Presidio and Palo Alto Networks Secure Hybrid Workforces with ZTNA 2.0

This post is also available in: 日本語 (Japanese)

This is the first post of “ZTNA Partners,” a series where we take a closer look at how our partnerships protect today's hybrid workforces and environments with ZTNA 2.0.

Up until 2020, digital transformation was among the long-term goals of many organizations. The global pandemic changed all that, compressing the timeframe for digital transformation from years to months, weeks or even days. Suddenly businesses had to support hybrid workforces, new distribution and sales channels, as well as soaring customer expectations.

As they worked to meet the new business demands of the past two years, organizations rapidly expanded their use of clouds by more than 25%, but struggled with comprehensive security, compliance and technical complexity. At the same time, the cyberthreat landscape has become increasingly menacing. It’s clear that organizations need a new approach to security to align with these trends and allow companies to reap the benefits of digital transformation while protecting data and operations from cyber attacks.

The Evolution of Zero Trust

Zero Trust Network Access (ZTNA) is a framework designed to provide secure remote access to applications and services based on granular-defined, least-access control policies. Unlike virtual private networks (VPNs), which grant complete access to an organization’s network, ZTNA solutions only allow users to utilize services to which they’ve been explicitly granted access. The ZTNA service allows access to an application through a secure, encrypted tunnel only after authentication. ZTNA also allows organizations to implement location or device-specific access control policies to prevent unpatched or vulnerable devices from connecting to corporate services.

However, ZTNA solutions were initially conceived at a point in time when remote work was not mission critical, and application constructs, cloud adoption and connectivity requirements were vastly different. The rapid shift to remote and hybrid work, coupled with the increased appetite in cloud adoption, is fueling direct-to-application architectures. This has exposed significant gaps in first generation ZTNA products (which we call, ZTNA 1.0). First, they violate the principle of least privilege, providing too much access with too little protections. Many ZTNA 1.0 solutions identify an application based on ephemeral network constructs, which can expose more surface area than necessary. In addition, these solutions provide access to entire applications, unable to restrict access to specific functions within the application.

Another gap in ZTNA 1.0 solutions is that they incorporate an “allow and ignore” model. This means that once users gain access to an app, that communication is implicitly trusted forever – justifiably or not. ZTNA 1.0 cannot detect or prevent lateral movement across connections once a user is allowed app access.

What’s more, these solutions offer little to no data visibility or control. Nor can they properly secure microservice-based cloud native apps or server-initiated apps, like helpdesk or patching systems. And, they completely ignore SaaS applications, which now represent the majority of enterprise apps.

Welcome to ZTNA 2.0 — Zero Trust with Zero Nonsense

Presidio and Palo Alto Networks have partnered to overcome the limitations of legacy ZTNA solutions with ZTNA 2.0 – a new paradigm shift that protects today’s hybrid workforces and environments by delivering five principles:

  1. Least Privilege Access: Unlike legacy ZTNA solutions that attempt to identify applications using network constructs, like IP address and port numbers, Prisma Access identifies applications at Layer 7 to precisely control access at the app and sub-app levels, including the ability to control functions, such as download or upload.
  2. Continuous Trust Verification: Prisma Access continuously assesses users, devices and application traffic, and it verifies trust via patented mechanisms that recognize suspicious activity, detects device noncompliance and app authorization.
  3. Continuous Security Inspection: Prisma Access leverages advanced threat-prevention technologies, including artificial intelligence (AI) and machine learning (ML) to provide real-time protection that prevents up to 95% of unknown threats, resulting in a 99.5% reduction in infected systems.
  4. Complete Data Protection: Prisma Access provides consistent control of data across all apps used in the enterprise, including private apps and SaaS, with a single data loss protection (DLP) policy.
  5. Complete App Protection: It doesn’t matter the type of application used across the enterprise, whether they’re cloud-native apps, legacy private apps or SaaS apps. They’re secured in the same comprehensive way.

Purpose-built in the cloud to secure at cloud scale, ZTNA 2.0 delivered from Prisma Access is designed around an easy-to-use, unified security product that protects all application traffic with best-in-class capabilities, helping to keep up with today’s threats and prepare you for tomorrow’s.

“The workplace is no longer just headquarters – the workforce is everywhere, requiring cloud and mobile technologies,” says Dave Trader, Field CISO Presidio. As such, rethinking Zero Trust and adopting ZTNA 2.0 is essential for modern, hybrid organizations to prevent threats.

Presidio and Palo Alto Networks have changed the game by making network security intelligent and proactive. Presidio provides end-to-end support for your organization’s Palo Alto Networks security deployment. This enables better, faster security operations today, and better threat-handling in the future with the industry’s first comprehensive product suite for security operations.

As the digital world evolves, our solutions will continue to evolve to meet organization’s cybersecurity demands. Watch our special launch event where we discuss innovations and best practices for securing the hybrid workforces with ZTNA 2.0 and Prisma Access.