SlideShare a Scribd company logo

ztna-2-0-report.pdf

A
Anto664537

ZTNA Report

Internet
1 of 10
Download to read offline
July 2022 ZKResearch A Division of Kerravala Consulting © 2022 ZK Research Influence and insight through social media Prepared by Zeus Kerravala W H I T E PA P E R Hybrid Work Drives the Need for ZTNA 2.0
8 2 INTRODUCTION: HYBRID WORK IS NOW THE NORM The COVID-19 pandemic has had a profound effect on the world. Businesses have compressed into months digitization plans that they had envisioned would take years. Employees who had been tied to one location can now work from anywhere (WFA), and that trend will persist for the foresee- able future. Results from the ZK Research 2022 Work-from-Anywhere Study show that while only 22% of employees regularly worked remotely before the pandemic, 51% will work from home two to three days per week, and another 14% will do so one day per week (Exhibit 1). This indicates that the future of work is hybrid. In addition, many companies don’t expect to have employees back in the office full time ever again. Salesforce’s president and chief people officer, Brent Hyder, told MarketWatch that the company will revamp its offices to eliminate a “sea of desks” and expects that 65% of its 54,000 employees will come into the office only one to three days per week (up from 40% pre-pandemic). Other companies, such as Microsoft and Google, are also embracing the hybrid work trend. ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 2 to 3 days 51% Permanent remote 25% 1 day 14% 4 to 5 days 10% How many days a week do you plan to have employees in the office? Exhibit1:TheFutureofWorkIsHybrid ZK RESEARCH | Report Title Goes Here ZK Research 2022 Work-from-Anywhere Study ABOUT THE AUTHOR Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides tactical advice and strategic guidance to help his clients in both the current business climate and the long term. He delivers research and insight to the following constituents: end-user IT and network managers; vendors of IT hardware, software and services; and members of the financial community looking to invest in the companies that he covers. ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0 8 2
8 3 It’s been well documented in many media publications how hybrid work has changed the way people do their jobs, particularly those who need to collaborate with others. What hasn’t been as widely understood is the impact to corporate IT. Hybrid work has fundamentally changed the technology businesses use and the way it’s deployed. For example: Cloudadoptionacceleratesandthecloudmodelevolves. Clouds are shifting away from a centralized model to a distributed one where workloads and applications can span private clouds, public clouds and edge locations. Cloud services are location-independent, making them ideal for hybrid work. The ZK Research 2022 Work-from-Anywhere Study found that 64% of companies have increased their spend on public clouds, while 58% have boosted their budgets for private clouds. Remoteaccessneedschange. Businesses need to be prepared for scenarios where most users work remotely for an indefinite period. Virtual private networks (VPNs) acted as a “Band- Aid” solution, allowing people to connect remotely. However, because of security issues, such as open network access and performance problems caused by backhauling network traffic, VPNs are not a good long-term solution. Businesses will look to augment connectivity with software-defined wide-area network (SD-WAN) and secure access service edge (SASE) solu- tions to connect and secure remote workers. Exhibit 2 shows the boost SD-WAN will see due to the pandemic. IThaslessdirectcontroloverinfrastructure. A decade ago, corporate IT teams deter- mined what endpoint and apps workers used, where and when resources could be accessed, ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 3.9 6.1 0.6 0 0 5 10 15 20 25 2019 2020 2021 2022 2023 2024 Post-Pandemic Pre-Pandemic SD-WAN Market (in Billions of U.S. Dollars) 7.8 9.5 12.9 16.3 3.5 2.6 1.9 1.2 Exhibit2:SD-WANSpendAccelerates ZK Research 2021 SD-WAN Forecast ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
and how employees connect, and the network was private. Today, control is largely gone as shadow IT has taken over software-as-a-service (SaaS) purchasing, SD-WAN has introduced public broadband and hybrid work has pushed the enterprise edge to the home. IT’s formerly tightly controlled environment has given way to a chaotic, unpredictable one. Of all the domains within IT, it’s arguable that the one most impacted is security. Cyber engineers need to protect a dynamic, distributed and ephemeral attack surface. This has made traditional security constructs necessary but no longer sufficient. VPNs have been the standard for decades, but they lack the performance and security requirements of most workers. Therefore, it’s time for access to evolve to a zero-trust model. However, first-generation zero-trust network access (ZTNA) solutions were basic network access tools with a few features bolted on. Today’s businesses need a paradigm shift in zero trust, or ZTNA 2.0, to secure the modern hybrid workforce. SECTION II: ZTNA 1.0 SOLUTIONS LEAVE COMPANIES OPEN TO BREACHES ZTNA has drawn tremendous interest over the past several years because it improves security by shrinking the attack surface. IP networks were designed with openness in mind, so any connected endpoint can connect with any other. This is why the internet works as seamlessly and as fast as it does. The problem is that once a network is breached, the threat actor has access to every company re- source and can often “hide” in the environment for months, causing significant damage to companies. The thesis behind ZTNA is to shift to a least-privilege model where no endpoint can communicate with any other unless explicitly allowed. This minimizes the attack surface so if a breach occurs, the threat actor will only have access to a few or perhaps no other systems, limiting the “blast radius” of the breach. Although this was the original concept behind ZTNA, first-generation solutions have one or more of the following limitations: Violatetheprincipleofleastprivilege: Least privilege is at the core of ZTNA, but it can’t be achieved with network solutions. Even when vendors claim to understand applications or applica- tion-level access control, most equate applications to network constructs such as IP address, port number and fully qualified domain names (FQNDs). This might seem reasonable, as the internet is built using these constructs, but there are three significant problems: o Theattacksurfaceisnotoptimized. Most applications use dynamic ports and IP addresses. Consequently, ZTNA solutions need to grant access to a wide range of ports and addresses, and this leaves a much broader attack surface exposed than should be necessary. o Accesscanonlyberestrictedattheapplicationlevel.ZTNA 1.0 solutions only have visibility at the application level, meaning they can’t control access to apps. In some cases, it may be beneficial to restrict access to specific functions. To do this, the ZTNA solution would need to control access at the sub-application level. 8 4 Today’s businesses need a paradigm shift in zero trust, or ZTNA 2.0, to secure the modern hybrid workforce. 4 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 8 4 ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
o Theenvironmentissubjecttolateralmalwaremovement. Malware often listens on the same port number and/or IP address that allowed applications do. This lets malware access the environment and then move laterally across the business. Assumetrustonceaccessisgranted:One significant flaw in ZTNA 1.0 solutions is that once access is granted to a user or application, that communication is implicitly trusted in perpetuity with the assumption that the user or app will act in a trustworthy manner. All breaches occur when access is allowed. So, when behavior becomes suspicious, access must be revoked. The “allow and ignore” construct of ZTNA 1.0 cannot prevent this. Lackcontinuoussecurityinspection: ZTNA 1.0 was designed to be an access control mecha- nism, with no ability to detect or prevent malware or lateral movement across connections once a user is allowed app access. This is essentially security through obscurity, which assumes all allowed traffic is free from malware as well as other threats or vulnerabilities. Havenodataprotection: Existing ZTNA solutions have no visibility or control of data. This ex- poses the enterprise to the risk of data exfiltration from attackers or malicious insiders. The latter is often ignored by businesses, but it is a significant source of data loss. The Verizon 2021 Data Breach Investigations Report found that between 2018 and 2020, there was a 47% increase in the frequency of incidents involving insider threats, and those breaches accounted for 22% of all security incidents. Areunabletosecureallapplications: Existing ZTNA solutions can only address the subset of private applications that use static ports. Also, they cannot properly secure microservices-based cloud-native apps or apps that use dynamic ports such as voice and video apps, or server initia- tives apps like help desk and patching systems. Lastly, current ZTNA solutions completely ignore SaaS apps, which now represent most enterprise apps and continue to grow. The ZK Research 2021 Global UC Forecast shows that cloud UC, which includes voice and video, will grow at a 21% CAGR though 2026 (Exhibit 3). This is one of the fastest-growing application segments, and it has exposed a significant hole in ZTNA 1.0. Although the promise of ZTNA has been well understood, 1.0 solutions cannot deliver the neces- sary features to protect the business. Hybrid work has changed the way people work, the applications that workers use and how the environment is accessed. It’s time for ZTNA to evolve. SECTION III: DEFINING ZTNA 2.0 ZTNA 2.0 is a complete rethink of how access is managed. First-generation solutions were up- graded VPN products, but second-generation products are built from the ground up to ensure least 8 5 Although the promise of ZTNA has been well understood, 1.0 solutions cannot deliver the necessary features to protect the business. 5 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
8 6 privilege can be maintained across the extended enterprise, all the time. The following principles are fundamental to ZTNA 2.0: Operatesattheapplicationlayer: ZTNA 2.0 shifts the focus of the technology from the network (Layer 3) to the application (Layer 7), which enables the full potential of zero trust to be unleashed. This ensures granular access control can be applied at the application and even sub-application level independent of network configurations, helping organizations to fully realize the principle of least privilege. If a user moves location or network changes are made, these are transparent to ZTNA, ensuring least privilege is always being maintained. Maintainscontinuoustrustverification: As indicated in the previous section, continuous trust is difficult, if not impossible, to maintain. Once a user is granted access to an application, trust is implied—which can cause breaches to go undetected. ZTNA 2.0 must continually assess trust based on changes in device posture, user behavior and app activity, and then revoke access on anything anomalous. For example, if a user logs in from across the globe only ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 2021 2022 2023 2024 2025 2026 2027 Global UC Market (in Billions of U.S. Dollars) Cloud UC On Premises 5.1 4.7 7.6 8.7 4.5 9.9 4.2 11.2 3.9 13.1 3.7 15.4 3.4 19.2 Exhibit3:CloudCommunicationsGrowswithHybridWork ZK Research 2022 Global UC Forecast ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
minutes after accessing an application locally, that indicates the credentials were stolen. Alterna- tively, if an application starts running on a new port, that likely indicates it was hijacked. Continuouslyinspectssecurity: ZTNA 2.0 solutions should continuously perform deep packet inspection of all traffic, even for connections that have previously been allowed. This can help quickly find and stop both breaches and zero-day threats. Continuous security is the best form of defense when a legitimate user’s credentials are stolen and used to launch attacks against applications or infrastructure. Deliverscomprehensivedataprotection: ZTNA 2.0 offers consistent control of data across every application used in the enterprise, including on-premises applications and SaaS apps—the latter of which are invisible to first-generation ZTNA. This can all be done with a single data loss prevention (DLP) policy, which dramatically simplifies operations. Providescompleteapplicationsecurity: With ZTNA 2.0, all applications across the business are secured, including legacy applications, SaaS applications, private apps and modernized, cloud-native ones. It’s important to note this also includes apps that utilize dynamic ports and ones that leverage server-initiated connections. SECTION IV: PALO ALTO NETWORKS IS A COMPLETE ZTNA 2.0 PROVIDER Silicon Valley–based Palo Alto Networks is the security industry’s market leader, and it has the broadest and deepest product portfolio of all vendors. The company’s Prisma Access product has been a de facto standard for securing and connecting remote workers for years. Palo Alto was one of the early-to-market ZTNA vendors and is a leader in Forrester’s most recent ZTNA New Wave report. Recently, the company introduced the industry’s first ZTNA 2.0 solution on Prisma Access, which is designed to protect the hybrid workforce while providing a great user experience via a simple and unified security product. Although many security vendors offer “cloud” security, most are built on older technology that went through a “lift and shift.” Palo Alto offers a fully modernized, cloud-native set of security services that include secure web gateway (SWG), next-generation cloud access secu- rity broker (NG-CASB), firewall as a service (FWaaS) and DLP in a cloud-native global services edge. Prisma Access has a common policy framework that enables single-pane-of-glass management, which is ideally suited to secure today’s hybrid workforce without compromising performance. Palo Alto’s Prisma Access meets the criteria outlined in Section III in the following ways: Ensuresleastprivilegeaccess: Prisma Access operates at Layers 3 to 7 of the Open Systems Interconnection (OSI) stack, spanning from the network through applications. Palo Alto uses pat- 8 7 ZTNA 2.0 offers consistent control of data across every application used in the enterprise. 7 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
ented App-ID technology to accurately control access at the app and the sub-app level, which includes the ability to control specific functions such as upload/download. Deliverscontinuoustrustverification: Palo Alto’s solution constantly assesses trust and verifi- cation through the following three patented processes: o User-ID provides deep visibility into users and continuously monitors user behavior for suspicious activity. o Device-ID offers visibility into the posture of devices, giving the ability to revoke access if a device falls out of compliance with company policy. o App-ID ensures traffic running over specific ports consists of the appropriate applications. For example, traffic flowing over Port 443 is secure web. Providescontinuoussecurityinspection: Prisma Access has a machine learning (ML)–pow- ered engine to stop 95% of threats inline without using signatures. The ML-powered capabilities combined with Palo Alto’s cloud security services block more than 224 billion threats per day for customers. For the threats that cannot be stopped with inline protection, Prisma Access uses single-pass traffic processing for other cloud-delivered security services, including the following: o ThreatPrevention prevents exploits, command-and-control, and other network attacks across all apps and protocols. o WildFire is a massive malware analysis ecosystem that provides fast signature delivery. o AdvancedURLFiltering is web security that prevents 24% more phishing than all other vendors. o DNSSecurity thwarts all major Domain Name System (DNS)–layer attack types. Protectsalldata: Unlike ZTNA 1.0 solutions, which have no visibility into data exfiltration or loss, Prisma Access supports Palo Alto’s enterprise DLP, which provides consistent visibility of data access across the enterprise. From a single management console, customers can apply consistent DLP to all data—whether it is stored in on-premises legacy apps, public cloud apps or SaaS—all with a single policy. Securesallapplications: Prisma Access utilizes a single, unified product to protect all users and applications across the company, regardless of whether the user connects to the product via an agent or without one. This includes on-premises, public cloud, SaaS, legacy and modern/cloud- native apps. Also, Prisma Access was designed with the best-in-class user experience in mind, and Palo Alto backs this up with aggressive service-level agreements (SLAs) featuring five-nines of uptime and less 8 8 Prisma Access utilizes a single, unified product to protect all users and applications across the company. 8 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
8 9 than 10 ms security processing. ZK Research believes Palo Alto Networks is the only ZTNA 2.0 vendor with a performance SLA for third-party SaaS applications. Although a security team could attempt to build a ZTNA 2.0 solution using point products that went through a lift and shift to make them cloud residents, that model has some significant gaps compared to Palo Alto’s cloud-native Prisma Access. Exhibit 4 highlights the main differences in these two approaches. SECTION V: CONCLUSION AND RECOMMENDATIONS Hybrid work is here to stay and has forever changed the way we work. It’s also changing the way businesses need to secure and connect workers. Legacy VPN and first-generation ZTNA products were sufficient as a stopgap to get users up and running, but now it’s time for companies to con- sider the long-term impact of hybrid work. Access must evolve, and ZTNA 2.0 is the path forward. Legacy solutions were sufficient a decade ago, but they were never designed for a world that is both dynamic and distributed. ZTNA 2.0 was built from the ground up for cloud-first, distributed companies—which include almost all businesses today. Therefore, ZTNA 2.0 is now an imperative. As companies look to evolve to ZTNA 2.0, ZK Research offers the following recommendations: ZK Research: A Division of Kerravala Consulting © 2022 ZK Research Hardware based This approach entails using racked-and-stacked hardware in rented colocation facilities. It severely limits global reach and scale, and it creates a dependency on third-party data centers when most apps are now hosted in the public cloud. Comingled data plane Mixing customer data planes creates a “noisy neighbor”problem, where one customer can impact another. This leads to a“fate sharing”scenario that can cause unexpected brownouts. Manual problem resolution Security and performance problems are difficult for IT to identify and resolve, creating a poor experience for end users. Cloud scale Prisma Access leverages the largest cloud providers in the world, enabling elastic scale and the highest-performance, multi-cloud network backbone. Data plane isolation A multi-tenant, end-to-end approach delivers a unique dedicated data plane for each customer, to ensure all customers are isolated from each other and receive consistently high performance. Autonomous Digital Experience Management (ADEM) Prisma Access provides proactive identifica- tion of problems using ADEM, with the ability to isolate and resolve them autonomously before a user even knows about them. POINT PRODUCTS PRISMA ACCESS Exhibit4:Cloud-NativeArchitectureofPrismaAccessModernizesZTNA Palo Alto Networks and ZK Research, 2022 ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
Rethinksecurityintheeraofhybridwork. The traditional security model of buying point products was sufficient in the past because IT controlled every aspect of working—from the apps and devices people used, to the network and even how they accessed the network. With hybrid work, apps have moved to the cloud, devices are now mobile and people are working at home. This dictates that security move from point product to a platform where it is enforced end to end. Palo Alto’s Prisma Access is a good example of such a platform. Startwiththebiggestsecuritypainpoint. All businesses should be looking at ZTNA 2.0, but the starting point will be different based on the individual company. ZK Research has identified three initiatives that can help organizations move to ZTNA: o Securing private app access as a VPN replacement o Securing internet and SaaS access as an SWG replacement o Implementing advanced SaaS app security as a CASB and DLP replacement Chooseacloud-nativesecuritypartner. Dozens of security vendors claim to offer security via the cloud. Therefore, it’s important for customers to understand that not all versions of cloud are created equal, and that “cloud” does not always mean “cloud native.” Customers must do their due diligence and ensure the vendor is running a modernized, cloud-native platform, as this will lead to faster innovation and better resiliency. 8 1 0 1 0 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research CONTACT zeus@zkresearch.com Cell: 301-775-7447 Office: 978-252-5314 © 2022 ZK Research: A Division of Kerravala Consulting All rights reserved. Reproduction or redistribution in any form without the express prior permission of ZK Research is expressly prohibited. For questions, comments or further information,emailzeus@zkresearch.com. ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0

Recommended

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
FIDO Alliance
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN
3G4G
 
大規模グラフデータ処理
大規模グラフデータ処理大規模グラフデータ処理
大規模グラフデータ処理
maruyama097
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
Dr. Prashant Vats
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 

Recommended

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
FIDO Alliance
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN
3G4G
 
大規模グラフデータ処理
大規模グラフデータ処理大規模グラフデータ処理
大規模グラフデータ処理
maruyama097
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
Dr. Prashant Vats
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
Splunk
 
Quarkus による超音速な Spring アプリケーション開発
Quarkus による超音速な Spring アプリケーション開発Quarkus による超音速な Spring アプリケーション開発
Quarkus による超音速な Spring アプリケーション開発
Chihiro Ito
 
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
Kai Wähner
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
MAHESHUMANATHGOPALAK
 
LINE スタンプショップにおける Zipkin 利用事例
LINE スタンプショップにおける Zipkin 利用事例LINE スタンプショップにおける Zipkin 利用事例
LINE スタンプショップにおける Zipkin 利用事例
LINE Corporation
 
개인 일정관리에 Agile을 끼얹으면?
개인 일정관리에 Agile을 끼얹으면?개인 일정관리에 Agile을 끼얹으면?
개인 일정관리에 Agile을 끼얹으면?
Curt Park
 
HashiCorp Vault 紹介
HashiCorp Vault 紹介HashiCorp Vault 紹介
HashiCorp Vault 紹介
hashicorpjp
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
データ収集の基本と「JapanTaxi」アプリにおける実践例
データ収集の基本と「JapanTaxi」アプリにおける実践例データ収集の基本と「JapanTaxi」アプリにおける実践例
データ収集の基本と「JapanTaxi」アプリにおける実践例
Tetsutaro Watanabe
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
netconf, restconf, grpc_basic
netconf, restconf, grpc_basicnetconf, restconf, grpc_basic
netconf, restconf, grpc_basic
Gyewan An
 
20140507 akamai紹介資料
20140507 akamai紹介資料20140507 akamai紹介資料
20140507 akamai紹介資料
Rie Arai
 
Intermediate: 5G Applications Architecture - A look at Application Functions ...
Intermediate: 5G Applications Architecture - A look at Application Functions ...Intermediate: 5G Applications Architecture - A look at Application Functions ...
Intermediate: 5G Applications Architecture - A look at Application Functions ...
3G4G
 
Data destruction policy
Data destruction policyData destruction policy
Data destruction policy
Abhay Kshirsagar, M.S., CISA
 
サーバーサイドでの非同期処理で色々やったよ
サーバーサイドでの非同期処理で色々やったよサーバーサイドでの非同期処理で色々やったよ
サーバーサイドでの非同期処理で色々やったよ
koji lin
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
NGINX, Inc.
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistan
Tariq Mustafa
 

More Related Content

What's hot

How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
Kai Wähner
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
 
20140507 akamai紹介資料
20140507 akamai紹介資料20140507 akamai紹介資料
20140507 akamai紹介資料
Rie Arai
 
サーバーサイドでの非同期処理で色々やったよ
サーバーサイドでの非同期処理で色々やったよサーバーサイドでの非同期処理で色々やったよ
サーバーサイドでの非同期処理で色々やったよ
koji lin
 

What's hot (20)

Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
 
Quarkus による超音速な Spring アプリケーション開発
Quarkus による超音速な Spring アプリケーション開発Quarkus による超音速な Spring アプリケーション開発
Quarkus による超音速な Spring アプリケーション開発
 
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
How to choose the right Integration Framework - Apache Camel (JBoss, Talend),...
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
LINE スタンプショップにおける Zipkin 利用事例
LINE スタンプショップにおける Zipkin 利用事例LINE スタンプショップにおける Zipkin 利用事例
LINE スタンプショップにおける Zipkin 利用事例
 
개인 일정관리에 Agile을 끼얹으면?
개인 일정관리에 Agile을 끼얹으면?개인 일정관리에 Agile을 끼얹으면?
개인 일정관리에 Agile을 끼얹으면?
 
HashiCorp Vault 紹介
HashiCorp Vault 紹介HashiCorp Vault 紹介
HashiCorp Vault 紹介
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
データ収集の基本と「JapanTaxi」アプリにおける実践例
データ収集の基本と「JapanTaxi」アプリにおける実践例データ収集の基本と「JapanTaxi」アプリにおける実践例
データ収集の基本と「JapanTaxi」アプリにおける実践例
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
netconf, restconf, grpc_basic
netconf, restconf, grpc_basicnetconf, restconf, grpc_basic
netconf, restconf, grpc_basic
 
20140507 akamai紹介資料
20140507 akamai紹介資料20140507 akamai紹介資料
20140507 akamai紹介資料
 
Intermediate: 5G Applications Architecture - A look at Application Functions ...
Intermediate: 5G Applications Architecture - A look at Application Functions ...Intermediate: 5G Applications Architecture - A look at Application Functions ...
Intermediate: 5G Applications Architecture - A look at Application Functions ...
 
Data destruction policy
Data destruction policyData destruction policy
Data destruction policy
 
サーバーサイドでの非同期処理で色々やったよ
サーバーサイドでの非同期処理で色々やったよサーバーサイドでの非同期処理で色々やったよ
サーバーサイドでの非同期処理で色々やったよ
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
 

Similar to ztna-2-0-report.pdf

Redington Value Journal - June 2018
Redington Value Journal - June 2018Redington Value Journal - June 2018
Redington Value Journal - June 2018
Redington Value Distribution
 
EARTHLINK How To Predict Impact The Network Impact of Apps
EARTHLINK How To Predict Impact The Network Impact of Apps EARTHLINK How To Predict Impact The Network Impact of Apps
EARTHLINK How To Predict Impact The Network Impact of Apps
Joe Maglitta
 
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network NeedsBuilding the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Juniper Networks
 
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docxMarket Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
endawalling
 
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docxMarket Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
alfredacavx97
 

Similar to ztna-2-0-report.pdf (20)

IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistan
 
Redington Value Journal - June 2018
Redington Value Journal - June 2018Redington Value Journal - June 2018
Redington Value Journal - June 2018
 
EARTHLINK How To Predict Impact The Network Impact of Apps
EARTHLINK How To Predict Impact The Network Impact of Apps EARTHLINK How To Predict Impact The Network Impact of Apps
EARTHLINK How To Predict Impact The Network Impact of Apps
 
Choosing the right network management solution: Increase network visibility t...
Choosing the right network management solution: Increase network visibility t...Choosing the right network management solution: Increase network visibility t...
Choosing the right network management solution: Increase network visibility t...
 
Prakash Mana, Cloudbrink CEO, Shares Cloudbrink 2024 Predictions.pptx
Prakash Mana, Cloudbrink CEO, Shares Cloudbrink 2024 Predictions.pptxPrakash Mana, Cloudbrink CEO, Shares Cloudbrink 2024 Predictions.pptx
Prakash Mana, Cloudbrink CEO, Shares Cloudbrink 2024 Predictions.pptx
 
Software Defined Networks Explained
Software Defined Networks ExplainedSoftware Defined Networks Explained
Software Defined Networks Explained
 
J3602068071
J3602068071J3602068071
J3602068071
 
Effecientip DNS security.pdf
Effecientip DNS security.pdfEffecientip DNS security.pdf
Effecientip DNS security.pdf
 
NVTC "Cool Tech" Presentation
NVTC "Cool Tech" PresentationNVTC "Cool Tech" Presentation
NVTC "Cool Tech" Presentation
 
Business with Cloud Computing
Business with Cloud ComputingBusiness with Cloud Computing
Business with Cloud Computing
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
 
Digital Businesses Need to Rethink Their Network Strategies
Digital Businesses Need to Rethink Their Network StrategiesDigital Businesses Need to Rethink Their Network Strategies
Digital Businesses Need to Rethink Their Network Strategies
 
User Authentication Technique for Office Environment
User Authentication Technique for Office EnvironmentUser Authentication Technique for Office Environment
User Authentication Technique for Office Environment
 
VMblog - 2020 IT Predictions from 26 Industry Experts
VMblog - 2020 IT Predictions from 26 Industry ExpertsVMblog - 2020 IT Predictions from 26 Industry Experts
VMblog - 2020 IT Predictions from 26 Industry Experts
 
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network NeedsBuilding the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
Building the Cloud-Enabled Enterprise Campus to Meet Today's Network Needs
 
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docxMarket Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
 
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docxMarket Guide for Zero Trust Network AccessPublished 29 Apri.docx
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
The cloud
The cloudThe cloud
The cloud
 

Recently uploaded

一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
F
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
SS
 
一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理
A
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
mikehavy0
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
AS
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
F
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
AS
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
AS
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
c6eb683559b3
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
apekaom
 

Recently uploaded (20)

一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
 
一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
A LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptx
A LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptxA LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptx
A LOOK INTO NETWORK TECHNOLOGIES MAINLY WAN.pptx
 

ztna-2-0-report.pdf

  • 1. July 2022 ZKResearch A Division of Kerravala Consulting © 2022 ZK Research Influence and insight through social media Prepared by Zeus Kerravala W H I T E PA P E R Hybrid Work Drives the Need for ZTNA 2.0
  • 2. 8 2 INTRODUCTION: HYBRID WORK IS NOW THE NORM The COVID-19 pandemic has had a profound effect on the world. Businesses have compressed into months digitization plans that they had envisioned would take years. Employees who had been tied to one location can now work from anywhere (WFA), and that trend will persist for the foresee- able future. Results from the ZK Research 2022 Work-from-Anywhere Study show that while only 22% of employees regularly worked remotely before the pandemic, 51% will work from home two to three days per week, and another 14% will do so one day per week (Exhibit 1). This indicates that the future of work is hybrid. In addition, many companies don’t expect to have employees back in the office full time ever again. Salesforce’s president and chief people officer, Brent Hyder, told MarketWatch that the company will revamp its offices to eliminate a “sea of desks” and expects that 65% of its 54,000 employees will come into the office only one to three days per week (up from 40% pre-pandemic). Other companies, such as Microsoft and Google, are also embracing the hybrid work trend. ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 2 to 3 days 51% Permanent remote 25% 1 day 14% 4 to 5 days 10% How many days a week do you plan to have employees in the office? Exhibit1:TheFutureofWorkIsHybrid ZK RESEARCH | Report Title Goes Here ZK Research 2022 Work-from-Anywhere Study ABOUT THE AUTHOR Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides tactical advice and strategic guidance to help his clients in both the current business climate and the long term. He delivers research and insight to the following constituents: end-user IT and network managers; vendors of IT hardware, software and services; and members of the financial community looking to invest in the companies that he covers. ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0 8 2
  • 3. 8 3 It’s been well documented in many media publications how hybrid work has changed the way people do their jobs, particularly those who need to collaborate with others. What hasn’t been as widely understood is the impact to corporate IT. Hybrid work has fundamentally changed the technology businesses use and the way it’s deployed. For example: Cloudadoptionacceleratesandthecloudmodelevolves. Clouds are shifting away from a centralized model to a distributed one where workloads and applications can span private clouds, public clouds and edge locations. Cloud services are location-independent, making them ideal for hybrid work. The ZK Research 2022 Work-from-Anywhere Study found that 64% of companies have increased their spend on public clouds, while 58% have boosted their budgets for private clouds. Remoteaccessneedschange. Businesses need to be prepared for scenarios where most users work remotely for an indefinite period. Virtual private networks (VPNs) acted as a “Band- Aid” solution, allowing people to connect remotely. However, because of security issues, such as open network access and performance problems caused by backhauling network traffic, VPNs are not a good long-term solution. Businesses will look to augment connectivity with software-defined wide-area network (SD-WAN) and secure access service edge (SASE) solu- tions to connect and secure remote workers. Exhibit 2 shows the boost SD-WAN will see due to the pandemic. IThaslessdirectcontroloverinfrastructure. A decade ago, corporate IT teams deter- mined what endpoint and apps workers used, where and when resources could be accessed, ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 3.9 6.1 0.6 0 0 5 10 15 20 25 2019 2020 2021 2022 2023 2024 Post-Pandemic Pre-Pandemic SD-WAN Market (in Billions of U.S. Dollars) 7.8 9.5 12.9 16.3 3.5 2.6 1.9 1.2 Exhibit2:SD-WANSpendAccelerates ZK Research 2021 SD-WAN Forecast ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 4. and how employees connect, and the network was private. Today, control is largely gone as shadow IT has taken over software-as-a-service (SaaS) purchasing, SD-WAN has introduced public broadband and hybrid work has pushed the enterprise edge to the home. IT’s formerly tightly controlled environment has given way to a chaotic, unpredictable one. Of all the domains within IT, it’s arguable that the one most impacted is security. Cyber engineers need to protect a dynamic, distributed and ephemeral attack surface. This has made traditional security constructs necessary but no longer sufficient. VPNs have been the standard for decades, but they lack the performance and security requirements of most workers. Therefore, it’s time for access to evolve to a zero-trust model. However, first-generation zero-trust network access (ZTNA) solutions were basic network access tools with a few features bolted on. Today’s businesses need a paradigm shift in zero trust, or ZTNA 2.0, to secure the modern hybrid workforce. SECTION II: ZTNA 1.0 SOLUTIONS LEAVE COMPANIES OPEN TO BREACHES ZTNA has drawn tremendous interest over the past several years because it improves security by shrinking the attack surface. IP networks were designed with openness in mind, so any connected endpoint can connect with any other. This is why the internet works as seamlessly and as fast as it does. The problem is that once a network is breached, the threat actor has access to every company re- source and can often “hide” in the environment for months, causing significant damage to companies. The thesis behind ZTNA is to shift to a least-privilege model where no endpoint can communicate with any other unless explicitly allowed. This minimizes the attack surface so if a breach occurs, the threat actor will only have access to a few or perhaps no other systems, limiting the “blast radius” of the breach. Although this was the original concept behind ZTNA, first-generation solutions have one or more of the following limitations: Violatetheprincipleofleastprivilege: Least privilege is at the core of ZTNA, but it can’t be achieved with network solutions. Even when vendors claim to understand applications or applica- tion-level access control, most equate applications to network constructs such as IP address, port number and fully qualified domain names (FQNDs). This might seem reasonable, as the internet is built using these constructs, but there are three significant problems: o Theattacksurfaceisnotoptimized. Most applications use dynamic ports and IP addresses. Consequently, ZTNA solutions need to grant access to a wide range of ports and addresses, and this leaves a much broader attack surface exposed than should be necessary. o Accesscanonlyberestrictedattheapplicationlevel.ZTNA 1.0 solutions only have visibility at the application level, meaning they can’t control access to apps. In some cases, it may be beneficial to restrict access to specific functions. To do this, the ZTNA solution would need to control access at the sub-application level. 8 4 Today’s businesses need a paradigm shift in zero trust, or ZTNA 2.0, to secure the modern hybrid workforce. 4 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 8 4 ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 5. o Theenvironmentissubjecttolateralmalwaremovement. Malware often listens on the same port number and/or IP address that allowed applications do. This lets malware access the environment and then move laterally across the business. Assumetrustonceaccessisgranted:One significant flaw in ZTNA 1.0 solutions is that once access is granted to a user or application, that communication is implicitly trusted in perpetuity with the assumption that the user or app will act in a trustworthy manner. All breaches occur when access is allowed. So, when behavior becomes suspicious, access must be revoked. The “allow and ignore” construct of ZTNA 1.0 cannot prevent this. Lackcontinuoussecurityinspection: ZTNA 1.0 was designed to be an access control mecha- nism, with no ability to detect or prevent malware or lateral movement across connections once a user is allowed app access. This is essentially security through obscurity, which assumes all allowed traffic is free from malware as well as other threats or vulnerabilities. Havenodataprotection: Existing ZTNA solutions have no visibility or control of data. This ex- poses the enterprise to the risk of data exfiltration from attackers or malicious insiders. The latter is often ignored by businesses, but it is a significant source of data loss. The Verizon 2021 Data Breach Investigations Report found that between 2018 and 2020, there was a 47% increase in the frequency of incidents involving insider threats, and those breaches accounted for 22% of all security incidents. Areunabletosecureallapplications: Existing ZTNA solutions can only address the subset of private applications that use static ports. Also, they cannot properly secure microservices-based cloud-native apps or apps that use dynamic ports such as voice and video apps, or server initia- tives apps like help desk and patching systems. Lastly, current ZTNA solutions completely ignore SaaS apps, which now represent most enterprise apps and continue to grow. The ZK Research 2021 Global UC Forecast shows that cloud UC, which includes voice and video, will grow at a 21% CAGR though 2026 (Exhibit 3). This is one of the fastest-growing application segments, and it has exposed a significant hole in ZTNA 1.0. Although the promise of ZTNA has been well understood, 1.0 solutions cannot deliver the neces- sary features to protect the business. Hybrid work has changed the way people work, the applications that workers use and how the environment is accessed. It’s time for ZTNA to evolve. SECTION III: DEFINING ZTNA 2.0 ZTNA 2.0 is a complete rethink of how access is managed. First-generation solutions were up- graded VPN products, but second-generation products are built from the ground up to ensure least 8 5 Although the promise of ZTNA has been well understood, 1.0 solutions cannot deliver the necessary features to protect the business. 5 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 6. 8 6 privilege can be maintained across the extended enterprise, all the time. The following principles are fundamental to ZTNA 2.0: Operatesattheapplicationlayer: ZTNA 2.0 shifts the focus of the technology from the network (Layer 3) to the application (Layer 7), which enables the full potential of zero trust to be unleashed. This ensures granular access control can be applied at the application and even sub-application level independent of network configurations, helping organizations to fully realize the principle of least privilege. If a user moves location or network changes are made, these are transparent to ZTNA, ensuring least privilege is always being maintained. Maintainscontinuoustrustverification: As indicated in the previous section, continuous trust is difficult, if not impossible, to maintain. Once a user is granted access to an application, trust is implied—which can cause breaches to go undetected. ZTNA 2.0 must continually assess trust based on changes in device posture, user behavior and app activity, and then revoke access on anything anomalous. For example, if a user logs in from across the globe only ZK Research: A Division of Kerravala Consulting © 2022 ZK Research 2021 2022 2023 2024 2025 2026 2027 Global UC Market (in Billions of U.S. Dollars) Cloud UC On Premises 5.1 4.7 7.6 8.7 4.5 9.9 4.2 11.2 3.9 13.1 3.7 15.4 3.4 19.2 Exhibit3:CloudCommunicationsGrowswithHybridWork ZK Research 2022 Global UC Forecast ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 7. minutes after accessing an application locally, that indicates the credentials were stolen. Alterna- tively, if an application starts running on a new port, that likely indicates it was hijacked. Continuouslyinspectssecurity: ZTNA 2.0 solutions should continuously perform deep packet inspection of all traffic, even for connections that have previously been allowed. This can help quickly find and stop both breaches and zero-day threats. Continuous security is the best form of defense when a legitimate user’s credentials are stolen and used to launch attacks against applications or infrastructure. Deliverscomprehensivedataprotection: ZTNA 2.0 offers consistent control of data across every application used in the enterprise, including on-premises applications and SaaS apps—the latter of which are invisible to first-generation ZTNA. This can all be done with a single data loss prevention (DLP) policy, which dramatically simplifies operations. Providescompleteapplicationsecurity: With ZTNA 2.0, all applications across the business are secured, including legacy applications, SaaS applications, private apps and modernized, cloud-native ones. It’s important to note this also includes apps that utilize dynamic ports and ones that leverage server-initiated connections. SECTION IV: PALO ALTO NETWORKS IS A COMPLETE ZTNA 2.0 PROVIDER Silicon Valley–based Palo Alto Networks is the security industry’s market leader, and it has the broadest and deepest product portfolio of all vendors. The company’s Prisma Access product has been a de facto standard for securing and connecting remote workers for years. Palo Alto was one of the early-to-market ZTNA vendors and is a leader in Forrester’s most recent ZTNA New Wave report. Recently, the company introduced the industry’s first ZTNA 2.0 solution on Prisma Access, which is designed to protect the hybrid workforce while providing a great user experience via a simple and unified security product. Although many security vendors offer “cloud” security, most are built on older technology that went through a “lift and shift.” Palo Alto offers a fully modernized, cloud-native set of security services that include secure web gateway (SWG), next-generation cloud access secu- rity broker (NG-CASB), firewall as a service (FWaaS) and DLP in a cloud-native global services edge. Prisma Access has a common policy framework that enables single-pane-of-glass management, which is ideally suited to secure today’s hybrid workforce without compromising performance. Palo Alto’s Prisma Access meets the criteria outlined in Section III in the following ways: Ensuresleastprivilegeaccess: Prisma Access operates at Layers 3 to 7 of the Open Systems Interconnection (OSI) stack, spanning from the network through applications. Palo Alto uses pat- 8 7 ZTNA 2.0 offers consistent control of data across every application used in the enterprise. 7 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 8. ented App-ID technology to accurately control access at the app and the sub-app level, which includes the ability to control specific functions such as upload/download. Deliverscontinuoustrustverification: Palo Alto’s solution constantly assesses trust and verifi- cation through the following three patented processes: o User-ID provides deep visibility into users and continuously monitors user behavior for suspicious activity. o Device-ID offers visibility into the posture of devices, giving the ability to revoke access if a device falls out of compliance with company policy. o App-ID ensures traffic running over specific ports consists of the appropriate applications. For example, traffic flowing over Port 443 is secure web. Providescontinuoussecurityinspection: Prisma Access has a machine learning (ML)–pow- ered engine to stop 95% of threats inline without using signatures. The ML-powered capabilities combined with Palo Alto’s cloud security services block more than 224 billion threats per day for customers. For the threats that cannot be stopped with inline protection, Prisma Access uses single-pass traffic processing for other cloud-delivered security services, including the following: o ThreatPrevention prevents exploits, command-and-control, and other network attacks across all apps and protocols. o WildFire is a massive malware analysis ecosystem that provides fast signature delivery. o AdvancedURLFiltering is web security that prevents 24% more phishing than all other vendors. o DNSSecurity thwarts all major Domain Name System (DNS)–layer attack types. Protectsalldata: Unlike ZTNA 1.0 solutions, which have no visibility into data exfiltration or loss, Prisma Access supports Palo Alto’s enterprise DLP, which provides consistent visibility of data access across the enterprise. From a single management console, customers can apply consistent DLP to all data—whether it is stored in on-premises legacy apps, public cloud apps or SaaS—all with a single policy. Securesallapplications: Prisma Access utilizes a single, unified product to protect all users and applications across the company, regardless of whether the user connects to the product via an agent or without one. This includes on-premises, public cloud, SaaS, legacy and modern/cloud- native apps. Also, Prisma Access was designed with the best-in-class user experience in mind, and Palo Alto backs this up with aggressive service-level agreements (SLAs) featuring five-nines of uptime and less 8 8 Prisma Access utilizes a single, unified product to protect all users and applications across the company. 8 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 9. 8 9 than 10 ms security processing. ZK Research believes Palo Alto Networks is the only ZTNA 2.0 vendor with a performance SLA for third-party SaaS applications. Although a security team could attempt to build a ZTNA 2.0 solution using point products that went through a lift and shift to make them cloud residents, that model has some significant gaps compared to Palo Alto’s cloud-native Prisma Access. Exhibit 4 highlights the main differences in these two approaches. SECTION V: CONCLUSION AND RECOMMENDATIONS Hybrid work is here to stay and has forever changed the way we work. It’s also changing the way businesses need to secure and connect workers. Legacy VPN and first-generation ZTNA products were sufficient as a stopgap to get users up and running, but now it’s time for companies to con- sider the long-term impact of hybrid work. Access must evolve, and ZTNA 2.0 is the path forward. Legacy solutions were sufficient a decade ago, but they were never designed for a world that is both dynamic and distributed. ZTNA 2.0 was built from the ground up for cloud-first, distributed companies—which include almost all businesses today. Therefore, ZTNA 2.0 is now an imperative. As companies look to evolve to ZTNA 2.0, ZK Research offers the following recommendations: ZK Research: A Division of Kerravala Consulting © 2022 ZK Research Hardware based This approach entails using racked-and-stacked hardware in rented colocation facilities. It severely limits global reach and scale, and it creates a dependency on third-party data centers when most apps are now hosted in the public cloud. Comingled data plane Mixing customer data planes creates a “noisy neighbor”problem, where one customer can impact another. This leads to a“fate sharing”scenario that can cause unexpected brownouts. Manual problem resolution Security and performance problems are difficult for IT to identify and resolve, creating a poor experience for end users. Cloud scale Prisma Access leverages the largest cloud providers in the world, enabling elastic scale and the highest-performance, multi-cloud network backbone. Data plane isolation A multi-tenant, end-to-end approach delivers a unique dedicated data plane for each customer, to ensure all customers are isolated from each other and receive consistently high performance. Autonomous Digital Experience Management (ADEM) Prisma Access provides proactive identifica- tion of problems using ADEM, with the ability to isolate and resolve them autonomously before a user even knows about them. POINT PRODUCTS PRISMA ACCESS Exhibit4:Cloud-NativeArchitectureofPrismaAccessModernizesZTNA Palo Alto Networks and ZK Research, 2022 ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0
  • 10. Rethinksecurityintheeraofhybridwork. The traditional security model of buying point products was sufficient in the past because IT controlled every aspect of working—from the apps and devices people used, to the network and even how they accessed the network. With hybrid work, apps have moved to the cloud, devices are now mobile and people are working at home. This dictates that security move from point product to a platform where it is enforced end to end. Palo Alto’s Prisma Access is a good example of such a platform. Startwiththebiggestsecuritypainpoint. All businesses should be looking at ZTNA 2.0, but the starting point will be different based on the individual company. ZK Research has identified three initiatives that can help organizations move to ZTNA: o Securing private app access as a VPN replacement o Securing internet and SaaS access as an SWG replacement o Implementing advanced SaaS app security as a CASB and DLP replacement Chooseacloud-nativesecuritypartner. Dozens of security vendors claim to offer security via the cloud. Therefore, it’s important for customers to understand that not all versions of cloud are created equal, and that “cloud” does not always mean “cloud native.” Customers must do their due diligence and ensure the vendor is running a modernized, cloud-native platform, as this will lead to faster innovation and better resiliency. 8 1 0 1 0 ZK Research: A Division of Kerravala Consulting © 2022 ZK Research CONTACT zeus@zkresearch.com Cell: 301-775-7447 Office: 978-252-5314 © 2022 ZK Research: A Division of Kerravala Consulting All rights reserved. Reproduction or redistribution in any form without the express prior permission of ZK Research is expressly prohibited. For questions, comments or further information,emailzeus@zkresearch.com. ZK RESEARCH | Hybrid Work Drives the Need for ZTNA 2.0