What is zero trust security and how do ZTNA and SASE fit into it?
3 minute read
Paul Jolliffe
July 3rd, 2025
As organisations navigate hybrid work, cloud-first strategies, and increasingly sophisticated threats, traditional perimeter-based security models are no longer enough. Instead, zero trust has emerged as the new standard.
But what does that mean in practice? Explore how Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) bring zero trust to life.
The foundations: zero trust
Zero trust is a strategic approach built on the principle of “never trust, always verify.” Unlike legacy models that trust users inside the network by default, zero trust treats every access request as potentially hostile. That means continuous identity verification, least-privilege access, and strict access controls for every user, device, and application.
This mindset is essential in a world where data, users, and threats all exist beyond traditional boundaries. Zero trust is implemented through technologies like ZTNA and SASE.
Zero Trust Network Access (ZTNA)
ZTNA is the first practical step in applying zero trust. Rather than providing broad network access via VPNs, ZTNA delivers granular, identity-based access to specific applications, without ever exposing the wider network.
ZTNA operates on an adaptive trust model, assessing user identity, device posture, and context (such as location and time) to determine if access should be granted. This minimises the attack surface and is especially effective for remote or third-party users.
There are typically two approaches to ZTNA:
- Agent-based: requires software on the user’s device, ideal for corporate-managed endpoints
- Agentless: delivered via a browser or secure gateway, ideal for BYOD or unmanaged devices
What is SASE?
Where ZTNA solves for secure access, Secure Access Service Edge (SASE) takes things further by integrating networking and security services into a single cloud-delivered solution. Coined by Gartner, SASE combines:
- ZTNA
- Secure Web Gateway (SWG)
- Cloud Access Security Broker (CASB)
- Firewall-as-a-Service (FWaaS)
- Software-defined WAN (SD-WAN)
The benefit? SASE simplifies IT environments and provides end-to-end visibility and control across all access points, no matter where users or resources are located.
Putting it all together
To recap:
- Zero trust is the mindset: trust nothing, verify everything
- ZTNA is the access control layer: application-specific, identity-driven, and invisible to outsiders
- SASE is the framework: integrates ZTNA alongside other security services via the cloud for holistic protection
Several of our cyber security partners have extensive experience in zero trust strategies, playing a critical role in enabling this journey:

for identity governance and access control

for cloud-native ZTNA and secure access

for data security and recovery

for endpoint detection and response
Together with Phoenix, these technologies create a scalable, secure, and flexible security posture that supports your digital transformation goals without compromising on protection.
Ready to explore how ZTNA and SASE can work for your organisation? Speak to our Cyber Security Specialists today to understand what’s right for your users, devices, and infrastructure.
Get in touch