February 4, 2023


For computer aficionados

Legacy ZTNA Solutions Put You at Risk. It’s Time for ZTNA 2.0.

We dwell in a entire world exactly where get the job done is an activity, not a position. Pursuing the pandemic’s wake, extra than three-quarters of world-wide employees expressed that they want the solution to operate from house at least portion-time. For companies huge and tiny, this implies absolutely embracing hybrid perform. In the same way, most of our apps have moved from the security of the non-public information heart to the cloud. This craze has been accelerating, with 80% of companies embracing hybrid cloud approaches. The ability to present safe, seamless obtain to all apps from anywhere has in no way been extra essential.

Formerly, we secured the businesses by deploying many safety appliances in private details centers—like firewalls and internet proxies—and funneling all targeted traffic by means of them. Now that most applications and consumers have left the constructing, people connect straight to programs somewhat than heading into corporate headquarters or a branch place of work to access the apps they want to do their work opportunities.

This immediate-to-app change substantially raises the attack surface area, necessitating extra security and access controls to defend applications and facts. In an work to get back handle about the increasing assault area, zero believe in network access (ZTNA) remedies emerged.

The Limits of ZTNA 1.

Legacy ZTNA answers were introduced just about a 10 years back when the risk landscape, corporate networks, and how and in which people labored were vastly unique. These legacy options, regarded as ZTNA 1., no for a longer time align with the realities of operate, and malicious actors know how to exploit the gaps within just them.

ZTNA 1. offers organizations negligible defense as the systems run as a primary access broker. When a user requests obtain to an software, the broker verifies whether or not the consumer has permission to obtain an application. At the time the permission is confirmed, the broker grants entry, establishing a connection among person and software. And…that’s it. The user’s session is now “trusted,” so the broker goes absent, leaving the person with full accessibility to the software with no any more checking or scrutiny.

This is the architectural model of ZTNA 1.. This design is not just problematic in the context of today’s danger landscape, it’s hazardous. Right here are 5 means that ZTNA 1. puts businesses at danger:

  • Violates the theory of minimum privilege: ZTNA 1. is extremely permissive, granting access to purposes primarily based on old constructs like IP handle and port figures. This legacy approach doesn’t supply accessibility control to sub-applications or certain app features.
  • Enables and ignores: The moment access to an software is granted, ZTNA 1. implicitly trusts regardless of what or whoever accessed the application without having monitoring person, software, or product behavior changes.
  • No protection inspection: ZTNA 1. can’t detect or reduce malware or lateral motion throughout connections. It focuses on software accessibility, not securing site visitors to and from programs.
  • Doesn’t shield all enterprise knowledge: ZTNA 1. doesn’t give visibility or details control, leaving enterprises vulnerable to the chance of knowledge exfiltration from attackers or malicious insiders.
  • Can’t safe all programs: ZTNA 1. only secures a subset of non-public applications that use static ports, leaving non-public apps that use dynamic ports, cloud-indigenous purposes, or SaaS programs unprotected.

ZTNA 2. is a greater way to defend all people and every thing, all over the place

Keeping organization facts protected is hard now that perform can be done everywhere you go. ZTNA 2. solutions offer infinite scalability and comprehensive and constant protection for perimeterless corporations with:

  • Least privilege obtain: ZTNA 2. permits specific access control at the software and sub-software levels, unbiased of network constructs like IP and port figures.
  • Continual have faith in verification: Immediately after entry to an software is granted, ZTNA 2. presents continuous have faith in assessment based mostly on changes in unit posture, consumer conduct, and software habits.
  • Continuous safety inspection: ZTNA 2. utilizes deep and ongoing inspection of all software targeted traffic, even for allowed connections. This helps reduce all threats, which includes zero-day threats.
  • Defense of all facts: ZTNA 2. delivers steady management of facts throughout all programs, which includes non-public purposes and SaaS programs, with a solitary info reduction avoidance (DLP) coverage.
  • Protection for all apps: ZTNA 2. continually secures all varieties of programs utilised throughout the organization, such as modern-day cloud-native purposes, legacy non-public programs, and SaaS programs.

Check out our ZTNA 2. start event to discover about innovations and greatest procedures for securing the hybrid workforce with ZTNA 2..


Kumar Ramachandran serves as Senior Vice President of Goods for Protected Accessibility Company Edge (SASE) products at Palo Alto Networks. Kumar co-launched CloudGenix in March 2013 and was its CEO, creating the SD-WAN category. Prior to founding CloudGenix, Kumar held leadership roles in Merchandise Administration and Marketing for the multi-billion greenback branch routing and WAN optimization corporations at Cisco. Prior to Cisco, he managed apps and infrastructure for firms these as Citibank and Providian Financial. Kumar retains an MBA from UC Berkeley Haas Faculty of Business and a Master’s in Personal computer Science from the University of Bombay.