NTT and Palo Alto Networks — Optimal Workforce Security

This post is also available in: 日本語 (Japanese)

This blog is part of “ZTNA Partners,” a series where we take a closer look at how our partnerships protect today's hybrid workforces and environments with ZTNA 2.0.

Organizations have scaled up their remote workforces over the past two years. They did not, however, ramp up the appropriate governance and security procedures at the same rate. This has left many organizations vulnerable and exposed to an increase in cyberthreats, sophisticated malware and ransomware attacks, which endanger their workforce security. The NTT 2021 Global Workplace Report found that 79.3% of organizations find it more difficult to spot IT security or business risks brought about by employees when they are working remotely. And, 54.7% said they’ve had to completely rethink their IT security to accommodate new, hybrid ways of working.

Remote work has also created an increased appetite for web and software-as-a-service (SaaS)/cloud-based applications, which subsequently also magnified web and application attacks. At the same time, the increased use of client portals, mobile and web-enabled applications, as well as bring-your-own-device (BYOD), has dramatically expanded the attack surface. The NTT 2021 Global Threat Intelligence Report found that application-specific attacks accounted for 35% of all attacks, and web-application attacks accounted for 32%, resulting in a combined total of 67% of attacks, up from 55% in 2019.

In response to these trends, legacy technology struggles to meet the demands of businesses and remote workers as digital transformation, hybrid workplace and hybrid cloud transformation continue to evolve. So, what is the next step when legacy technology is no longer enough?

Protect Your Business Without Sacrificing User Experience

When working from home became the rule rather than the exception, organizations faced immediate challenges – physically building security, lack of home network visibility for troubleshooting issues, local network authentication issues, and no understanding of the experience of working from home. On-premises security infrastructure, such as VPNs, was built as a quick and easy solution for occasional use. But suddenly, it was overwhelmed with traffic from persistent use, impacting user experience and productivity. In addition, it didn’t provide comprehensive security to enable a granular and adaptive Zero Trust mentality. Nor did it consider the challenging requirements of the mobile worker connecting remotely or even trying to be productive while in transit. As a result, user experience and productivity suffered, and security was compromised. The typical response was to use a number of point solutions that cover some, but not all, security situations. Each tool has its own access control policies and security inspection controls, creating a nightmare for network administrators and frustration for users.

Putting in place a Secure Access Service Edge (SASE) is a safer means of securing digital applications and data used by remote workers anywhere they work. SASE is the convergence of wide area networking (WAN) and network security services, such as Cloud Access Security Broker (CASB), Firewall-as-a-Service (FwaaS) and Zero Trust Network Access (ZTNA), into a single, cloud-delivered service model. The goal of SASE is to ensure that users can access the resources they need, consistently, securely and with minimal friction.

SASE should also take advantage of advanced automation solutions to anticipate problems and take corrective actions to improve user experience without IT intervention. For example, artificial intelligence for IT operations (AIOps) leverages machine learning (ML) and analytics to deliver proactive and actionable insights to automate IT operations. This harnesses big data to detect and respond to issues instantaneously. Another integral part of SASE – autonomous digital experience management (ADEM) – provides SASE-native digital-experience monitoring and complete visibility to autonomously remediate user connectivity issues before or when they happen. ADEM can even provide users with guided remediation, so they can resolve application performance issues on their own. Adopting a proactive approach for observability and experience management drives intelligent insights to best support the users and determine how applications need to function.

Central to SASE is a Zero Trust model that enforces policies based on user contexts, such as identity, their device and applications in real time. A modern Zero Trust approach enables organizations to securely connect all users to the applications they require, regardless of where they access them from or which device they use, while significantly reducing risk. It offers a single, cloud-native product that safely secures the hybrid workforces and enterprises by combining best-in-class security capabilities. It optimizes the user experience with dynamic scalability and ensures optimal end-user performance. Only the latest generation of ZTNA, which we now call ZTNA 2.0, fulfills the five key principles of Zero Trust:

1. Least-Privileged Access – Enable precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.
2. Continuous Trust Verification – After access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior and application behavior.
3. Continuous Security Inspection – Deep and ongoing inspection of all application traffic is used, even for allowed connections, to help neutralize credential theft, abuse and even zero-day threats.
4. Protection of All Data – Consistent control of data across all private and SaaS applications is provided with a single data loss prevention (DLP) policy.
5. Security for All Applications – Consistent security is used for all types of applications across the enterprise, including modern cloud-native applications, legacy private applications and SaaS applications.

NTT and Palo Alto Networks: Zero Trust with Zero Friction

Palo Alto Networks has collaborated with NTT to tackle the challenges customers face today, including digital transformation, hybrid cloud transformation and, of course, the new hybrid workplace. The Palo Alto Networks product portfolio, combined with NTT’s secured-by-design approach, protects critical data assets with industry-leading technology, expert resources and intelligence by offering comprehensive, automated security solutions for HQ, branch and mobile worker demands.

Together, we've created a secure access ecosystem and modern network and security operations solution that delivers comprehensive and automated solutions aligned to your business objectives anywhere, anytime, without forcing network administrators to choose between security or performance.

Hybrid work has huge implications for network and security design. We’re no longer in a primarily perimeter-based world, where the majority of apps and data take place behind a firewall, but one that’s predominated by the Zero Trust model, which offers protection beyond the corporate network. As a result, networking and security can’t be separate discussions. Networks and connectivity services need to be resilient, secure and easy to use by design. Together, Palo Alto Networks and NTT bring our shared customers the intelligence, technology and experience they need to ensure workforce security for today and for the future.

To learn more about SASE and ZTNA 2.0, watch the SASE Converge 2022 Event on-demand.

For more information on ADEM and AIOps, please check out our webinar discussion with NTT’s Rob Mello and Jason Georgi from Palo Alto Networks.