Zero Trust Access
Zero Trust Access Module is enabled and running when you see "Enrolled in Zero Trust Access" in the Cisco Secure Client Tile. This access is about knowing, understanding, and controlling who and what is on your network. By definitively knowing who a user is, the appropriate level of access is granted based on the person's role or function, and what network rights those roles are entitled to. Beyond AnyConnect VPN, it offers more granular control and a secure user experience for a complete network. While VPN trusts anyone or anything that passes network control, the Zero Trust Access approach is to not trust any user or device with access until proven. No one is automatically trusted; and once verified, only limited access is given and re-verified. It extends the zero-trust model beyond the network and reduces the attack surface by hiding applications from the internet.
Currently, the Zero Trust Access Module only supports the Cisco Secure Access service. Refer to Secure Access documentation for additional details. It covers configuring private resources to allow zero-trust connections, setting up access rules to determine who can access the resource using those connections, traffic steering, and so on.