Identity centric ZTNA for hybrid work: are your controls keeping up?

TL;DR: Identity centric ZTNA shifts access decisions from static passwords and perimeter trust to continuous verification, adaptive policies, and least privilege across remote work, cloud, third-party, and device contexts, according to Whiteswan Security. The security model matters because traditional IAM assumptions break down when access must be re-evaluated in real time across users, devices, and applications.

NHIMG editorial — based on content published by Whiteswan Security: Identity centric ZTNA and the evolution of endpoint security

By the numbers:

• The escalating frequency of data compromises, breaches, leaks, and exposures in 2022 affected over 422 million individuals in the United States alone.
• The same year saw 1,802 data compromises in the United States.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams implement identity centric ZTNA in hybrid environments?

A: Start by defining the resources that should be app-scoped, then tie access to identity, device posture, and session context.

Q: Why do traditional VPN and perimeter models fail for modern access control?

A: They assume that once a user is inside the network, trust can be broad and durable.

Q: When should organisations prioritise ZTNA over broader network access models?

A: Prioritise it when remote work, third-party connectivity, or cloud application use makes broad network access too risky to sustain.

Practitioner guidance

• Separate user identity from device trust decisions Define which signals are required for session approval, then validate whether device posture can be re-checked during the session rather than only at sign-in.
• Limit remote access to specific applications Replace broad network-level access with app-scoped entitlements so that a successful login does not expose adjacent internal resources.
• Review third-party and contractor access lifecycles Make sure external users are offboarded promptly, recertified on schedule, and removed from stale access paths that ZTNA would otherwise continue to permit.

What's in the full article

Whiteswan Security's full article covers the operational detail this post intentionally leaves for the source:

• The comparative breakdown of ZTNA versus on-premises firewall VPN behaviour across access control, scalability, and compliance.
• The article's application examples for remote access, cloud connectivity, third-party vendor access, microservices, and IoT device security.
• The platform framing around Zero Standing Privileges and how that changes secure access design in practice.
• The vendor's own discussion of user experience, performance, and network complexity trade-offs in hybrid environments.

👉 Read Whiteswan Security's analysis of identity centric ZTNA for hybrid access →

Identity centric ZTNA for hybrid work: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →