Enhancing AWS Workload Security with Zscaler Zero Trust Cloud

This blog is co-authored by Gina McFarland, Solutions Architect, AWS

Introduction

As organizations scale their AWS environments across VPCs, accounts, and regions, maintaining consistent security policies becomes increasingly complex. Zscaler Zero Trust Cloud helps streamline policy management across your AWS infrastructure. It delivers the proven capabilities of Zscaler Cloud Connector - now as a fully managed, Zscaler-hosted service that brings Zero Trust security to every workload path: ingress, egress, and east-west.

Onboard Zero Trust Cloud in Less Than 10 Minutes

Zscaler Zero Trust Cloud secures workload-to-Internet and workload-to-workload traffic through the Zscaler Zero Trust Exchange, providing granular, context-aware control using familiar constructs like IPs, subnets, workload identities, Locations/Sub-locations, and AWS tags. The difference lies in the delivery: Zscaler now hosts and operates the service as a fully managed offering, eliminating the need to deploy or maintain connector appliances while ensuring continuous uptime, patching and scalability so your team can focus on outcomes, not infrastructure. The as-a-Service offering can be deployed in minutes.

What’s New in Zero Trust Cloud

Enhanced East-West Visibility and Control

Zero Trust Cloud now also adds new flexibility for managing how workloads communicate within AWS. By combining selective filtering with granular traffic forwarding, it complements AWS’s built-in protections to give teams better control over east-west flows across VPCs, accounts, and Regions - all without adding inspection overhead. Controls can be defined using IPs, ports, protocols, subnets, Locations/Sub-locations, or AWS tags (whichever best reflects your environment).

Ingress Support for Internet-Facing Workloads

For workloads that require inbound public access, Zero Trust Cloud now supports ingress connectivity. It works alongside AWS’s native networking and security controls to maintain stable, stateful connections for Internet-originated traffic - without introducing new inspection layers. This helps organizations maintain visibility and consistent routing for applications that must remain reachable from the public Internet, while continuing to apply full Zero Trust protection for any new, workload-initiated connections that egress through the Zscaler Zero Trust Exchange.

Solving Critical Workload Security Challenges

Secure Developer and AI Workloads

Protect dynamic build, test, and AI/ML environments with identity-aware policies that prevent data leaks and unauthorized access, without slowing down automation or compute pipelines.

Accelerate Cloud Migration

Separate network design from security policy to simplify migrations. With Zero Trust Cloud, protection follows the workload before, during, and after its move (without rebuilding firewall or routing rules) - and now without the need to deploy appliances.

Protect SAP and Other Mission-Critical Systems

Zscaler is the first and currently only partner to offer native in-built security for SAP through its integration with SAP Business Technology Platform. Zero Trust Cloud brings those same protections to cloud-hosted SAP deployments - safeguarding workload and integration traffic with consistent policy throughout migration and operation.

Simplified by Design

Zero Trust Cloud is built to reduce operational drag without compromising control:

• Zscaler-managed architecture: No appliances to deploy, patch, or scale.
• AWS-native integration: Works seamlessly with AWS networking services like AWS Transit Gateway and AWS Gateway Load Balancer for simplified steering.
• Identity-centric policy: Align security controls with AWS tags and workload context instead of static network parameters.
• Unified traffic coverage: Apply one consistent Zero Trust framework across Internet, internal, and hybrid flows.

The outcome: a smaller attack surface, simpler operations, and a faster path to cloud maturity.

Want to learn more?

Watch the Zero Trust Cloud Global Launch Event on demand to discover how Zscaler and AWS are redefining workload security for the cloud era. Click here to get started!