Just the news: Experience the future of zero trust at 10am PT / 1pm ET during our Zero Trust Live virtual event, also available in EMEA and APAC and Japan friendly timezones, or access key resources here.
What’s next for the workplace? It’s clear for many employees the era of five-days-per-week in the office is over. A hybrid workforce is the future for digital enterprises who want to retain and attract the best talent from an expanded global pool - where flexibility and time shifting, from any location, are the norm, not the exception.
The rise of Security Service Edge (SSE) frameworks, and Zero Trust Network Access (ZTNA) within it, has charted a path for progressive IT and security leaders to retire their legacy VPNs and firewalls for a fundamentally better approach to supporting this new reality, delivering what many thought was impossible to achieve: superior security with an exceptional user experience.
First-generation ZTNA: Revolutionizing remote access beyond legacy VPNs and firewalls
When we invented first-generation ZTNA, the problem space was clear: VPNs were too slow, too risky, and everyone hated the experience of using them. Backhauling traffic to a data center that was becoming more and more irrelevant no longer made sense, exposing apps (and VPNs themselves) to the internet opened up a massive attack surface, and putting users on the network allowed unconstrained lateral movement. First-generation ZTNA changed all this with fast, secure, and direct user-to-app segmentation built on identity and policy, including:
- Least-privileged access: Granting access with zero trust policies ensured only the right users could access the right apps.
- Minimized attack surface: Eliminating exposed VPNs and making apps invisible to the internet made them impossible to attack.
- Lateral movement prevention: Connecting users directly to apps, not the network, in a segment of one, prevented adversaries from moving laterally to progress their attack.
With ZTNA’s foundational benefits compounded by the pandemic, Gartner predicts that by 2025, 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021. However, simply being better than three decades old technology isn’t nearly good enough. The massive adoption of ZTNA over the past 24 months has brought forth a new problem space that needs to be solved: what happens when the very tenets of identity have been subverted by an advanced attacker or insider threat? These threats loom even larger in a hybrid environment: consider a recent study from Stanford University that showed that 88% of breaches are caused by human error, and that 57% of remote workers admit they are more distracted when working from home.
We are grateful for having the trust of our customers across their zero trust transformation journeys, which has allowed us to listen to their needs, learn directly from them as well as other leaders across the industry, and synthesize this insight into a reinvention of both ZTNA and SSE.
Introducing next-gen ZTNA: Stop compromised users and the most sophisticated cyberattacks
With this release, we are extending our Zero Trust Exchange with three industry-first innovations to stop cyberattacks resulting from compromised users and insider threats, and expanding the scope of zero trust across new areas of the enterprise, including:
- Safeguarding private apps from compromised users: Extending Zscaler’s inline inspection framework to private app traffic to stop advanced attackers from exploiting the most critical web application security vulnerabilities (e.g., OWASP top 10).
- Enhancing lateral movement detection to stop breaches: Native app deception intercepts the most advanced adversaries and prevents lateral movement with built-in decoys and automated containment across the Zero Trust Exchange and third-party security operations tools.
- Reducing the attack surface of privileged users: Enhanced agentless access with RDP/SSH support simplifies troubleshooting of industrial systems and private apps from unmanaged devices while eliminating lateral movement and replacing burdensome VDIs.
Together, these innovations evolve ZTNA into the next generation of the category, delivering an extensible architecture to connect, segment, and protect private apps so they can be accessed by any user, on any device, and from any location. It’s a future-proof approach that can help you begin—or extend—your journey to achieve both zero trust and a secure hybrid workforce.
These new capabilities, available as part of Zscaler Private Access, bring zero trust network access into an even more secure future. Matt Ramberg, Vice President of Information Security at Sanmina, shared that the new capabilities helped him “enable remote access [and] spot potentially malicious activity, [saving] us time and headaches. It’s easy having visibility and control we need in a single place as there is no context-switching.”
As a leader in the 2022 Gartner MQ for SSE, positioned furthest in Ability to Execute, and the inventors of the ZTNA category, we helped spark the revolution to switch from traditional network security architectures that no longer support the needs of today’s cloud and mobile-first organizations.
I invite all of you to join us in the zero trust revolution. Be sure to attend Zero Trust Live, or watch it on-demand, to hear directly from leaders at Salesforce, Humana, Guaranteed Rate, NTT DATA, Fannie Mae, Crowdstrike, and Okta. You can also learn more about the cutting-edge capabilities that allow the Zero Trust Exchange to deliver the world’s only next-gen ZTNA offering in our resource center and press release.