Q&A: Vice President, Prisma SASE On Achieving Zero Trust, While Prioritizing The End User Experience 

Anupam Upadhyaya is the vice president for Prisma SASE at Palo Alto Networks. Palo Alto is a global leader in the SASE (Secure Access Service Edge) space, and the only vendor recognized by Gartner in the single vendor SASE, SSE, and SD-Wan Magic Quadrant. Prisma SASE incorporates Zero Trust Network Access (ZTNA), a cloud web gateway, CASB, SD-Wan, and remote browser isolation technologies.

Expert Insights recently reached out to the Prisma SASE team to get Upadhyaya’s insights on the future of the state of the ZTNA and broader SASE market today, and how organizations should prioritize for 2025 and beyond.

What are the biggest challenges facing organizations in the ZTNA space today and how are threats evolving?

With the ability to work from anywhere and applications being distributed across clouds and data centers, one of the biggest challenges for organizations today is ensuring secure access and a positive experience for their hybrid users.

If your users face issues when trying to access critical apps and cloud-based services, they will likely try to bypass security controls and therefore leave themselves vulnerable. Adding to this challenge, many users access business-critical applications through consumer browsers that, unfortunately, lack last mile DLP (Data Loss Prevention) and better web security, even with a VPN in place. Meanwhile, threat actors continue to evolve their attacks using AI and automation to bypass security and breach organizations.

For example, phishing continues to be the leading cause of a breach, and we’ve seen attackers using new and advanced techniques that make their phishing attempts more convincing and harder to detect, i.e. AI-generated phishing, Man-in-the-Middle phishing, SaaS-hosted phishing, and much more.

Finally, with users working from anywhere, many organizations may struggle with legacy infrastructure that lacks visibility and granular control over user activity.

How does Palo Alto Networks GlobalProtect help teams address these challenges?

Palo Alto Networks GlobalProtect is natively-integrated with our network security form factors, whether it be our NGFW or Prisma SASE platform, and extends consistent and best-in-class protection to all users across all apps, regardless of their location. 

Because it is natively-integrated into our network security platform, it works seamlessly with our Precision AI™ powered Cloud-Delivered Security Services who continuously inspect and secure all traffic in real-time, while performing continuous trust verification, and adaptive policy enforcement, all in a single platform. Additionally, Prisma Access Browser provides an added layer of protection that enforces last mile DLP and better web security controls directly in the browser, offering unparalleled protection for users.  

What are your top recommendations for CISOs in the process of looking for an enterprise ZTNA solution?

In order to achieve true zero trust, organizations must look for a solution that not only secures all of their users and all of their applications, but also a solution that delivers an exceptional end user experience. In order to be effective, security must act in real time and leverage the power of AI.

Furthermore, in order to deliver an exceptional user experience, you need a solution that has cloud scale, is resilient and can provide precise root cause analysis, from the user’s environment to the app, to resolve user to app performance issues faster and deliver exceptional user experiences.

Finally, all of this must be integrated into a unified platform that gives them a single pane of glass to enforce consistent policies and security throughout their network.

What trends do you expect to see in the enterprise VPN and ZTNA space in 2025?

With the explosion of users, apps, and devices everywhere, we expect organizations to be more keen on implementing true zero trust. Organizations who are expanding and moving to the cloud will likely start to transition away from traditional VPN solutions and adopt a solution that can meet the needs of their evolving environment.

There will be a focus on effectively integrating AI into security tools and an emphasis on making sure users everywhere, whether at home or in an office, are secure and receive an exceptional user experience.

Adopting secure enterprise browsers will be another forward-thinking step for organizations in 2025, enabling stronger security measures to protect against increasing threats.

In your view, what should organizations’ top VPN and ZTNA planning priorities for 2025 be?

Organizations should prioritize replacing legacy VPNs with a comprehensive, resilient, and scalable SASE solution that delivers true zero trust security, providing secure access to any app from any device or location.

An ideal solution should leverage a robust cloud architecture for near-perfect uptime and seamless service continuity. It must secure work across managed and unmanaged devices, browsers, support safe GenAI adoption, and offer comprehensive data protection.

Additionally, digital experience monitoring is crucial to optimize app performance, quickly remediate issues, and ensure a high-quality user experience. Ultimately, a best-in-class solution brings together best-in-class security and exceptional user experiences, meeting the evolving needs of the modern organization. 

Further reading

• Learn more about Prisma SASE. 
• Read our guide to the best enterprise VPNs. 
• Read our guide to the best ZTNA solutions.