By Ben Forster
Many organizations have turned to Zero Trust Network Access (ZTNA) solutions to answer the challenges of providing secure access to data, apps and the network to users from any location. ZTNA can be roughly defined as a set of technologies that provide secure, remote and restricted access to applications. The phrases “just in time, and just enough” and “least privileged access” are often used to describe this technology. However, when evaluating ZTNA providers, it’s important to make sure they don’t implicitly trust users once they’ve connected.
Gartner’s recently released Market Guide for ZTNA, which lists Palo Alto Networks as a representative vendor, highlights the benefits of ZTNA over standalone virtual private networks (VPNs) for providing secure remote access.1 To better understand why this is, you can break ZTNA into three steps.
This last step is where most ZTNA solutions stop: They don’t monitor user activity for threats after they connect. This approach makes two false assumptions. The first is that the credentials used to authenticate were not compromised. The second is you’ve only granted access to the applications the user “needs to use” and that you’re not trusting the user. Of course, that’s not true – you’re still trusting them with that application!
As organizations look for solutions to help them apply ZTNA capabilities, it is important to look for solutions that offer a better approach to trust – solutions that can be part of a true Zero Trust strategy. This means seeking out solutions that not only authenticate before a user is given access but continue to do so throughout the user’s entire session connected to the network.
Prisma Access is Palo Alto Networks solution for ZTNA, delivering on the core tenets of limiting user access to only the applications they should have access to, while simultaneously preventing data exfiltration or threats from compromised endpoints. Prisma Access enables organizations to do the following:
When employing ZTNA, organizations need to fully commit to embracing the Zero Trust concept of explicit identity-based trust. Secure remote access buttressed by identity or role-based authentication is important, but it’s only part of truly effective ZTNA. Staying true to the philosophy of Zero Trust requires monitoring user activity for threats even after a user connects to privileged resources. Read Gartner’s Market Guide for Zero Trust Network Access report to learn more.
1 Gartner, “Market Guide for Zero Trust Network Access,” Steve Riley, Neil MacDonald, Lawrence Orans, June 8, 2020.