Consistent Data Protection Requires a New Approach to Securing Access

In today’s Information Age, data is gold. Modern enterprises are responsible for protecting the sensitive information of customers and employees, business secrets, and their intellectual property from accidental leakage or theft in a security climate where breaches are increasingly prevalent.

The pandemic brought about a dramatic shift to hybrid work, requiring employees to access sensitive data from anywhere. And the explosion of SaaS apps means that the data lives virtually everywhere. Combined, these factors dramatically increase the attack surface. How is it possible to secure data consistently under these circumstances?

Organizations look to ZTNA as the new way to securely connect their hybrid workforce with the applications and data they need. However, earlier ZTNA versions – ZTNA 1.0 – don’t always take data protection into account.

I previously highlighted some of the deficiencies in ZTNA 1.0 approaches, such as violating the principle of least privilege and following an “allow and ignore” model, both of which are fundamental flaws that expose organizations to increased risks. Another key area of deficiency is a lack of consistent and robust data protection for all enterprise apps. And, just like allow and ignore, lacking consistent data protection for any app is a recipe for disaster.

ZTNA 1.0 Lacks Data Protection

ZTNA 1.0 solutions don’t provide data protection, especially the data within private applications. Our application traffic is a mix of private cloud, public cloud, internet and SaaS, not just internet and SaaS. ZTNA 1.0 solutions completely lack visibility into data exfiltration or loss, thus providing no data protection for any private apps. This leaves most of the organization’s app traffic (especially the custom-built private apps) vulnerable to data exfiltration from malicious insiders or external attackers and requires completely different data loss prevention (DLP) solutions to protect sensitive data in SaaS applications. This introduces more complexity and risk as it requires organizations to use multiple point products to secure data everywhere.

With ZTNA 1.0 approaches, you have to manually create different policies on different screens, each with a different list of controls. You also have to manually reconcile these policies to express security intent with any degree of certainty and auditability. This is impossible to achieve for anything more than a handful of apps, which inevitably leads to over-privileged access and policy gaps. This in turn, leads to breaches.

ZTNA 2.0 Ensures Consistent Data Protection Across the Enterprise

ZTNA 2.0, delivered by Prisma Access, offers consistent, comprehensive data visibility and control across all apps used in the enterprise, including private apps and SaaS, with a single DLP policy. Instead of just focusing on a subset of enterprise apps, Prisma Access was purpose-built to secure all app traffic and data across all ports and protocols, from a single, unified solution. This means the same robust data protections that govern SaaS applications can also be applied to any app, even legacy premises-based applications in private data centers, and be managed all from a single policy.

Your hybrid workforce needs access to SaaS and private apps, and the internet-at-large to get work done. Providing data protection for a just portion of those apps leaves organizations and their data ripe for exploitation and exfiltration. ZTNA 2.0 with Prisma Access incorporates the industry’s most comprehensive cloud-delivered enterprise DLP, powered by machine learning to accurately protect sensitive data in real-time, across all applications.

ZTNA 2.0 Is Zero Trust with Zero Exceptions

Pursuing a true Zero Trust posture is a journey, and protecting data consistently, regardless of where it’s located or accessed from, is an important step. That’s why consistent control of data across all apps used in the enterprise, including private apps and SaaS, is a core pillar of ZTNA 2.0.

Be sure to watch our ZTNA 2.0 virtual event, where we discuss innovations and best practices for securing the hybrid workforce with ZTNA 2.0.

Kumar Ramachandran serves as Senior Vice President of Products for Secure Access Service Edge (SASE) products at Palo Alto Networks. Kumar co-founded CloudGenix in March 2013 and was its CEO, establishing the SD-WAN category. Prior to founding CloudGenix, Kumar held leadership roles in Product Management and Marketing for the multi-billion dollar branch routing and WAN optimization businesses at Cisco. Prior to Cisco, he managed applications and infrastructure for companies such as Citibank and Providian Financial. Kumar holds an MBA from UC Berkeley Haas School of Business and a Master's in Computer Science from the University of Bombay.