What is ZTNA? The Origins of Zero Trust
Zero Trust is a cyber security framework that operates by eliminating the assumption of trust within an organisation’s network architecture. Instead, authentication is required before anything (be that users, devices, or applications) is granted access.
While the concept began to gather momentum among security leaders in the mid-2000s, the term Zero Trust was popularised in 2010 by Forrester researcher John Kindervag. ZTNA (Zero Trust Network Access) considers this “never trust, always verify” model specifically in the context of network access, focusing on secure network practices.
From ZTNA 1.0 to ZTNA 2.0
In recent years legacy ZTNA – or ZTNA 1.0 – network security tools have become outdated following the unprecedented growth of remote work and cloud-app and SaaS reliance. With limited coverage across applications, difficulties in scaling, and a lack of continual reassessment, ZTNA 1.0 tools are increasingly unable to maintain continuous security for contemporary businesses.
Worse still, newer, more sophisticated attacks, lodged by threat actors aware of the modern worker’s habits and requirements, are increasingly able to exploit these tools.
As a result, ZTNA 2.0 has emerged as the best path forward, considering “work” as an activity performed, rather than a location. Coined by Palo Alto Networks, the ZTNA 2.0 framework is purpose-built for organisations reliant on any number of cloud-based tools, overcoming the limitations of legacy ZTNA 1.0 solutions by providing comprehensive security for businesses with remote or hybrid workforces.
How is ZTNA 2.0 Delivered?
Where ZTNA 1.0 tools rely on a benchmarked picture of what is, and is not trustworthy, newer ZTNA 2.0 tools such as SASE solutions appreciate that threats and risk factors are constantly shifting and should be continually assessed to maintain security. ZTNA 2.0 incorporates continuous security inspection and verification of trust, even across existing allowed connections, taking into consideration the ever-changing configuration and security risk of the unmanaged SaaS and cloud applications utilised by businesses today.
Five Benefits of ZTNA 2.0
Continuous Security Inspection
Within ZTNA 2.0 security inspection is a continuous process. All traffic, including permitted connections, is subject to ongoing inspection to identify threats as soon as they appear. This includes zero-day attacks. This approach to network security appreciates that that which was once secure, may not always remain so. In the case of credential theft or phishing attacks, continuous inspection is essential for flagging suspect behaviour, rather than users.
Continuous Trust Verification
Rather than rely on a single verification of trust, ZTNA 2.0 tools continually re-verify trusted access to identify changes in device posture, and user or app behaviour that would otherwise go unnoticed within the ZTNA 1.0 framework. Should suspicious or malicious behaviour be detected, access can be revoked in real time.
Genuine Least-Privileged Access
Layer 7 is utilised to identify applications to provide precise and reliable access control at both app and sub-app levels without reliance on network constructs such as port numbers and IP addresses. This ensures true least-privileged access to your environment.
Security for All Data
Wherever your data is processed and stored, be it in private apps or SaaS, with ZTNA 2.0 consistent control can be leveraged with a single DLP policy to ensure complete coverage and limited strain on security teams, who needn’t manually extend their data protection provision with every new app adopted by the business.
Security for All Apps
ZTNA 2.0 provides consistent security for all applications used across the entire business environment, including modern cloud-native apps, SaaS apps, legacy private apps, those that use dynamic ports and those that utilise sever-initiated connections. This comprehensive coverage ensures that no matter the applications required by your users (currently, or in the future) you can be assured that your security coverage will apply and scale as necessary.
