* [Blog](https://www2.paloaltonetworks.com/blog)
* [SASE](https://www2.paloaltonetworks.com/blog/sase/)
* [Remote Workforce](https://www2.paloaltonetworks.com/blog/category/remote-workforce/)
* Start Building Your Zero ...

# Start Building Your Zero Trust Architecture with ZTNA 2.0

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fstart-building-your-zero-trust-architecture-with-ztna-2-0%2F)  
[](https://twitter.com/share?text=Start+Building+Your+Zero+Trust+Architecture+with+ZTNA+2.0&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fstart-building-your-zero-trust-architecture-with-ztna-2-0%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fstart-building-your-zero-trust-architecture-with-ztna-2-0%2F&title=Start+Building+Your+Zero+Trust+Architecture+with+ZTNA+2.0&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/sase/start-building-your-zero-trust-architecture-with-ztna-2-0/&ts=markdown)  
\[\](mailto:?subject=Start Building Your Zero Trust Architecture with ZTNA 2.0)  
Link copied  
By [Don Meyer](https://www.paloaltonetworks.com/blog/author/don-meyer/?ts=markdown "Posts by Don Meyer")  
Jan 19, 2023  
4 minutes  
[Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)  
[Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown)  
[ZTNA 2.0](https://www.paloaltonetworks.com/blog/tag/ztna-2-0/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/sase/start-building-your-zero-trust-architecture-with-ztna-2-0/?lang=ja "Switch to Japanese(日本語)")

According to our recent [*What's Next in Cyber: A Global Executive Pulse Check*](https://start.paloaltonetworks.com/whats-next-in-cyber-report) global survey, 47% of survey respondents noted that maintaining a secure hybrid workforce is one of their top reasons for adopting a zero trust architecture (ZTA). However, 98% of CXOs admitted in this same survey that they find Zero Trust implementation challenging for three main reasons:

1. Not knowing where to start and how to prioritize
2. Lack of qualified vendors with a complete and integrated solution
3. Lack of internal expertise

Good news---we can help you with all three of these things. Let's start from the beginning: where should you start your ZTA adoption? Start with [ZTNA 2.0](https://www.paloaltonetworks.com/sase/ztna).

## Why ZTNA 2.0 is Your ZTA Starting Point

You may have a few thoughts running through your mind right now, like "What is ZTNA 2.0? We haven't even started with ZTNA 1.0. Do we need to ZTNA 1.0 first? What even is ZTNA? Why are there version numbers?"

Here is a quick, three-point primer to address these questions and get us all acclimated.

1. **What is ZTNA?** [ZTNA](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna) is the acronym for Zero Trust Network Access. It is a category of technologies that provides secure remote access to applications and services based on strict access control policies that treat all users and devices as untrusted until proven otherwise.
2. **What is ZTNA 1.0?** ZTNA 1.0 is shorthand for legacy ZTNA approaches. ZTNA 1.0 supports only coarse-grained access controls, incorporates an "allow and ignore" approach for both users and app traffic, and provides either little or no advanced security consistently across all apps and data. These shortcomings violate the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege) and increase organizational security breach exposure.
3. **What is ZTNA 2.0?** [ZTNA 2.0](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-2-0) is the most cutting-edge approach to ZTNA, overcoming ZTNA 1.0 limitations to deliver the comprehensive cybersecurity benefits envisioned with ZTA.

When you start building out your ZTA with ZTNA 2.0, you harness five powerful principles to protect your users, data, apps, and devices. These five principles are:

1. [Least-privileged access](https://www.paloaltonetworks.com/blog/2022/05/ztna-1-0-violates-principle-of-least-privilege/). Enables precise access control at the application and sub-application levels, independent of network constructs such as IP addresses and port numbers.
2. [Continuous trust verification](https://www.paloaltonetworks.com/blog/2022/06/ztna-1-0-cant-secure-all-apps/). After access is granted to an application, continuous trust assessment continues based on changes in device posture, user behavior, and application behavior.
3. [Continuous security inspection](https://www.paloaltonetworks.com/blog/2022/06/security-inspection-problem/). Uses deep, continuous inspection of all application traffic, including for allowed connections, to help prevent threats, including zero-day threats.
4. [Protection of all data](https://www.paloaltonetworks.com/blog/2022/06/consistent-data-protection-requires-a-new-approach/). Provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.
5. [Security for all applications](https://www.paloaltonetworks.com/blog/2022/06/ztna-1-0-cant-secure-all-apps/). Consistently protects all types of applications in use across the enterprise, including modern cloud-native applications, private legacy applications, and SaaS applications.

## ZTNA 2.0 Secures Your Hybrid Workforce in a Perimeter-Less World

[ZTNA 2.0](https://www.paloaltonetworks.com/engage/prisma-sase-ztna-2-0) is imperative to help address one of the biggest security challenges today: the perimeter-less nature of modern networks. With the hybrid workforce's widespread use of cloud-based applications, mobile devices, and the internet of things (IoT), it's becoming increasingly difficult for network security professionals to define and protect their organization's "perimeter." This perimeter-less world makes it harder to control access to sensitive data and systems, leaving organizations more vulnerable to attacks from both external and internal actors.

ZTNA 2.0 doesn't adhere to a perimeter-based construct for secure access. Instead, it consistently verifies and authenticates every user, device, application, and data before granting access to the network, regardless of whether these elements are inside or outside the organization's physical boundaries. This location-agnostic verification and authentication available with ZTNA 2.0 make it more difficult for an attacker to move laterally through the network and helps reduce the attack surface.

## Start at ZTNA 2.0[![Prisma Access delivers ZTNA 2.0.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/01/Screenshot-2023-01-18-122338.png)](https://www.paloaltonetworks.com/sase/access)

ZTA is a remarkably useful cybersecurity architecture to help you keep your organization protected in a world where work is an activity, not a place. Start building your ZTA strategy with [ZTNA 2.0](https://www.paloaltonetworks.com/engage/prisma-sase-ztna-2-0?overlay_url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fengage%2Fprisma-sase-ztna-2-0%2Fztna-2-resources%2Funderstanding-ztna-2-0), the new standard for providing secure access for all of your users, devices, applications, and data.

If you'd like to talk to someone about how ZTNA 2.0 can help your organization, [please reach out](https://start.paloaltonetworks.com/ZTNA-2.0-Sales-Briefing.html). We are excited and ready to help you start planning and implementing your ZTA strategy.

*** ** * ** ***

## Related Blogs

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unleashing the Benefits of Cloud SWG with Agent-Based Proxy](https://www2.paloaltonetworks.com/blog/sase/unleashing-the-benefits-of-cloud-swg-with-agent-based-proxy/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Five Misconceptions About Secure Web Gateways](https://www2.paloaltonetworks.com/blog/sase/five-misconceptions-about-secure-web-gateways/)

### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### We don't just recommend ZTNA 2.0. We also use it.](https://www2.paloaltonetworks.com/blog/sase/we-dont-just-recommend-ztna-2-0-we-also-use-it/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### 3 Common ZTNA Deployment Hurdles and How to Overcome Them](https://www2.paloaltonetworks.com/blog/sase/3-common-ztna-deployment-hurdles-and-how-to-overcome-them/)

### [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Top challenges for hybrid workforces](https://www2.paloaltonetworks.com/blog/sase/2021-hybrid-workforce/)

### [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### 5 Ways to Establish a Secure Hybrid Workforce with Prisma Access](https://www2.paloaltonetworks.com/blog/sase/secure-hybrid-workforce-prisma-access/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language