implementing-zero-trust-network-access
Installation
SKILL.md
Implementing Zero Trust Network Access
When to Use
- When replacing traditional VPN-based remote access with identity-based access controls
- When implementing micro-segmentation to limit lateral movement within cloud networks
- When compliance or security strategy requires zero trust architecture adoption
- When providing secure access to cloud workloads without exposing them to the public internet
- When building context-aware access policies based on user identity, device health, and location
Do not use as a complete replacement for network security controls (ZTNA complements but does not replace firewalls and network ACLs), for protecting internet-facing public applications (use WAF), or for IoT device access where identity-based authentication is not feasible.
Prerequisites
- Identity provider (Entra ID, Okta, Google Workspace) with MFA enforcement
- Cloud-native networking capabilities (AWS PrivateLink, Azure Private Link, GCP IAP)
- Device management solution (Intune, Jamf, CrowdStrike) for device posture assessment
- Service mesh or zero trust proxy (Cloudflare Access, Zscaler ZPA, or cloud-native IAP)
- Centralized logging for access decisions and policy enforcement