Zero Trust Network Access
-
Martin Harrod - 15 Mar, 2025
Overview
Designed and deployed a Zero Trust Network Access (ZTNA) architecture across multicloud environments (GCP, AWS, Azure). Implemented identity-aware proxies and conditional access controls to eliminate reliance on traditional VPNs. Enforced least-privilege IAM roles, mutual TLS authentication, and service account segmentation to secure developer and production access. Integrated device posture checks and logging pipelines for continuous monitoring.
Role
Director overseeing architecture and rollout with implementation executed by the extended security engineering team.
Impact
Replaced legacy perimeter-based models with modern Zero Trust, reducing lateral movement risk, improving user experience for developers, and strengthening compliance with enterprise security requirements. Accelerated SaaS adoption across business units by providing secure, seamless access without introducing operational friction.
Technologies, Frameworks, and Artifacts
- AWS Verified Access
- Azure AD App Proxy
- Identity-aware proxies and conditional access
- Least-privilege IAM and mTLS enforcement
