ZTNA 1.0 Has an App Problem –

ZTNA 1.0 Has an App Problem –

It’s no secret that the modern workforce relies on a plethora of applications to conduct practically all of their work. From video conferencing to document collaboration, instant messaging, and CRM, the list goes on and on. Regardless of where these apps are hosted, workers require seamless, high-performance access to all of them.

Security practitioners are tasked with keeping users, assets, apps, and data safe. The promise of Zero Trust Network Access (ZTNA) – providing access for a user to an application rather than broad access to a network – is supposed to help alleviate the challenges of achieving this. However, as I discussed previously, the implementation of ZTNA 1.0 has fundamental flaws. In addition to those mentioned previously, ZTNA 1.0 fails to enable consistent security because it only works with a subset of applications that the enterprise relies on.

ZTNA 1.0 Is Unable to Secure All Apps

The vision of consistent, fine-grained access to all applications can’t be achieved with ZTNA 1.0. That’s because ZTNA 1.0 solutions don’t secure all apps. They don’t support cloud-based apps or other apps that use dynamic ports or server-initiated applications – like support help desk apps that employ server-initiated connections to remote devices. ZTNA 1.0 solutions don’t support SaaS apps, either.

Modern, cloud-native apps are often comprised of many containers of microservices, often using dynamic IP addresses and port numbers. Implementing ZTNA 1.0 for this type of application is a recipe for disaster. ZTNA 1.0 becomes completely ineffective for these sorts of app constructs because it provides access to a broad range of IPs and ports, exposing the organization to additional risk and defeating the point of Zero Trust.

As more and more organizations continue on their cloud journey and run their businesses on cloud-native applications, ZTNA 1.0 will become obsolete.

ZTNA 2.0 Provides Consistent Security for All Apps


While legacy ZTNA solutions only address a fraction of enterprise apps, ZTNA 2.0 will secure all apps, regardless of where they’re hosted. It can be a modern cloud-native microservices-based application that doesn’t get restricted by IPs and ports, a SaaS app, a traditional private app or legacy app.

ZTNA 2.0, delivered by Prisma Access, provides superior security while delivering uncompromised performance and exceptional user experiences, all from a single unified approach. It is purpose-built on a truly cloud-native architecture to secure today’s digital enterprises at cloud scale, providing uncompromised performance backed by leading SLAs that deliver exceptional user experience. Being completely software-based and hardware neutral, auto-scaling allows Prisma Access to keep up with changing hybrid workforce and evolving business demands without requiring manual interactions or processes.

ZTNA 2.0 Is Zero Trust with Zero Exceptions

Pursuing a true Zero Trust posture is a journey, and providing consistent security and control across all apps, regardless of where they are hosted or accessed from, is an important step. That’s why securing all apps used in the enterprise, including modern apps and SaaS, is a core pillar of ZTNA 2.0.

To learn more about how you can protect your organization with ZTNA 2.0, be sure to watch our ZTNA 2.0 virtual event, where we discuss innovations and best practices for securing the hybrid workforce.


Kumar Ramachandran serves as Senior Vice President of Products for Secure Access Service Edge (SASE) products at Palo Alto Networks. Kumar co-founded CloudGenix in March 2013 and was its CEO, establishing the SD-WAN category. Prior to founding CloudGenix, Kumar held leadership roles in Product Management and Marketing for the multi-billion dollar branch routing and WAN optimization businesses at Cisco. Prior to Cisco, he managed applications and infrastructure for companies such as Citibank and Providian Financial. Kumar holds an MBA from UC Berkeley Haas School of Business and a Master’s in Computer Science from the University of Bombay.

Read More