Zscaler
https://www.zscaler.com
The (Zscaler) approach is more secure than VPN because it reduces the potential attack surface, while it also doesn't require hardware infrastructure.
Providing secure access to private, internal applications has always required compromise. You have to balance your often legally-required security with the business requirement for remote access. And for over a decade, the answer has been the VPN.
The problem is that a VPN — a virtual private network — is still a network. Hidden malware on a trusted user’s device can wreak havoc to internal applications. Third parties can (and have) snagged user credentials and run amok. And worst of all, VPNs – like any network – are complicated to set up, difficult to change, and expensive. There has to be a better way. Now there is.
Zscaler’s market-leading Cloud Security Platform has been winning accolades and customers for years, providing security with robust centralized policy management and uber-fast global enforcement. The same Zscaler App that you use to access the Zscaler security platform can now also enable authorized users to access private, internal applications, regardless of where the user is located or where the application resides.
Zscaler Private Access works by decoupling your applications from the network. When an authorized user requests an internal application, the Zscaler policy engine enables a lightweight, application layer-based tunnel through the Zscaler cloud. If you try to route back to the asset, you won’t be able to find it. Because there is no direct connection between the user and the asset, malware has nowhere to go. Because the tunnel is encrypted, the traffic remains hidden from prying eyes. And if users aren't authorized to access an application, they can't even see it.
Because it is name or domain-based, Zscaler Private Access also offers an unexpected benefit – app discovery. By provisioning a ZEN Connector in front of your applications – wherever they are – and enabling wildcard app access, you’ll get an accurate mapping with the first user request. Then you can build the granular access policy around your apps without pre-provisioning policy.
Replace your legacy VPNs
Move your internal apps to the cloud
Provide app-specific access to business partners & contractors
VPNs have provided a well-understood mechanism for site-to-site and remote access for over a decade. As your network has grown and changed, it has largely done so around this infrastructure. The result is a complicated tangle of NATing, Access Control Lists, over-provisioned client software in case of emergency, and more. You’ve deployed data centers around the world, and then re-provisioned them for high availability. You’ve installed load balancers to give users the best experience, and maybe even global load balancers for disaster recovery. It is complicated, it’s expensive, and it’s static.
With Zscaler Private Access, you can phase your VPNs out on your schedule, while providing user-based access to specific applications. Zscaler Private Access dynamically provisions user access without touching the network, so complexity is replaced with flexibility. If an application is located in different places, the user is automatically routed to the site that delivers the best performance. And because the solution monitors application health, users will always get the best performance.
Enterprise agility and flexibility have been buzzwords for years. Distilled to their essence, these phrases simply mean that IT should be able to mirror the business. Historically, this has meant moves to the cloud, which are difficult or impossible when your assets are anchored to a network.
With Zscaler Private Access, you can move from the datacenter into Amazon Web Services, Microsoft Azure, or Google Cloud Platform without having to worry about specific cutover periods, site-to-site VPNs from your datacenter to the cloud, or awkward user traffic trombones. If you have instances of an application in the cloud and in the datacenter, Zscaler Private Access will automatically direct the Z App and Connector to set up the tunnel to deliver the best performance. Need to spin up another instance of your application? Simple – just spin up another Connector. The lightweight software takes only seconds to come up.
Third party access to internal apps has always struck fear into the hearts of IT, and, as we’ve seen from recent headlines about security breaches, for good reason. Contractors and partners require access to private, internal applications to do the work that you are paying them to do. But their security stance, their device, and their environment are complete unknowns.
With Zscaler Private Access, you don’t need to worry. You can provision policy that enables a contractor to see the application that you want them to access, and only that application. Unbeknownst to them, however, they aren’t really connected to the application itself, so even if they want to do mischief, they can’t. They cannot roam around, either, because users can only see the assets that you have specifically provisioned their access to.
Third party access between companies, such as business partners or those in a merger/acquisition can be even more complex, thanks to the fact that one group typically doesn’t want ALL of the other group’s users to see ALL of their internal applications. And because the use of identical internal IP addressing is common, you’ll need NAT rules and ACLs. But with Zscaler Private Access, the solution is as simple as it is for single remote user. Just provision access by user or group to the specific applications that they should see.
Zscaler is able to offer this revolutionary, cloud-based technology because we were born in the cloud, and all of our development has taken place there, for years.
Equally important, Zscaler understands security. Existing Zscaler customers will get the benefit of best-in-class integrated security functionality for Internet traffic, as well as secure, private access to all internal apps. All from the same Zscaler App your users probably already have.
Zscaler Private Access lets you take the network out of the remote access equation, so you can:
