What is a service

We will first define, what is a service or resource.

A service or an application is a resource in your corporate. For example MySQL database is a service. Redis is another service. Mail server is a service. etc...

What is a Network?

A network is a group of services or resources.

What is Zero Trust Network Access?

Zero Trust paradigm means don't trust, always verify. Because of this rule, you can not connect clients to networks as VPN providers. VPN providers like OpenVPN give access to all services in your network. This is not suitable for Zero Trust paradigm.

Zero Trust says don't trust, always verify, which means you can not trust the connected user. When a client wants to connect to a database, you need to check client, if the client has access permission. If the client does not need to connect database, don't give access to the client.

Zero Trust says least privilege access, which means if the client has access to the database, is the client have permission to DROP the database?. Give to the client what the client needs, not more.

Zero Trust says micro-segmentation, which means giving access permission service by service, not all host services. Define each service as alone. Create MySQL service, redis redis, not access to the server

Zero Trust says monitor continuously, which means after accessing what connections and their actions.