* [Blog](https://www2.paloaltonetworks.com/blog)
* [SASE](https://www2.paloaltonetworks.com/blog/sase/)
* [Mobile Users](https://www2.paloaltonetworks.com/blog/sase/category/mobile-users/)
* ZTNA That Actually Works ...

# ZTNA That Actually Works for All Applications, Everywhere

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fztna-all-applications-everywhere%2F)  
[](https://twitter.com/share?text=ZTNA+That+Actually+Works+for+All+Applications%2C+Everywhere&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fztna-all-applications-everywhere%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fztna-all-applications-everywhere%2F&title=ZTNA+That+Actually+Works+for+All+Applications%2C+Everywhere&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/sase/ztna-all-applications-everywhere/&ts=markdown)  
\[\](mailto:?subject=ZTNA That Actually Works for All Applications, Everywhere)  
Link copied  
By [Jason Georgi](https://www.paloaltonetworks.com/blog/author/jason-georgi/?ts=markdown "Posts by Jason Georgi")  
Sep 23, 2021  
4 minutes  
[Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[Forrester](https://www.paloaltonetworks.com/blog/tag/forrester/?ts=markdown)  
[Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown)  
[ZTNA](https://www.paloaltonetworks.com/blog/tag/ztna/?ts=markdown)

*This is part 3 of a 3-part series where we take a closer look at the ZTNA-related strengths of Prisma Access as cited in the recent* [Forrester New Wave™: Zero Trust Network Access, Q3 2021](https://start.paloaltonetworks.com/ztna-new-wave-report) *report. If you missed the beginning of the series, check out* [*part 1*](https://www.paloaltonetworks.com/blog/2021/08/a-leader-in-the-forrester-ztna-new-wave/)*for an introduction to the report and* [*part 2*](https://www.paloaltonetworks.com/blog/sase/the-ztna-superpowers-in-prisma-access/)*for a look at the three ZTNA superpowers of Prisma Access.*

Organizations' IT infrastructures are complex. They have apps dispersed across private and public clouds, and many of their apps are non-web based. But the role-based, granular access component of ZTNA doesn't mean much if your users can't access applications wherever they are and however they're deployed - whether the applications live on the web or in on-premises data centers.

In the recently released report, The [Forrester New Wave™: Zero Trust Network Access, Q3 2021,](https://start.paloaltonetworks.com/ztna-new-wave-report) Forrester includes two important criteria for choosing ZTNA vendors deployment flexibility and security for both web-based and non-web applications.

Web-based applications are straightforward. They're the mainstay of most organizations' cloud infrastructure, whether private or public, and accessed via web browser. They include many of the familiar email exchanges like Gmail and Microsoft Outlook Web Access, as well as the browser-based versions of many collaboration tools like Slack and Zoom.

Non-web based applications are tricky, and they don't have the same access restrictions. These applications often include proprietary software running on corporate servers and can use proprietary protocols. For some environments, this includes corporate database systems, customer and inventory systems (like mainframes), remote access protocols like RDP and SSH, virtual desktop infrastructure (VDI), and communication tools using SIP/VoIP.

The challenge with non-web applications is that many software-defined, perimeter-based ZTNA solutions don't support access for these systems at all and require customers to retain a parallel VPN solution to provide secure remote access. For many ZTNA solutions that do provide secure remote access to on-premises applications, they don't inspect application traffic.

Organizations that can't implement uniform, role-based security policies to manage access and traffic for both web-based and on-premises applications are effectively undermining the whole intent behind ZTNA. ZTNA solutions that ignore on-premises applications enable these applications to bypass security inspection and create backdoors into their corporate networks.

Organizations want flexible deployment options to meet the demands of today's complex, hybrid environments, for three main reasons:

1. Cloud-based ZTNA solutions don't require adding on-premises or virtual private cloud infrastructure, like virtual machines.
2. An organization's business requirements may be better served with a self-hosted or hybrid ZTNA solution.
3. They may work with contractors or BYOD users who can't accept endpoint agents and need a clientless access method.

As [Forrester notes in their recent report](https://start.paloaltonetworks.com/ztna-new-wave-report), Prisma Access provides both deployment flexibility and security for both web- and non-web-based applications.

[Prisma Access](https://www.paloaltonetworks.com/sase/access) makes it easier for organizations to enable ZTNA with:

* A combination of deployment options, including self-hosted, SaaS, and via managed service provider (MSP)
* Client and clientless deployment
* Over 100 locations worldwide, with private tenants for traffic isolation; industry-leading SLAs for guaranteed availability and performance
* A single lightweight endpoint client for secure access to any application, anywhere
* Single pass, parallel processing technology that identifies all users, devices, and applications and scans all content for signs of credential compromise, threats (including zero-day), and data loss
* Realtime policy recommendations based on observed usage of the product, reducing policy sprawl and potential misconfigurations
* Comprehensive third party app integration and log forwarding for seamless integration into business process workflows
* Secure access to all RDP and VDI

Prisma Access can decrypt and inspect all web and non-web traffic regardless of protocol. And with seamless [Palo Alto Networks NGFW](https://www.paloaltonetworks.com/network-security/next-generation-firewall) policy integration, organizations can implement granular, role-based access control wherever their applications are located, extending corporate security policies to all users.

Prisma Access also ensures the best possible user experience, first by automatically determining the optimal path to any app, and then by leveraging fully-integrated [autonomous digital experience management](https://www.paloaltonetworks.com/sase/adem) (ADEM) for user experience monitoring.

No matter what type of applications are in your environment, Prisma Access enables a comprehensive approach to [ZTNA](https://www.paloaltonetworks.com/sase/ztna) by guaranteeing granular, identity-based and adaptive access control for all users, no matter where the users or apps are located.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Why ZTNA 1.0's Allow-and-Ignore Model Is a Recipe for Disaster](https://www2.paloaltonetworks.com/blog/2022/05/allow-and-ignore-model-is-a-recipe-for-disaster/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Access: ZTNA Done the Right Way](https://www2.paloaltonetworks.com/blog/2022/02/ztna-solution-done-the-right-way/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### 3 Common ZTNA Deployment Hurdles and How to Overcome Them](https://www2.paloaltonetworks.com/blog/sase/3-common-ztna-deployment-hurdles-and-how-to-overcome-them/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Improve Microsoft Teams Meeting Performance with ADEM](https://www2.paloaltonetworks.com/blog/sase/improve-microsoft-teams-meeting-performance-with-adem/)

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Study Reveals SASE-related Impact on Data Security](https://www2.paloaltonetworks.com/blog/sase/forrester-study-reveals-sase-related-impact-on-data-security/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Access Configures Cloud-Based and On-Prem Authentication](https://www2.paloaltonetworks.com/blog/sase/improve-cloud-based-on-prem-authentication-posture/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language