* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://origin-researchcenter.paloaltonetworks.com/blog/category/announcement/)
* Why the World Needs ZTNA ...

# Why the World Needs ZTNA 2.0

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fthe-world-needs-ztna-2-0-for-todays-hybrid-workforce%2F)  
[](https://twitter.com/share?text=Why+the+World+Needs+ZTNA+2.0&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fthe-world-needs-ztna-2-0-for-todays-hybrid-workforce%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fthe-world-needs-ztna-2-0-for-todays-hybrid-workforce%2F&title=Why+the+World+Needs+ZTNA+2.0&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2022/05/the-world-needs-ztna-2-0-for-todays-hybrid-workforce/&ts=markdown)  
\[\](mailto:?subject=Why the World Needs ZTNA 2.0)  
Link copied  
By [Nir Zuk](https://www.paloaltonetworks.com/blog/author/nir-zuk/?ts=markdown "Posts by Nir Zuk")  
May 11, 2022  
4 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[hybrid workforce](https://www.paloaltonetworks.com/blog/tag/hybrid-workforce/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)  
[ZTNA](https://www.paloaltonetworks.com/blog/tag/ztna/?ts=markdown)  
[ZTNA 2.0](https://www.paloaltonetworks.com/blog/tag/ztna-2-0/?ts=markdown)

This post is also available in: [简体中文 (Chinese (Simplified))](https://origin-researchcenter.paloaltonetworks.com/blog/2022/06/the-world-needs-ztna-2-0-for-todays-hybrid-workforce/?lang=zh-hans "Switch to Chinese (Simplified)(简体中文)") [繁體中文 (Chinese (Traditional))](https://origin-researchcenter.paloaltonetworks.com/blog/2022/06/the-world-needs-ztna-2-0-for-todays-hybrid-workforce/?lang=zh-hant "Switch to Chinese (Traditional)(繁體中文)") [日本語 (Japanese)](https://origin-researchcenter.paloaltonetworks.com/blog/2022/05/the-world-needs-ztna-2-0-for-todays-hybrid-workforce/?lang=ja "Switch to Japanese(日本語)") [한국어 (Korean)](https://origin-researchcenter.paloaltonetworks.com/blog/2022/06/the-world-needs-ztna-2-0-for-todays-hybrid-workforce/?lang=ko "Switch to Korean(한국어)")

Interest in Zero Trust has exploded recently, partly due to its catchy name and seemingly broad usage throughout the cyber security industry (Zero Trust washing?). But, there is also another more compelling reason for the rise in interest in Zero Trust -- we really need it.

When speaking with customers, many of them tell me they are struggling to get a handle on the risks associated with hybrid work and direct-to-app connectivity. The new reality is that our attack surfaces have expanded dramatically while cyberattacks continue to grow in volume and sophistication. The whack-a-mole approach of deploying a new tool for every type of application or threat makes security management and enforcement way too complex.

Most organizations have discovered that old and clunky VPN-based solutions just don't cut it from a security and performance perspective. These legacy solutions have no concept of context and thus do not understand how to apply application, user or device-based, least privilege access. Instead, they give trusted access to entire network segments. In the world of hybrid work and cloud migration, legacy VPN is dead.

[Zero Trust Network Access](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access) (ZTNA) approaches emerged to address the challenges caused by legacy VPN. However, the first generation of products (which we call ZTNA 1.0) have proven more dangerous than helpful because of several critical limitations:

* \*\*Too Much Access is Not Zero Trust --\*\*Supports only coarse-grained access controls while classifying applications based on L3/L4 network constructs, such as IP address and port numbers. Thus, ZTNA 1.0 provides way too much access, especially for apps that use dynamic ports or IP addresses.
* \*\*Allow and Ignore --\*\*Once access to an app is granted, that communication is then trusted forever. ZTNA 1.0 assumes that the user and the app will always behave in a trustworthy manner, which is a recipe for disaster.
* **Too Little Security --** Only supports a subset of private apps while unable to properly secure microservice-based, cloud-native apps -- apps that use dynamic ports like voice and video apps, or server-initiated apps like Helpdesk and patching systems. Moreover, legacy ZTNA approaches completely ignore SaaS apps and have little to no visibility or control over data.

Clearly, ZTNA 1.0 falls short on the promise of replacing legacy VPN. We need a different approach.

## Introducing ZTNA 2.0

At Palo Alto Networks, we believe it's time to move towards a new approach we're calling ZTNA 2.0. Delivered from Prisma Access, ZTNA 2.0 is designed around an easy-to-use, unified security product. ZTNA 2.0 solves the shortcomings of ZTNA 1.0 by delivering the following:

* **Least Privilege Access**-- Achieved by identifying applications at layer 7, enabling precise access control at the app and sub-app levels, independent of network constructs like IP and port numbers.
* **Continuous Trust Verification** -- Once access to an app is granted, trust is continually assessed based on changes in device posture, user behavior and app behavior.
* **Continuous Security Inspection**-- Providing deep and ongoing inspection of all traffic, even for allowed connections, to prevent all threats including zero-day threats.
* **Protection of All Data**-- Providing consistent control of data across all apps used in the enterprise including private apps and SaaS, with a single DLP policy.
* **Security for All Apps** -- Safeguarding all applications used across the enterprise, including modern cloud-native apps, legacy private apps and SaaS apps. This includes apps that use dynamic ports and apps that leverage server-initiated connections.

Today, work is no longer a place we go, but an activity we perform. At the height of the pandemic, many businesses focused on trying to scale their VPN infrastructure. When that didn't work, they quickly pivoted to the ZTNA 1.0 solution, only to discover it didn't live up to their expectations. ZTNA 2.0 is the necessary paradigm shift to overcome the existing limitations of ZTNA 1.0, and it is the right architecture to support your organization in the long term.

[Join me on June 15](https://start.paloaltonetworks.com/zero-trust-with-zero-exceptions) where I'll be discussing in more depth how ZTNA 2.0 with Prisma Access can secure your hybrid workforce.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### We've Got Next...Again](https://origin-researchcenter.paloaltonetworks.com/blog/2022/06/weve-got-next-again/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks and Verizon Champion a New Cybersecurity Approach](https://origin-researchcenter.paloaltonetworks.com/blog/2022/11/a-new-cybersecurity-approach/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Extending Our SASE Leadership with Next-Gen CASB Innovations](https://origin-researchcenter.paloaltonetworks.com/blog/2022/08/sase-leadership-with-next-gen-casb-innovations/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### ZTNA 1.0's Security Inspection Problem](https://origin-researchcenter.paloaltonetworks.com/blog/2022/06/security-inspection-problem/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Why ZTNA 1.0's Allow-and-Ignore Model Is a Recipe for Disaster](https://origin-researchcenter.paloaltonetworks.com/blog/2022/05/allow-and-ignore-model-is-a-recipe-for-disaster/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Achieve True Zero Trust and Peak Performance with Prisma Access 6.1](https://origin-researchcenter.paloaltonetworks.com/blog/sase/achieve-true-zero-trust-and-peak-performance-with-prisma-access-6-1/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language