New Innovations to Zero Trust Cloud : The Simplest Way to Secure Every Workload, Everywhere

The Architectural Shift: Simplifying Multi-Cloud Security with Zero Trust

Today, we are fundamentally simplifying cloud workload security. We are excited to announce major innovations to the Zscaler Zero Trust Cloud, designed to be the simplest and most effective way to connect and secure every workload across any cloud.

This isn't about adding another virtual appliance. It's an architectural shift. By decoupling security from the network, we apply a consistent, proxy-based Zero Trust model to all workload traffic—internal (east-west), internet-facing (ingress), private network connectivity, outbound (egress) and microflows. This architecture brokers every connection based on identity and policy, which drastically reduces the attack surface, prevents lateral threat movement, and slashes operational overhead.

Let's dive into the technical details of what's new.

One platform to Secure All Workload Traffic

Our platform now provides unified security and connectivity for every path your cloud workloads take.

1. Securing All East-West Traffic in the Cloud

One of the most significant security challenges in a distributed environment is securing communication between workloads. Your web application in an AWS VPC needs to talk to a business application in another VPC, which in turn needs to connect to a database in yet another VPC.

The old way involved a complex web of VPNs, gateways, and meticulously crafted firewall rules—a process that is slow, error-prone, and creates countless potential entry points.

Our approach brokers every connection through the Zero Trust Cloud Policy engine, enabling secure east-west traffic through a single policy framework. This includes protecting traffic flowing between workloads in the same cloud regions (e.g., VPC-to-VPC or VNet-to-VNet). By enforcing identity-based segmentation, we ensure that workloads can only communicate with other explicitly authorized workloads, effectively eliminating the internal attack surface.

Watch the video: Secure East-West Traffic [3 Minutes]

2. Securing Private Network Connectivity

Organizations often establish private links like AWS Direct Connect or Azure ExpressRoute to connect clouds to each other or back to an on-premises data center. This may be required for multi-tiered applications (e.g., web tier in the cloud, database on-prem) or to backhaul cloud traffic for security inspection.

The Zscaler Zero Trust Cloud now extends its zero trust architecture to secure traffic over these private links. AWS Direct Connect is available now, with support for Azure ExpressRoute and GCP Interconnect coming soon.

3. Protecting Internet-Facing Workloads (Ingress Traffic)

Your public-facing applications are your digital front door and a prime target for attack. The Zero Trust Cloud  now extends its powerful protection to ingress traffic.

Instead of just passing traffic to your workloads, we terminate every inbound connection at our Gateway or Cloud Connector,  and check for access controls. This means we can enforce critical security controls—shielding applications from attacks, before a connection ever reaches your VPC or VNet. This ensures only legitimate traffic is allowed, creating an active defense for your critical applications.

Watch the video: Secure Ingress Traffic [3 Minutes]

4. Stop Lateral Threat Movement with Cloud-Native Microsegmentation

As you migrate mission-critical applications to the cloud, the need to microsegment workloads to meet regulatory requirements and reduce the blast radius becomes paramount. However, traditional network-based segmentation using security groups and ACLs is complex, static, and breaks down in dynamic cloud-native environments.

To support these modern architectures, we have extended our microsegmentation capabilities to containerized environments. Support for visibility into containers resources is available in Amazon Elastic Kubernetes Service (EKS) today. The Zero Trust Cloud solution enables customers to have full resource visibility at the cloud region level including VPCs/VNets, subnets, EC2/VMs, cloud metadata, and more.

Ultimately, this allows you to achieve true workload isolation and contain threats instantly, whether your applications are running on VMs or in containers, all from a single policy framework.

Solving Your Most Critical Workload Security Challenges

These new capabilities are not just features; they are solutions to the most pressing problems facing cloud and security teams today.

• Protect AI powered software development like Devin or Cursor without slowing down innovation. 

• Eliminate security silos across AWS, Azure, and GCP with a single policy framework. 

• Use microsegmentation to isolate critical apps (like Oracle) and contain breaches instantly. 

• De-risk "lift and shift" projects (like SAP migration to cloud) by decoupling security from the network

The Future of Workload Security is Zero Trust

The era of building digital castles and moats is over. In a world of distributed workloads and boundless perimeters, the only viable path forward is Zero Trust. With these new innovations, the Zscaler Zero Trust Cloud provides the most comprehensive and simplest platform to connect and protect every workload, on any cloud, across every traffic path.

Ready to eliminate cloud security complexity? Request a personalized demo to see how you can simplify your cloud security today.