Zero Trust Network Access (ZTNA) can be defined as a framework where all users must have continuous authentication, authorisation and validation prior to data and application access. But today we require increased network security-have you heard of Zero Trust Network Access 2.0?
As remote and hybrid working models have bought about major shifts in organisational requirements for more robust network and security frameworks - the attack surface has drastically increased to account for app and user accessibility 'everywhere and anywhere', and Palo Alto Networks has found that 'ZTNA 1.0 solutions only solve some of the problems associated with direct-to-app access'.
Here's why ZTNA 1.0 is no longer effective in todays threat landscape
According to Palo Alto Networks, ZTNA 1.0 is no longer capable of fully protecting an organisations users, apps and data due to the security challenges arising from hybrid and remote working.
Below we examine the shortcomings of ZTNA 1.0 as described by Palo Alto Networks:
-
Violates the principle of least privilege: As ZTNA 1.0 identifies apps based on network constructs such as IP address (or FQDN) and port number, it presents the following issues:
-
The surface area for an attack is broadened for cyber attackers if an application utilises dynamic ports or IP addresses as it increases the range of ports and IPs granted access.
-
Access can only be granted for entire applications rather than 'sub-app level or app function level'.
-
Provides malware the opportunity to laterally spread and communicate freely if it travels on access granted port numbers and IP addresses.
-
No security inspection: As ZTNA 1.0 identifies apps based on network constructs such as IP address (or FQDN) and port number.
-
Doesn't protect data: A lack of data control and limited visibility prevents the solution from detecting and exposing data exfiltration.
-
Can't secure all apps: Doesn't support cloud-based apps. SaaS applications are ignored despite representing the majority of enterprise application. ZTNA 1.0 is also unable to fully 'secure microservices-based cloud native apps, apps that use dynamic ports like voice and video apps, or - initiated apps like helpdesk and patching systems.'
ZTNA 1.0 fails to enable consistent security because it only works with a subset of applications that the enterprise relies on.
What makes ZTNA 2.0 the superior security solution?
Unlike its predecessor, Palo Alto Networks believe ZTNA 2.0 is capable of ensuring 'true end-to-end multitenancy' as it provides 'proactive identification of problems, along with the ability to isolate and resolve issues automatically to ensure the best possible experience'.
Palo Alto Networks strongly advocates for the ZTNA 2.0 solution believe that the single unified approach is more than capable when it comes to adapting to the ever-changing hybrid workforce as its nature being 'software-based and hardware neutral' eliminates the needs for 'manual interactions or processes.'
*Sourced from Palo Alto Networks, 2022.
If you would like further information visit Enablis' Zero Trust webpage here or click here to get in contact with one of Enablis’ security experts.