditional Access policies across SaaS and private apps, and integration with Microsoft Defender for Cloud.
Limitations: Best suited for Azure-centric environments. Non-Microsoft identity providers may have limited integration.
Fortinet Universal ZTNA
Fortinet embeds ZTNA into FortiOS and FortiClient at no additional cost. It provides consistent access policies for remote and on-premises users through the Fortinet Security Fabric.
Best for: Organizations with existing Fortinet infrastructure (FortiGate firewalls, FortiClient).
Key strengths: Included in FortiGate licensing, no additional hardware required, and unified policy management across VPN and ZTNA.
Limitations: Tied to the Fortinet ecosystem. Less suitable for multi-vendor environments.
Open-Source Options
For organizations that need self-hosted ZTNA:
- Pomerium — Identity-aware proxy with support for OIDC/OAuth, device posture, and multi-cluster deployments
- OAuth2 Proxy — Lightweight reverse proxy that validates OAuth2 tokens before forwarding requests
- Cloudflare Tunnel (open-source connector) — The
cloudflareddaemon is open-source; the control plane is Cloudflare-managed
ZTNA and Microsegmentation
ZTNA handles north-south traffic (user to application). Microsegmentation handles east-west traffic (application to application, server to server). Both are essential for a complete zero trust architecture.
flowchart TB
subgraph External["External Access (North-South)"]
User -->|ZTNA: identity-based, app-level| App1[Web App]
User -->|ZTNA| App2[API Server]
end
subgraph Internal["Internal Traffic (East-West)"]
App1 -->|Microsegmentation: policy-based| DB[(Database)]
App2 -->|Microsegmentation| DB
DB -->|Allowed only from authorized apps| App1
end
subgraph Attack["Attack Scenario"]
Attacker -->|Compromised App1| App1
App1 -.->|Microsegmentation blocks| App2
App1 -.->|Microsegmentation blocks| DB
end
ZTNA without microsegmentation leaves east-west traffic unprotected. If an attacker compromises an application, they can move laterally to other services on the same network. Microsegmentation closes this gap by enforcing application-layer policies between workloads.
Practical approach: Deploy ZTNA first for remote user access (quick wins, clear ROI), then layer in microsegmentation for internal traffic (requires more planning and application dependency mapping).
Implementation Roadmap
Phase 1: Discovery and Planning (1-2 months)
- Inventory applications — Identify all applications that need remote access. Classify by sensitivity, protocol, and user base.
- Map access patterns — Document who accesses what, from where, and using which devices.
- Assess device posture — Determine which devices are managed (corporate) vs unmanaged (BYOD, contractor).
- Define policies — Create role-based access policies that specify who can access what, under what conditions.
Phase 2: Pilot Deployment (2-3 months)
- Select a pilot app — Choose a low-risk, web-based application for initial deployment.
- Deploy the ZTNA gateway — Install connectors or agents in the application environment.
- Configure identity provider integration — Connect ZTNA to the enterprise IdP (Azure AD, Okta, Ping).
- Set up device posture checks — Require MFA and basic device compliance (OS version, disk encryption).
- Roll out to a pilot group — 10-20 users representing different roles. Gather feedback on performance and usability.
Phase 3: Production Rollout (3-6 months)
- Expand application coverage — Add sensitive applications (financial systems, HR, code repositories).
- Enforce device posture — Require antivirus, EDR, and patch compliance for all access.
- Implement continuous monitoring — Connect ZTNA logs to SIEM, set up anomaly detection.
- Migrate high-risk VPN users — Target power users, administrators, and third-party contractors first.
Phase 4: Optimization (ongoing)
- Decommission VPN concentrators — Retire VPN infrastructure as application coverage reaches 90%+.
- Extend to on-premises — Apply same ZTNA policies to in-office users for consistent security.
- Layer in microsegmentation — Implement east-west controls between workloads.
- Automate policy management — Use Terraform, CI/CD pipelines, and API-driven policy updates.
ZTNA 2.0: AI-Driven Continuous Verification
Palo Alto Networks introduced the “ZTNA 2.0” framework, which moves beyond static policy-based access to continuously adaptive trust. The key differences from first-generation ZTNA:
| Capability | ZTNA 1.0 | ZTNA 2.0 |
|---|---|---|
| Trust decision | At connection time only | Continuously throughout session |
| Policy basis | Static RBAC rules | Dynamic risk + behavioral context |
| Threat prevention | Separate security stack | Integrated IPS/AV at ZTNA gateway |
| Application discovery | Manual inventory | AI-powered auto-discovery |
| Latency impact | Gateway adds latency | Edge-optimized, minimal overhead |
AI-powered behavioral analytics are the core of ZTNA 2.0. Machine learning models establish baselines for normal access patterns — typical access times, data volumes, resource requests — and trigger automated responses when deviations occur. If a user who normally accesses the CRM from 9 AM to 6 PM suddenly connects at 3 AM and downloads 10x their usual data volume, the policy engine can automatically step up authentication, restrict access scope, or block entirely.
Integrated threat prevention at the ZTNA gateway eliminates the need to backhaul traffic through separate security appliances. Palo Alto’s Prisma Access and Zscaler’s ZPA both now offer inline IPS, antivirus scanning, and URL filtering at the ZTNA broker, reducing latency and operational complexity.
UEBA (User and Entity Behavior Analytics) integration extends threat detection from human users to non-human entities. Machine learning profiles normal behavior for service accounts and AI agents — expected call frequency, API endpoints, payload sizes — and flags anomalies that indicate compromise or misuse.
ZTNA and SASE Convergence
Secure Access Service Edge (SASE) converges ZTNA with SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Firewall-as-a-Service (FWaaS) into a single cloud-delivered platform. ZTNA is the access component of SASE.
The Gartner definition of SASE includes:
- ZTNA — Application-level access
- SWG — Web filtering and threat protection
- CASB — SaaS application security
- FWaaS — Cloud-delivered firewall
- SD-WAN — WAN optimization and routing
Organizations adopting SASE typically deploy ZTNA first (replacing VPN), then add SWG and CASB capabilities as they mature. The SASE model eliminates the need for backhauling traffic through a central data center — all security functions are delivered from the cloud edge.
Common Pitfalls and How to Avoid Them
Treating ZTNA as a VPN Replacement Only
ZTNA is not just a “better VPN.” Deploying ZTNA without updating access policies, device posture requirements, and monitoring processes misses most of the security benefit. ZTNA should trigger a broader zero trust transformation.
Solution: Treat ZTNA deployment as Phase 1 of a zero trust program. Plan for device posture enforcement, microsegmentation, and continuous monitoring in subsequent phases.
Overlooking Non-Web Applications
Many ZTNA solutions focus on HTTP-based applications. Legacy enterprise apps (ERP, custom thick clients, database management tools) may use non-HTTP protocols that gateway-based ZTNA does not support.
Solution: Inventory all applications before selecting a ZTNA vendor. Choose agent-based or SDP-based solutions if non-web applications are in scope.
Deploying Without Device Posture Checks
ZTNA without device posture is essentially a firewall with SSO — useful but not zero trust. If you do not verify device health, a compromised device with valid credentials can access resources.
Solution: Start with at least basic posture checks (OS version, disk encryption, antivirus enabled). Add EDR integration and conditional access in later phases.
Ignoring East-West Traffic
ZTNA protects external access to applications. It does not protect traffic between applications. An attacker who compromises one application can move laterally to others on the same network.
Solution: Plan for microsegmentation or zero trust networking between workloads. Solutions like illumio, Elisity, or Cisco ACI can fill this gap.
Policy Sprawl
As organizations add applications and users, ZTNA policies can grow unmanageable. Hundreds of individual policies become impossible to audit and maintain.
Solution: Use group-based policies (RBAC/ABAC) instead of per-user rules. Automate policy deployment through Terraform or APIs. Conduct quarterly policy reviews.
The Future of ZTNA
ZTNA for Machine Identities
Human users are the primary focus today, but machine-to-machine access (service accounts, API tokens, containers) represents the majority of access requests in cloud-native environments. ZTNA is expanding to support non-human identities with SPIFFE/SPIRE for workload identity and OAuth2 machine-to-machine flows. The 2026 playbook for machine identity ZTNA includes:
- Centralized machine identity platform — Issue, rotate, and revoke credentials for AI agents from a single service, integrated with HSMs, KMS, and cloud-native secret managers
- One identity per workload — Ban shared service accounts. Every agent or workload gets a distinct, scoped identity with clearly defined policies
- Short-lived credentials by default — Automated rotation with no manual intervention or temporary workarounds
- Tool-layer guardrails — Every agent tool invocation is authenticated, not just the initial login
AI-Driven Policy and Threat Detection
Machine learning models analyze access patterns to identify anomalies. Unusual access times, data volumes, or resource requests trigger automated policy adjustments. ZTNA solutions are integrating UEBA (User and Entity Behavior Analytics) to detect compromised accounts based on behavioral deviations rather than static rules. In 2026, this extends to machine behavior baselines — an AI agent that suddenly begins calling APIs it has never touched before triggers an automatic policy review.
Deperimeterization of the Office
ZTNA policies are extending from remote access to on-premises access. The same identity-based policies that protect remote workers also protect users inside the office — eliminating the “trusted internal network” assumption entirely. Fortinet’s Universal ZTNA and Cloudflare’s Mesh both extend consistent access policies to on-premises users without separate infrastructure.
Consolidation into SSE Platforms
The market is consolidating around Security Service Edge (SSE) platforms that combine ZTNA, SWG, CASB, and DLP. Standalone ZTNA vendors are being acquired or building adjacent capabilities. Organizations selecting ZTNA in 2026 should evaluate the vendor’s SSE roadmap to avoid future migration costs. The Cloud Security Alliance’s Zero Trust Advancement Center (May 2026) published guidance on “Identity in the Age of AI” that directly addresses the convergence of AI agents, machine identities, and zero trust policy.
Post-Quantum ZTNA
Cloudflare Mesh and Zscaler both introduced post-quantum cryptographic tunnels in 2026. As quantum computing advances, the encrypted tunnels at the heart of ZTNA must be resistant to Shor’s algorithm. Early adopters in regulated industries (finance, defense) are already requiring PQ-safe ZTNA for new deployments. Expect NIST-standardized ML-KEM (Kyber) and ML-DSA (Dilithium) to become default in ZTNA products by 2027.
Resources
- NIST SP 800-207: Zero Trust Architecture — The definitive framework for zero trust architecture design
- CISA Zero Trust Maturity Model — US government guidance for zero trust adoption across agencies
- Cloudflare Zero Trust Documentation — Official docs for Cloudflare Access, Gateway, and Tunnel
- Zscaler Private Access Documentation — ZPA configuration guides and best practices
- Microsoft Entra Private Access Overview — Microsoft’s ZTNA solution documentation
- Palo Alto Networks ZTNA 2.0 — Prisma Access and continuous trust verification
- Terraform Cloudflare Provider: Access Resources — Terraform configurations for ZTNA policy-as-code
- Fortinet Universal ZTNA — ZTNA built into FortiOS
- Cloudflare Mesh: Private Networking for AI Agents — Cloudflare’s 2026 ZTNA solution for machine identities
- Cloud Security Alliance Zero Trust Advancement Center — Identity in the Age of AI guidance (May 2026)
- OpenZiti — Open-source ZTNA platform for application-embedded zero trust
- ZTNA Market Report 2026-2033 — Market size, trends, and forecast data
Comments