Palo Alto Networks, a cybersecurity provider, has urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.
“This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important,” said Nir Zuk, Founder and Chief Technology Officer, Palo Alto Networks.
“Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short,” adds Zuk.
For modern organizations where hybrid work and distributed applications are the norm, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can’t control access to sub-applications or particular functions. Additionally, there is no monitoring of changes in user, application or device behavior, and it can’t detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data.
In a new report, John Grady, ESG senior analyst said, “First-generation/ZTNA 1.0 solutions fall short in many ways on delivering on the promise of true zero trust. In fact, they grant more access than is desired. What’s more, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a handy exploit route for sophisticated threats and/or malicious actions and behavior.”
Grady also said, “It is time to embrace a new approach to ZTNA, one that has been designed from the ground up to meet the specific challenges of modern applications, threats, and a hybrid workforce.”
“Securing today’s hybrid workforce, with an increase in cloud and mobile technologies and evolving requirements, can be complicated,” said Jerry Chapman, Engineering Fellow, Optiv.
Chapman also adds, “Rethinking Zero Trust is essential for modern, hybrid organizations to prevent threats. Together with Palo Alto Networks, we’re advising our customers to incorporate ZTNA 2.0 principles like continuous review of identity and connection across their domains to stay secure.”