Many organizations have turned to Zero Trust Network Access (ZTNA) solutions to answer the challenges of providing secure access to data, apps and the network to users from any location. ZTNA can be roughly defined as a set of technologies that provide secure, remote and restricted access to applications. The phrases “just in time, and just enough” and “least privileged access” are often used to describe this technology. However, when evaluating ZTNA providers, it’s important to make sure they don’t implicitly trust users once they’ve connected.
Palo Alto Networks was recently listed as a representative vendor in Gartner’s Market Guide for Zero Trust Network Access, which states, “ZTNA augments traditional VPN technologies for application access, and removes the excessive trust once required to allow employees and partners to connect and collaborate.”1 To better understand why this is, you can break ZTNA into three steps.
This last step is where most ZTNA solutions stop: They don’t monitor user activity for threats after they connect. This approach makes two false assumptions. The first is that the credentials used to authenticate were not compromised. The second is you’ve only granted access to the applications the user “needs to use” and that you’re not trusting the user. Of course, that’s not true – you’re still trusting them with that application!
As organizations look for solutions to help them apply ZTNA capabilities, it is important to look for solutions that offer a better approach to trust – solutions that can be part of a true Zero Trust strategy. This means seeking out solutions that not only authenticate before a user is given access but continue to do so throughout the user’s entire session connected to the network.
Prisma Access is Palo Alto Networks solution for ZTNA, delivering on the core tenets of limiting user access to only the applications they should have access to, while simultaneously preventing data exfiltration or threats from compromised endpoints. Prisma Access enables organizations to do the following:
When employing ZTNA, organizations need to fully commit to embracing the Zero Trust concept of explicit identity-based trust. Secure remote access buttressed by identity or role-based authentication is important, but it’s only part of truly effective ZTNA. Staying true to the philosophy of Zero Trust requires monitoring user activity for threats even after a user connects to privileged resources. Read Gartner’s Market Guide for Zero Trust Network Access report to learn more.
1 Gartner, “Market Guide for Zero Trust Network Access,” Steve Riley, Neil MacDonald, Lawrence Orans, June 8, 20120.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.