Zero Trust Network

Overview

Villanova is developing a Zero Trust Network Access architecture to enhance security and streamline user access across campus. User endpoints, including those for faculty, staff, and students, must meet basic requirements and be verified before gaining full access to the local network.

What is Zero Trust Network Access (ZTNA)?

Zero Trust Network Access (ZTNA) is an IT security service that provides secure, authenticated, and authorized access to applications and data by verifying every user and device, regardless of their location, and granting access only to the specific resources needed.

The service eliminates implicit trust by implementing a "never trust, always verify" model, offering granular, point-to-point connectivity for each session to reduce attack surfaces and limit the impact of potential breaches. The ZTNA service provides seamless, certificate-based authentication for both managed and “bring your own device” (BYOD) devices, thereby enhancing network security and the overall user experience.

Features & Benefits

Implement certificate-based authentication using SecureW2 to replace password-based access for wired, wireless, or cloud applications to provide:

  • User and device security: ensuring users and devices can be trusted to access resources consistently, regardless of location.
  • Simplified network access: simplified access for today’s hybrid workforce.
  • Optimized user experience: minimize risk, such as malware.
  • Identity protection: continuous identity verification.

Project Scope

The project will begin with a pilot at Cabrini Campus for incoming students, focusing on both wired and wireless network authentication, before expanding University-wide. Additional tiering can be leveraged based on device type, as well as user-level authentication, and users can be assigned to appropriate VLANs with defined access as necessary. This will apply to publicly available end-user networks, including wireless and wired networks. Our controlled networks, such as those within data centers or other physically secure locations, are out of scope.

Project Goals

  • Secure campus network access for users and devices.
  • Implement seamless authentication for managed and personal devices.
  • Centralize network traffic through high-capacity switches.
  • Reduce reliance on passwords by using certificate-based authentication.

Timeline

The project spans from Spring 2026 through ongoing optimization, starting with planning and pilot deployment at Cabrini, followed by university-wide rollout.Project phases are estimated depending on funding, resource availability, pilot feedback, and organizational priorities.

Project Team

Executive Sponsor

  • Tej Patel,Vice President for Information Technology and Chief Information Officer

Project Steering Committee

  • Matt Morrissey,Assistant Vice President ofTechnology Infrastructure and Research Computing
  • Leonard Nelson,Assistant Vice President andChief Information Security Officer
  • Julien Rossow-Greenberg,Assistant Vice President ofCustomer Experience and IT Support

Project Management and Change Management

  • Ben Alfonsi,Senior Enterprise Project Manager
  • Will Marsh,Assistant Director, Digital Experience and Learning

Project Operational Team

  • Charlie Cooper,Senior Network Engineer
  • Vince Czyzewski,Director, Network and Communication Services
  • Mike Kriwonos,Senior Manager, Linux Systems Administration
  • Gavin Printz,Senior Network Security Administrator, Information Security
  • Chris Onofray,Systems Administrator, Windows & Citrix Services
  • Pete Palladino,Solutions Architect
  • Josh Poinsett,Executive Director, Cloud & Research Computing Systems
  • Tim Ryan,Assistant Director, Network & Communication Services
  • Tyler Sears,Network Security Administrator

Frequently Asked Questions

  • What is the Zero Trust Network Access (ZTNA) project?
    The ZTNA project is a new 鶹 initiative to enhance network security and streamline user access. It verifies every user and device, regardless of location, before granting access to specific network resources, eliminating the concept of implicit trust.

  • Why is Villanova implementing ZTNA?
    The project's goals are to secure campus network access for all users and devices, implement seamless authentication, centralize network traffic, and reduce reliance on passwords through certificate-based authentication.

  • What is the core principle of ZTNA?
    The core principle is "never trust, always verify." Every user and device must be authenticated and authorized before gaining access to network resources.

  • Which users and devices are affected by this change?
    All user endpoints, including those used by faculty, staff, and students, must align with basic requirements and undergo verification to gain full access to the local network.

  • Which parts of the network are in scope for the ZTNA project?
    The project applies to publicly available end-user networks, including wireless and wired networks.

  • Which networks are NOT included in the scope?
    Controlled networks, such as those within data centers or other physically secured locations, are not in scope for this project.

  • How will ZTNA affect my personal (BYOD) and managed devices?
    The ZTNA service provides seamless, certificate-based authentication for both managed devices and "bring your own device" (BYOD) devices, enhancing security and improving the overall user experience.

  • How will I authenticate to the network under ZTNA?
    The project will reduce reliance on traditional passwords by using certificate-based authentication (powered by SecureW2) to access wired, wireless, and cloud applications.

  • What benefits will ZTNA provide? Key benefits included?
    • Enhanced user and device security by continuously verifying trust.
    • Simplified network access for today’s hybrid workforce.
    • Optimized user experience and reduced risk (e.g., malware).
    • Continuous identity protection.

  • Where will the ZTNA system be deployed first?
    The initial pilot deployment will take place at the Cabrini Campus for incoming students during Winter 2026.

  • When will ZTNA be rolled out to the main campus?
    Full rollout and optimization for the Main Campus (including Administrative, Residential, Academic, and Athletics Buildings) is scheduled for Spring – Summer 2026.

  • Who is leading this project?
    The Executive Sponsor is Tej Patel,Vice President forInformation Technology and Chief Information Officer.

  • Where can I find more technical information about the authentication process?
    The project leverages SecureW2. You can refer to their .

  • Have additional questions?
    Any questions or inquiries related to Zero Trust Network Access, please email support@villanova.edu.