Zero Trust Essentials
The services with foundational Zero Trust elements
Zero Trust Essential is our designation for a specific set of services that are fundamental to any serious Zero Trust architecture.
These products and capabilities aren’t labelled "Zero Trust" on their own – and we’re not trying to stretch the definition. But they’re critical building blocks. Without them, Zero Trust can't be enforced. You can't reduce implicit trust if you haven't removed default access. You can't make dynamic decisions if there's no identity data. You can't protect traffic if it's not encrypted.
You can't do Zero Trust without them. They aren't Zero Trust on their own.
Foundational elements
As we’ve developed the evolving ZERO platform, we’ve taken a clear position: these services matter, and they must be included. We’ve defined them, integrated them, and tagged them across our product set as Zero Trust Essential. That label links back here – so you can see exactly how they fit into a complete, coherent model.
This isn’t marketing filler. It’s the groundwork for secure, enforceable policy across any environment – and a critical part of the journey from traditional networking to Zero Trust.
Strong encryption
Network segmentation
Default deny inbound
Identity based access control
Your journey to Zero Trust
You probably already employ some of these foundational Zero Trust elements in your network and security stack now.
By expanding and completing the framework, we are acknowledging that these are features that start your Zero Trust journey, and allow you to build incrementally, fully understanding the direction of travel.
What’s included in Zero Trust Essential?
Encryption everywhere
Traffic must be encrypted across all edges – from site to site, cloud to cloud, user to app. This includes:
SDWAN tunnels over the internet
Encrypted links to cloud and SaaS providers
ExpressRoute, Direct Connect, and private circuits secured with overlay encryption
We provide this through the Secure Access Fabric – which forms an encrypted, policy-aware transport layer across your entire environment.
Traditional network segmentation
VLANs, VRFs, subnet isolation, and basic ACLs are foundational for reducing blast radius. They’re static, they’re implicit – but they matter.
Isolating finance from general users
Using VRFs to separate guest environments
Preventing direct traffic between DMZ and internal zones
Our services support full standards-based segmentation – VLANs, trunking, VRFs, and per-zone routing – integrated with observability and policy control.
Zero Trust Firewall
A default-deny posture is essential – even if enforcement isn’t identity-aware (yet). It’s about removing implicit access, even within the network.
Deny inbound by default
Deny lateral movement between segments
Only allow traffic that is explicitly needed
Our Firewall-as-a-Service (FWaaS) enforces this principle natively within the Secure Access Fabric – everywhere, not just at the perimeter.
Why it matters
If you layer identity and adaptive policy on top of a flat, unencrypted, trust-everything network – which is essentially what a ZTNA-only deployment consists of, then you'll fall into the trap of merely box ticking Zero Trust.
But Zero Trust goes further than that. Don't trust your ISP. Don't trust the cloud peering provider.
We treat these not as optional extras, but as required infrastructure, and the launchpad for a full Zero Surface Architecture. They’re included in every deployment – and they’re the basis for full Zero Trust enforcement, ZTNA, microsegmentation, and the elimination of lateral movement in your network.
A New Approach to Zero Trust
Our vision rebuilds the network around the idea that no route, flow, or connection should exist unless explicitly permitted.
Redefining the perimeter
Why trust, not infrastructure, is the foundation of modern network security.
Zero Trust starts at the LAN
The local network, long assumed to be safe, is typically the least segmented, least monitored, and most vulnerable part of any organisation's infrastructure.
Connectivity as a Service
We supply and manage the WAN – broadband, fibre, LTE – integrated with our platform. One provider, one service, full control.
Make ZERO the new default
Evolving ZTNA
Secure private access without detouring traffic to a distant cloud broker.
Evolving Zero SDWAN
True Zero Trust security fully native to your network, deployed on every data flow, enforced with every policy and at every edge.
Evolving Zero Trust Firewall
Perimeter firewalling delivering essential network protection with simplicity and efficiency.
Evolving Identity Management
Integrated modern identity management for flexible, policy-driven access at scale.
Evolving ZT Segmentation
Eliminate lateral movement, with per-device micro-segmentation at LAN and WAN level.
Evolving Firewall as a Service
Build your own bespoke security posture with an integrated and modular full stack managed security offering.
Evolving ZT Guest Gateway
BYOD and guest WiFi enabled via secure network segmentation with dedicated filtering and firewalling.
Evolving ZT Internet Access
Identity aware enforcement. The convergence of routing, enforcement, segmentation, access control and encryption.
With evolving ZERO, you can compose the Zero Trust stack that your business needs now, and augment it in the future.