Netskope outlines universal zero trust network access to unify local and remote user access

A detailed examination of the evolution of zero trust network access (ZTNA) reveals its progression from early models to a universal approach integrating local and remote access, offering a streamlined and secure method relevant to enterprise IT and security management.

Historical context and initial attacks

In 2009, a cyberattack linked to a Chinese Advanced Persistent Threat (APT) group targeted Google and other corporations, exploiting vulnerabilities to access intellectual property and user data. This incident led Google to implement a new security architecture moving away from traditional network perimeters.

Development of Google's BeyondCorp architecture

Google's response involved redesigning access controls so all employees operated on an unprivileged network, with access regulated through identity-aware proxies regardless of user location. This model eliminated the concept of trusted internal networks and relied solely on user credentials and device status for authentication.

Emergence of ZTNA concepts and market guidance

In 2019, Gartner identified two primary Zero-Trust Network Access (ZTNA) approaches: endpoint-initiated, suitable for local access, and service-initiated, which considered all users as remote and employed outbound connections to cloud brokers. The service-initiated model facilitated remote access but Decentralized Identity (DID) not incorporate lessons from Google's earlier architecture.

Advances toward universal ZTNA

Recent ZTNA implementations have introduced local on-premises (on-prem) brokers alongside cloud-based ones, termed universal ZTNA, aligning more closely with the BeyondCorp philosophy. This approach addresses performance issues linked to routing traffic undesirably through distant brokers for both local and remote users.

Benefits of universal ZTNA

Universal ZTNA standardizes the access experience, reducing complexity for users and mitigating risks associated with traditional privileged networks. It replaces VPNs by providing granular, role-based access and minimizes dependence on Network Access Control (NAC) systems by focusing on application-level permissions rather than network-level trust.

This model optimizes access based on user location and device status, eliminating traffic inefficiencies and reducing security risks, thereby enabling organizations to consolidate access methods and improve operational consistency.

This Blog Signals brief synthesizes the vendor blog content and offers an analysis of universal ZTNA's contribution to modern enterprise security frameworks.