* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Points of View](https://www.paloaltonetworks.com.au/blog/category/points-of-view/)
* ZTNA 1.0 Has an App Probl...

# ZTNA 1.0 Has an App Problem --- It Can't Secure All Apps

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2022%2F06%2Fztna-1-0-cant-secure-all-apps%2F)  
[](https://twitter.com/share?text=ZTNA+1.0+Has+an+App+Problem+%E2%80%94+It+Can%E2%80%99t+Secure+All+Apps&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2022%2F06%2Fztna-1-0-cant-secure-all-apps%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2022%2F06%2Fztna-1-0-cant-secure-all-apps%2F&title=ZTNA+1.0+Has+an+App+Problem+%E2%80%94+It+Can%E2%80%99t+Secure+All+Apps&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2022/06/ztna-1-0-cant-secure-all-apps/&ts=markdown)  
\[\](mailto:?subject=ZTNA 1.0 Has an App Problem — It Can’t Secure All Apps)  
Link copied  
By [Kumar Ramachandran](https://www.paloaltonetworks.com/blog/author/kumar-ramachandran/?ts=markdown "Posts by Kumar Ramachandran")  
Jun 15, 2022  
3 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Application Security](https://www.paloaltonetworks.com/blog/tag/application-security/?ts=markdown)  
[ZTNA 2.0](https://www.paloaltonetworks.com/blog/tag/ztna-2-0/?ts=markdown)  
[ZTNA Straight Talk](https://www.paloaltonetworks.com/blog/tag/ztna-straight-talk/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com.au/blog/2022/06/ztna-1-0-cant-secure-all-apps/?lang=ja "Switch to Japanese(日本語)")

### ZTNA 2.0 Protects All Enterprise Applications, Including Private Apps, Cloud Apps and SaaS

*This is the final post of "* [*ZTNA Straight Talk,*](https://www.paloaltonetworks.com/blog/tag/ztna-straight-talk/)*" a 5-part series where we take a closer look at the five tenets of ZTNA 2.0, the new standard for securing access.*

It's no secret that the modern workforce relies on a plethora of applications to conduct practically all of their work. From video conferencing to document collaboration, instant messaging and CRM, the list goes on and on. Regardless of where these apps are hosted, workers require seamless, high-performance access to all of them.

Security practitioners are tasked with keeping users, assets, apps and data safe. The promise of [Zero Trust Network Access](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna) (ZTNA) -- providing access for a user to an application rather than broad access to a network -- is supposed to help alleviate the challenges of achieving this. However, as we discussed previously, the implementation of ZTNA 1.0 has fundamental flaws. In addition to those mentioned previously, ZTNA 1.0 fails to enable consistent security because it only works with a subset of applications that the enterprise relies on.

## ZTNA 1.0 Is Unable to Secure All Apps

The vision of consistent, fine-grained access to all applications can't be achieved with ZTNA 1.0. That's because ZTNA 1.0 solutions don't secure all apps. They don't support cloud-based apps or other apps that use dynamic ports or server-initiated applications -- like support help desk apps that employ server-initiated connections to remote devices. ZTNA 1.0 solutions don't support SaaS apps, either.

Modern, cloud-native apps are often comprised of many containers of microservices, often using dynamic IP addresses and port numbers. Implementing ZTNA 1.0 for this type of application is a recipe for disaster. ZTNA 1.0 becomes completely ineffective for these sorts of app constructs because it provides access to a broad range of IPs and ports, exposing the organization to additional risk and defeating the point of Zero Trust.

As more and more organizations continue on their cloud journey and run their businesses on cloud-native applications, ZTNA 1.0 will become obsolete.

## ZTNA 2.0 Provides Consistent Security for All Apps

While legacy ZTNA solutions only address a fraction of enterprise apps, [ZTNA 2.0](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-2-0) will secure all apps, regardless of where they're hosted. It can be a modern cloud-native microservices-based application that doesn't get restricted by IPs and ports, a SaaS app, a traditional private app or legacy app.

ZTNA 2.0, delivered by [Prisma Access](https://www.paloaltonetworks.com/sase/access), provides superior security while delivering uncompromised performance and exceptional user experiences, all from a single unified approach. It is purpose-built on a truly [cloud-native architecture](https://www.paloaltonetworks.com/blog/sase/elevating-sase-availability-with-multi-cloud-redundancy-on-prisma-access/) to secure today's digital enterprises at cloud scale, providing uncompromised performance backed by leading SLAs that deliver exceptional user experience. Being completely software-based and hardware neutral, auto-scaling allows Prisma Access to keep up with changing hybrid workforce and evolving business demands without requiring manual interactions or processes.

## ZTNA 2.0 Is Zero Trust with Zero Exceptions

Pursuing a true Zero Trust posture is a journey, and providing consistent security and control across all apps, regardless of where they are hosted or accessed from is an important step. That's why securing all apps used in the enterprise, including modern apps and SaaS, is a core pillar of ZTNA 2.0.

Watch our special [launch event](https://start.paloaltonetworks.com/zero-trust-with-zero-exceptions) where we discuss innovations and best practices for securing the hybrid workforce with ZTNA 2.0 and Prisma Access.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Why ZTNA 1.0's Allow-and-Ignore Model Is a Recipe for Disaster](https://www.paloaltonetworks.com.au/blog/2022/05/allow-and-ignore-model-is-a-recipe-for-disaster/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### How ZTNA 1.0 Violates the Principle of Least Privilege](https://www.paloaltonetworks.com.au/blog/2022/05/ztna-1-0-violates-principle-of-least-privilege/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown)

[#### Why Wipro Believes ZTNA 2.0 Is an Important Step in Your SASE Journey](https://www.paloaltonetworks.com.au/blog/2022/07/ztna-2-0-is-an-important-step-in-your-sase-journey/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Demystifying ZTNA 2.0 with Deloitte](https://www.paloaltonetworks.com.au/blog/2022/06/zero-trust-is-essential-in-a-post-pandemic-world/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Consistent Data Protection Requires a New Approach to Securing Access](https://www.paloaltonetworks.com.au/blog/2022/06/consistent-data-protection-requires-a-new-approach/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### ZTNA 1.0's Security Inspection Problem](https://www.paloaltonetworks.com.au/blog/2022/06/security-inspection-problem/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language