This blog is part of our \u201c<\/i>ZTNA Partners<\/a><\/i>,\u201d a series where we take a closer look at how our partnerships protect today's hybrid workforces and environments with ZTNA 2.0.<\/i><\/p>\n Digital transformation is not a \u201csomeday\u201d goal but a \u201ctoday\u201d imperative. In this post-pandemic world, work is no longer just a place we go, but an activity we perform, with 82% of organizations<\/a> adopting a hybrid cloud strategy. In fact, most organizations use an average of 110 SaaS apps<\/a> within their environments. And, part of the challenge isn't just that apps are everywhere, but users are too \u2013 expanding the attack surface dramatically. When combined with a threat landscape that\u2019s becoming more sophisticated, it's a perfect storm that demands organizations do something different to limit exposure and provide better security.<\/p>\n Interest in and adoption of Zero Trust Network Access (ZTNA<\/a>) has exploded. However, the rapid transformation to hybrid work and hybrid networks\/clouds has exposed weaknesses in the first ZTNA approaches. As part of our unveiling of ZTNA 2.0<\/a> with Palo Alto Networks Prisma\u00ae Access<\/a>, I sat down with Andrew Rafla, Partner\/Principal and Cyber Risk\/Zero Trust Leader at Deloitte, to help demystify ZTNA and its evolution:<\/p>\n \u201cOne of the biggest challenges in achieving a Zero Trust state and truly moving toward this concept of \u2018never trust, always verify\u2019 is the fundamental understanding of the application and user estate,\u201d Andrew told me. \u201cIn other words, what applications exist within a client\u2019s environment, who should be able to access those applications, and under what conditions. These are fundamental questions that need to be answered, and only<\/em> a ZTNA 2.0<\/a> model helps to fully realize the benefits of the zero trust model.\u201d<\/p>\n Previous iterations of ZTNA fall short of these requirements. First and foremost, the first generation of ZTNA vendor implementations (which we call ZTNA 1.0) violate the core foundational principle of least privilege access by using an application\u2019s IP address or port number as a proxy for the application itself. Defining an application by network constructs invariably leads to a broad degree of access.<\/p>\n Imagine the analogy of securing a commercial airline flight. You show your boarding pass and driver's license when you go to an airport. Your license serves as a user ID, your boarding pass represents a resource to gain access \u2013 one plane at a specific gate, departure date and time, one seat in a specific section. With ZTNA 1.0, you get a boarding pass that just shows an IP address (essentially providing the address of the airport, but not limiting access to any plane at the airport).<\/p>\n The second limitation of ZTNA 1.0 is around \u201callow and ignore.\u201d Just because you get past TSA security doesn't mean you can do whatever you want. You can\u2019t disrupt flight attendants, or ignore rules. So you need continuous trust verification via continuous monitoring.<\/p>\n The third limitation has to do with data inspection and security. Returning to the airport analogy, this means that not only are the passengers (users) inspected, but also the luggage (data).<\/p>\n In a post-pandemic world, a ZTNA 2.0 model addresses these fundamental shortcomings to better protect today\u2019s hybrid workforce.<\/p>\n In the decade since Zero Trust was first introduced, the business environment has shifted dramatically. In our post-pandemic world, organizations realize their employees need flexibility not only where they work, but how they work and the applications they now utilize to get their work done.<\/p>\n \u201cThe mobile and the hybrid workforce is here to stay,\u201d Andrew explained during our conversation. \u201cMore and more organizations are realizing that people just want to work for organizations that provide flexibility in how they work and where they work and the devices that they work from. One of the considerations around achieving a Zero Trust environment is really about supportability \u2013 supporting the increasingly mobile and hybrid workforce. That requires compatibility with both traditional laptop and desktop devices, as well as the common operating systems found on mobile devices.\u201d<\/p>\n ZTNA 2.0 addresses these organizational requirements while maintaining the core fundamental principle of least-privileged access. It offers a consistent, frictionless end-user experience that maximizes security capabilities without any additional burden. And finally, it enables continuous trust verification \u2013 providing deep security and data protection for all applications.<\/p>\n When I asked Andrew what advice he would offer to organizations looking to adopt ZTNA 2.0, he offered several suggestions:<\/p>\n The journey toward Zero Trust is one that prioritizes business needs over technology \u2013 putting organization on the path to be more secure, agile and resilient to change in a post-pandemic world.<\/p>\n Palo Alto Networks Prisma Access is the industry\u2019s only ZTNA 2.0 solution. Combined with Deloitte\u2019s Zero Trust framework and professional services, Prisma Access helps organizations accelerate the adoption of a Zero Trust cybersecurity strategy.<\/p>\n<\/a>The Shortcomings of ZTNA 1.0<\/h2>\n
<\/a>Why Is Zero Trust Essential in a Post-Pandemic World?<\/h2>\n
<\/a>The Journey to Adopting ZTNA 2.0<\/h2>\n
\n