ZTNA That Actually Works for All Applications, Everywhere

Sep 23, 2021
4 minutes
... views

This is part 3 of a 3-part series where we take a closer look at the ZTNA-related strengths of Prisma Access as cited in the recent Forrester New Wave™: Zero Trust Network Access, Q3 2021 report. If you missed the beginning of the series, check out part 1 for an introduction to the report and part 2 for a look at the three ZTNA superpowers of Prisma Access.

Organizations’ IT infrastructures are complex. They have apps dispersed across private and public clouds, and many of their apps are non-web based. But the role-based, granular access component of ZTNA doesn’t mean much if your users can’t access applications wherever they are and however they’re deployed - whether the applications live on the web or in on-premises data centers.

In the recently released report, The Forrester New Wave™: Zero Trust Network Access, Q3 2021, Forrester includes two important criteria for choosing ZTNA vendors deployment flexibility and security for both web-based and non-web applications.

Web-based applications are straightforward. They’re the mainstay of most organizations' cloud infrastructure, whether private or public, and accessed via web browser. They include many of the familiar email exchanges like Gmail and Microsoft Outlook Web Access, as well as the browser-based versions of many collaboration tools like Slack and Zoom.

Non-web based applications are tricky, and they don’t have the same access restrictions. These applications often include proprietary software running on corporate servers and can use proprietary protocols. For some environments, this includes corporate database systems, customer and inventory systems (like mainframes), remote access protocols like RDP and SSH, virtual desktop infrastructure (VDI), and communication tools using SIP/VoIP.

The challenge with non-web applications is that many software-defined, perimeter-based ZTNA solutions don’t support access for these systems at all and require customers to retain a parallel VPN solution to provide secure remote access. For many ZTNA solutions that do provide secure remote access to on-premises applications, they don’t inspect application traffic.

Organizations that can’t implement uniform, role-based security policies to manage access and traffic for both web-based and on-premises applications are effectively undermining the whole intent behind ZTNA. ZTNA solutions that ignore on-premises applications enable these applications to bypass security inspection and create backdoors into their corporate networks.

Organizations want flexible deployment options to meet the demands of today’s complex, hybrid environments, for three main reasons:

  1. Cloud-based ZTNA solutions don’t require adding on-premises or virtual private cloud infrastructure, like virtual machines.
  2. An organization’s business requirements may be better served with a self-hosted or hybrid ZTNA solution.
  3. They may work with contractors or BYOD users who can’t accept endpoint agents and need a clientless access method.

As Forrester notes in their recent report, Prisma Access provides both deployment flexibility and security for both web- and non-web-based applications.

Prisma Access makes it easier for organizations to enable ZTNA with:

  • A combination of deployment options, including self-hosted, SaaS, and via managed service provider (MSP)
  • Client and clientless deployment
  • Over 100 locations worldwide, with private tenants for traffic isolation; industry-leading SLAs for guaranteed availability and performance
  • A single lightweight endpoint client for secure access to any application, anywhere
  • Single pass, parallel processing technology that identifies all users, devices, and applications and scans all content for signs of credential compromise, threats (including zero-day), and data loss
  • Realtime policy recommendations based on observed usage of the product, reducing policy sprawl and potential misconfigurations
  • Comprehensive third party app integration and log forwarding for seamless integration into business process workflows
  • Secure access to all RDP and VDI

Prisma Access can decrypt and inspect all web and non-web traffic regardless of protocol. And with seamless Palo Alto Networks NGFW policy integration, organizations can implement granular, role-based access control wherever their applications are located, extending corporate security policies to all users.

Prisma Access also ensures the best possible user experience, first by automatically determining the optimal path to any app, and then by leveraging fully-integrated autonomous digital experience management (ADEM) for user experience monitoring.

No matter what type of applications are in your environment, Prisma Access enables a comprehensive approach to ZTNA by guaranteeing granular, identity-based and adaptive access control for all users, no matter where the users or apps are located.


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.