Skip to Main Content

Want to stay up-to-date with the latest IT news?
Subscribe to our mailing list to hear the latest news, events, free resources, and more for your industry.

Sign up now
Blog

What is zero trust security and how do ZTNA and SASE fit into it? 

3 minute read

Paul Jolliffe

July 3rd, 2025

What is zero trust security and how do ZTNA and SASE fit into it? 

3 minute read

Paul Jolliffe

July 3rd, 2025

As organisations navigate hybrid work, cloud-first strategies, and increasingly sophisticated threats, traditional perimeter-based security models are no longer enough. Instead, zero trust has emerged as the new standard.

But what does that mean in practice? Explore how Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) bring zero trust to life.

The foundations: zero trust

Zero trust is a strategic approach built on the principle of “never trust, always verify.” Unlike legacy models that trust users inside the network by default, zero trust treats every access request as potentially hostile. That means continuous identity verification, least-privilege access, and strict access controls for every user, device, and application. 

This mindset is essential in a world where data, users, and threats all exist beyond traditional boundaries. Zero trust is implemented through technologies like ZTNA and SASE. 

Zero Trust Network Access (ZTNA)

ZTNA is the first practical step in applying zero trust. Rather than providing broad network access via VPNs, ZTNA delivers granular, identity-based access to specific applications, without ever exposing the wider network. 

ZTNA operates on an adaptive trust model, assessing user identity, device posture, and context (such as location and time) to determine if access should be granted. This minimises the attack surface and is especially effective for remote or third-party users. 

There are typically two approaches to ZTNA: 

  • Agent-based: requires software on the user’s device, ideal for corporate-managed endpoints 
  • Agentless: delivered via a browser or secure gateway, ideal for BYOD or unmanaged devices 

What is SASE?

Where ZTNA solves for secure access, Secure Access Service Edge (SASE) takes things further by integrating networking and security services into a single cloud-delivered solution. Coined by Gartner, SASE combines: 

  • ZTNA 
  • Secure Web Gateway (SWG) 
  • Cloud Access Security Broker (CASB) 
  • Firewall-as-a-Service (FWaaS) 
  • Software-defined WAN (SD-WAN) 

The benefit? SASE simplifies IT environments and provides end-to-end visibility and control across all access points, no matter where users or resources are located. 

Putting it all together

To recap: 

  • Zero trust is the mindset: trust nothing, verify everything 
  • ZTNA is the access control layer: application-specific, identity-driven, and invisible to outsiders 
  • SASE is the framework: integrates ZTNA alongside other security services via the cloud for holistic protection 

Several of our cyber security partners have extensive experience in zero trust strategies, playing a critical role in enabling this journey: 

One Identity logo in colour

for identity governance and access control

Zscaler logo in colour

for cloud-native ZTNA and secure access

Rubrik logo in colour

for data security and recovery

SentinelOne logo

for endpoint detection and response

Together with Phoenix, these technologies create a scalable, secure, and flexible security posture that supports your digital transformation goals without compromising on protection. 

Ready to explore how ZTNA and SASE can work for your organisation? Speak to our Cyber Security Specialists today to understand what’s right for your users, devices, and infrastructure. 

Get in touch
Image of a smiling IT support professional talking on a headset
Paul Jolliffe Headshot

About the author

As an accomplished and dynamic Chief Technical Security Officer, Paul has developed and delivered information security strategies globally across multiple clients and sectors.

He possesses over 20 years of experience providing expertise and leadership within information security covering security policies, procedures, technology solutions, risk management frameworks, and delivering innovative transformation programmes.