This post is also available in: 日本語 (Japanese)
This blog is part of “ZTNA Partners,” a series where we take a closer look at how our partnerships protect today's hybrid workforces and environments with ZTNA 2.0.
It should come as no surprise that the pandemic changed how businesses conduct their operations. Whatever the industry, the post-pandemic world has ushered in two major and long-lasting impacts to network security. The first is the hybrid workforce. For most enterprises, employees are becoming more fluid – working from home, on the road, in a branch office. Nearly three-quarters of U.S. companies are already using or plan to implement a hybrid work model. Second, the application delivery model has truly become multi-cloud, with 92% of all enterprises now adopting a multi-cloud strategy. Therefore, ZTNA 2.0 is a critical step in your SASE journey.
With two decades of digital transformation compressed into two despairing years, it’s time for a fundamental change in the way enterprises architect their networks to ensure security. In place of a data-centric architecture, they must now design for a user-centric approach, meaning the users and applications must be connected directly without compromising security. In this blog, we’ll introduce the solution: secure access service edge (SASE), a cybersecurity concept that Gartner first described in 2019. As you’ll see, for Wipro and Palo Alto Networks, SASE is more than just a concept or framework. It’s a real-world solution that brings tremendous value to our customers.
Fundamentally, the workplace has changed, and the entire definition of network and security has undergone a paradigm shift. In our recent discussion with IDG on how to build a SASE strategy, we discussed what’s driving the tremendous acceleration in SASE adoption and the need for SASE in today's market.
SASE is the convergence of wide area networking (WAN) and network security services, such as Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS) and Zero Trust Network Access (ZTNA) into a single, cloud-delivered service model. Central to SASE is a Zero Trust Model that enforces policies based on user, application and device in real time. A key tenet of Zero Trust and ZTNA is least privilege access: limiting access to the end-users to receive only the minimum level of access necessary to perform the routine task at hand.
Traditional network approaches and technologies no longer provide the levels of security and access control that digital organizations need. For example, legacy network architectures don't scale for hybrid work or multi-cloud. This creates gaps in security with inconsistent capabilities and policies that depend on a user’s physical location. The result is not only higher risk, but poor user experience as backhauling traffic to a data center for security policy enforcement creates latency and additional load on the network.
When it comes to networking and security services, SASE offers more than just a concept. It's an architectural strategy for enabling the future of work safely and without disruption. Organizations can safeguard their branch offices with the Zero Trust paradigm while providing the best possible user experience. A Zero Trust Model can bring tremendous value to the enterprise in several ways:
- Greater Visibility – Threat exposures are complex and diverse. SASE brings complete visibility end to end. It also aggregates threat intelligence, so IT teams can manage these threats cohesively and effectively in real time with ease.
- Scalability – Today’s organizations are massively distributed. They can’t rely on inflexible, on-premises infrastructure for security. SASE offers a cloud-based solution that is far more scalable and flexible.
- Ease of Management – SASE streamlines the management of multiple components, ranging from software-defined WAN (SD-WAN) to the cloud with a single pane of glass.
- Reduced Threat Surface – SASE with ZTNA shrinks the threat surface considerably by limiting access to a specific, verified user on a specific application in real time, rather than an entire network.
- Improved User Experience – Whether a user is connecting from a branch office via SD-WAN or from a mobile device, they are connecting directly to the application they need, without connecting back to a data center and creating a bottleneck.
Start Your SASE Journey with ZTNA 2.0
Unfortunately, early iterations of ZTNA (ZTNA 1.0) failed to meet the basic principles of Zero Trust. They relied on networking constructs, such as IP addresses and port numbers to define applications, which ultimately failed to limit access and increased the attack surface. Additionally, once a user gained access to an application, ZTNA 1.0 took an allow-and-ignore approach, essentially implicitly trusting a connection and giving the user free rein for any activity. It did nothing to protect critical business sensitive data.
ZTNA 2.0 overcomes these limitations by combining fine-grained, least-privileged access with continuous trust verification and deep, ongoing security inspection to protect all users, devices, apps and data everywhere. What’s more, ZTNA 2.0 does all of this with unified visibility and unified management, consistent policy and shared data for all users and all apps.
Secure access service edge solutions that incorporate ZTNA 2.0, identity-based authentication and granular access-control capabilities provide a more complete, holistic approach. Once you have a robust ZTNA framework in your organization, you can then begin to leverage it to address additional use cases as your needs evolve, such as protecting internet access, SaaS application security, as well as consistent protection for all critical data.
When building out a SASE framework, starting with a ZTNA 2.0 solution, such as Prisma Access from Palo Alto Networks, lets you reap the biggest benefits in the shortest amount of time.
Companies are adopting SASE through a multi-phased approach that starts with deeply examining an organization’s existing network and security infrastructure, application and user experience landscape to create a tailored approach.
Wipro recommends they take a four-step approach – consult, design, deploy and manage. Customers can then gain a complete view of the SASE architecture and roadmap, extracting the true power of SASE that it gives to the enterprise in a multi-cloud distributed hybrid work environment and driving adoption at scale.
The partnership between Wipro and Palo Alto Networks offers organizations an industry-leading SASE platform with a managed solution that secures all application traffic. Customers receive best-in-class security at scale and work-from-anywhere digital experiences by merging industry-leading capabilities into a single, cloud-delivered platform.
As enterprises transform and more users access business resources remotely, the number of cyber threats is rising rapidly. A successful Zero Trust approach should be fine-tuned as threats evolve and an organization’s needs change. In collaboration with Palo Alto Networks, Wipro advises its customers on ZTNA 2.0 concepts that can drastically improve their overall security posture.
Palo Alto Networks Prisma SASE is the industry’s most complete SASE solution, spanning internet, public cloud, SaaS and data center to protect access from branch locations, homes and mobile devices. Our SASE solution converges network security, delivered by Prisma Access, Prisma SD-WAN and Autonomous Digital Experience Management into a single cloud-delivered service, reducing network and security complexity while increasing organizational agility. Wipro helps organizations around the globe plan, implement and operate this SASE solution. Wipro’s deep domain expertise across network and security ensures minimal impact transformation, closed loop AI/ML-driven automation and cost optimization to reduce total cost of ownership. Together, Palo Alto Networks and Wipro have your organization’s SASE needs covered.
To learn more about Prisma Access and ZTNA 2.0, watch the ZTNA 2.0 Launch Event on-demand.