Third-party users, such as contractors and partners, often require access to enterprise’s internal applications, and this creates a dilemma for the security teams. The risk of extending access to partners is well documented, and enterprises have tried to mitigate this risk by requiring the use of remote access solutions, typically enabled by a traffic-forwarding client on the user device. However, in many cases, deploying a remote access client is not possible, as partners may not have the necessary device-level privileges to install one, or they may simply be unwilling to do so.
Imagine if you, as the IT decision-maker, could provide third-party users with a seamless experience when accessing internal applications, without requiring a client install on their devices? What if these users never connected to the data center network and visibility was limited to only those applications they were allowed by policy?
Introducing browser access
Browser access is new functionality in Zscaler Private Access (ZPA) that provides partners and BYOD users with secure access to internal web apps, without requiring a traffic-forwarding client on their devices. Users simply fire up their favorite web browser and securely access internal applications from any device. ZPA continues to enforce zero trust policies for existing internal applications by default.
Browser access is built on ZPA’s zero trust security architecture, which provides secure, fast, and seamless access to internal apps. Browser access leverages application segmentation, a key facet of ZPA that creates a segment of one between a named user and a named application. It means that partners are never brought on the network and the application is never exposed to the internet. ZPA admins can rely on the service for real-time visibility into user activity, identify users who access applications via browser access, and discover previously unknown apps.
Setting up an application for browser access in ZPA is simple. It just requires publishing an application-specific CNAME in the customer’s DNS zone. Once the CNAME is published, the web browser automatically redirects requests for that application to ZPA. Traditional VPN vendors require users to install Java-based clients in the web browser for accessing internal applications via web browser. However, any time the version of the Java client or web browser changes, it results in software incompatibility and users are left to grapple with the ensuing issues. ZPA’s browser access provides a superior user experience and is a truly clientless solution — it does not require a client or a browser extension to be installed in the web browser.
A zero trust architecture: how ZPA browser access works
Companies like Navigant Consulting, a multinational professional services firm, and Perdue Farms, the world’s largest producer of organic chicken, are already leveraging ZPA with browser access. Navigant uses it to provide zero trust access to its internal apps for internal employees and is exploring it for partner access as well. Employees at Perdue Farms use ZPA for a seamless and secure remote experience when accessing SAP from managed Google Chromebooks or personal devices (BYOD).
With browser access, zero trust access to your organization’s web applications for BYOD users and partners is now possible. I invite you to discover the power and simplicity of browser access with ZPA Interactive, a fully hosted ZPA environment that allows you to experience ZPA as an admin and as an end user.
Learn more at our webcast
On Wednesday, September 26, we will be hosting a webcast with our customer Navigant Consulting, titled “Three Ways Zero Trust Security Redefines Partner Access.” Join us to hear Navigant’s zero trust security story.
For technical details on ZPA browser access, feel free to check out our help portal.
- - - - -
Kunal Shah is a Principal Product Manager at Zscaler