This post is also available in: 日本語 (Japanese)
This is part 4 of “ZTNA Straight Talk,” a 5-part series where we take a closer look at the five tenets of ZTNA 2.0, the new standard for securing access.
In today’s Information Age, data is gold. Modern enterprises are responsible for protecting the sensitive information of customers and employees, business secrets, and their intellectual property from accidental leakage or theft in a security climate where breaches are increasingly prevalent.
The pandemic brought about a dramatic shift to hybrid work, requiring employees to access sensitive data from anywhere. And the explosion of SaaS apps means that the data lives virtually everywhere. How is it possible to secure data consistently under these circumstances?
Organizations look to ZTNA as the new way to securely connect their hybrid workforce with the applications and data they need. However, earlier ZTNA versions – ZTNA 1.0 – don’t always take data protection into account.
I previously highlighted some of the deficiencies in ZTNA 1.0 approaches, such as violating the principle of least privilege and the concept of “allow and ignore,” which are fundamental flaws that expose organizations to increased risks. Another key area of deficiency is a lack of consistent and robust data protection for all enterprise apps. And, just like allow and ignore, lacking consistent data protection for any app is a recipe for disaster.
ZTNA 1.0 solutions don’t provide data protection, especially the data within private applications. Our application traffic is a mix of private cloud, public cloud, internet and SaaS, not just internet and SaaS. ZTNA 1.0 solutions completely lack visibility into data exfiltration or loss, thus providing no data protection for any private apps. This leaves most of the organization’s app traffic (especially the custom-built private apps) vulnerable to data exfiltration from malicious insiders or external attackers and requires completely different data loss prevention (DLP) solutions to protect sensitive data in SaaS applications. This introduces more complexity and risk as it requires organizations to use multiple point products to secure data everywhere.
With ZTNA 1.0 approaches, you have to manually create different policies on different screens, each with a different list of controls. You also have to manually reconcile these policies to express security intent with any degree of certainty and auditability. This is impossible to achieve for anything more than a handful of apps, which inevitably leads to over-privileged access and policy gaps. This in turn, leads to breaches.
ZTNA 2.0, delivered by Prisma Access, offers consistent, comprehensive data visibility and control across all apps used in the enterprise, including private apps and SaaS, with a single DLP policy. Instead of just focusing on a subset of enterprise apps, Prisma Access was purpose-built to secure all app traffic and data across all ports and protocols, from a single, unified solution. This means the same robust data protections that govern SaaS applications can also be applied to any app, even legacy premises-based applications in private data centers, and be managed all from a single policy.
Your hybrid workforce needs access to SaaS and private apps, and the internet-at-large to get work done. Providing data protection for a just portion of those apps leaves organizations and their data ripe for exploitation and exfiltration. ZTNA 2.0 with Prisma Access incorporates the industry’s most comprehensive cloud-delivered enterprise DLP, powered by machine learning to accurately protect sensitive data in real-time, across all applications.
Pursuing a true Zero Trust posture is a journey, and protecting data consistently, regardless of where it’s located or accessed from, is an important step. That’s why consistent control of data across all apps used in the enterprise, including private apps and SaaS, is a core pillar of ZTNA 2.0.
Watch our ZTNA 2.0 launch event, where we’ll discuss innovations and best practices for securing the hybrid workforce with ZTNA 2.0. Stay tuned for next week’s Palo Alto Networks blog, where I’ll discuss the final principle of ZTNA 2.0.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.