Check out all the on-demand sessions from the Intelligent Security Summit here.
Citing the security, scale and speed advantages of deploying zero-trust network access 2.0 (ZTNA) in multicloud environments, Palo Alto Networks’ Ignite ’22 keynotes and breakouts claim the new standard is gaining momentum.
“All of the intelligence that goes behind zero trust is actually in the cloud, which means that once you operationalize us (Palo Alto Networks) in one place or one form factor, the next one is really easy,” Lee Klarich, chief product officer for Palo Alto Networks, said during his keynote “Out-Innovating the Attackers” at Ignite ’22 last week.
ZTNA 2.0 is a new industry standard proposed by Palo Alto Networks earlier this year, based on their belief that the existing zero-trust standard is too trusting, allowing for implicit trust gaps to happen on persistent connections.
Security leaders who are advocates of ZTNA 2.0 say there needs to be more stringent enforcement of least-privileged access from the third to the seventh layer of the OSI Model. Advocates point to the lack of real-time trust verification across the upper layers of the model.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
With more than 61,000 active firewall customers according to their Q1, FY 2023 quarterly results presentation, Palo Alto Networks is ideally positioned to promote a new zero-trust standard that capitalizes on continuous monitoring and their expertise in analyzing real-time network traffic.
Level-setting expectations on ZTNA 2.0
It’s important to keep the broader strategic initiatives of an organization in mind when assessing ZTNA, ZTNA 2.0, and zero trust in general. Zero-trust frameworks are most effective when they support, strengthen and protect new digital business initiatives and secure virtual organizations. Investing in cybersecurity and zero trust is a business decision integral to the future growth of any organization. Getting it right means tailoring zero trust to a business’s unique security and risk management needs.
VentureBeat spoke with several IT leaders at Ignite ‘22 who said they have implemented Palo Alto Networks’ Prisma Cloud and are pursuing ZTNA 2.0 report progress. Most of them deal with multicloud and hybrid cloud infrastructure challenges that the combination of Prisma Cloud and ZTNA 2.0 help solve.
None, however, consider ZTNA 2.0 the one-and-done solution to their zero-trust framework objectives. Rather, they need Prisma Cloud and ZTNA 2.0 to solve complex multicloud and hybrid cloud security challenges that demand scale and speed.
SASE, multicloud deployments help ZTNA 2.0 adoption
Palo Alto Networks contends that ZTNA 2.0 also allows users access to network sources from anywhere via secured access service edge (SASE), simplifies the need for traditional network perimeter controls, and that cloud-based deployment helps speed up implementation times. The company also claims that ZTNA 2.0 is better suited for integrating with identity access management (IAM), privileged access management (PAM), multifactor authentication (MFA), and other security technologies all on a single platform.
That’s consistent with one of the key messages to customers at Ignite ’22: That Palo Alto Networks needs to be their vendor partner for consolidating their tech stacks.
Palo Alto Networks also contends that its cloud platform approach to ZTNA 2.0 simplifies zero trust by providing consistent least privileged access and continuous monitoring across every identity and endpoint, or as Klarich said in his keynote, form factors.
“So when you think about this approach, what it means is you get the same security outcomes,” said Klarich. “You get consistent security operations and management. It’s optimizing the end-user experience because the users get the same experience, no matter where they’re working from, which, of course, is even more important today than ever before.”
Klarich also explained in his keynote how zero-trust cloud architecture combines the company’s third and fourth generation hardware architecture advances to provide performance gains continually. Palo Alto Networks sees ZTNA 2.0 as more than a framework; it’s their ecosystem for future growth where their hardware, software and cloud advances combine to deliver greater value than each component sold alone.
Why ZTNA 2.0 is gaining multicloud momentum
The most common reason that customers say they adopt ZTNA 2.0 is to gain greater visibility and control across multiple hyperscalers and cloud platforms while ensuring a consistent security policy and security posture. The Palo Alto customers that VentureBeat interviewed at Ignite ’22 said their organizations adopted zero trust to improve compliance and risk management, increase process agility, and consolidate their legacy tech stacks.
Interviews and surveys validate that getting integration right with ZTNA 2.0 is challenging, as is the process of implementing it as a framework across large-scale, distributed organizations. CISOs that VentureBeat spoke with at Ignite ’22 say it can be challenging to build an entire zero-trust framework with just one vendor, especially regarding endpoint security.
As David Holmes, Forrester senior analyst, writes in The Forrester New Wave: Zero Trust Network Access, Q3 2021, Palo Alto Networks “still needs to improve endpoint offering, including mobile. Customers say the mobile experience Prisma Access still needs improvement, and they report some technical challenges with the endpoint software for desktops and laptops.”
Integration using APIs is one of the most challenging aspects of implementing ZTNA 2.0 based on customer interviews at Ignite ’22.
What customers are saying about Prism Cloud and ZTNA 2.0
Overall, customers that VentureBeat spoke with are optimistic about their experiences with Prisma Cloud and ZTNA 2.0. One IT director told VentureBeat that overcoming the challenges of integrating Prisma Cloud with other apps and tools in the security tech stack was the most challenging piece. However, SASE was also core to their ZTNA 2.0 strategy, and the implementation of that across remote offices went smoothly.
Other IT leaders told VentureBeat that Prisma Cloud is automating the millions of security updates per day compared to relying on patch prep and deployment automation. This alleviates the need to maintain the infrastructure with time-consuming processes and manual procedures.
One CISO that VentureBeat spoke with says the subscription model for Prisma Access can be challenging, and it’s best to get help if you’re a first-time customer trying to figure it out. She also advised that IT leaders be careful troubleshooting Prisma Access because it’s easy to accidentally create a service interruption. Also, the CISO said, Okta integration could be challenging, and Border Gateway Protocol (BGP) queries have been known to bog down if API integrations aren’t optimized.
The bottom line is that Palo Alto Networks is succeeding with its consolidation strategy of selling ZTNA 2.0 within its customer base, emphasizing the security, scale and speed of Prisma Cloud as the deployment strategy.
CISOs and IT directors are after more granular access policies that can be customized to fit the needs of specific users, groups and devices, giving them greater control over who can access what resources. They’re also after simplified access, improved usability, and more effective compliance reporting across their multicloud infrastructure.