Products > Zscaler Private Access

The revolution in secure
remote access

Give your users the experience they want,
while getting the security that you need

Read the eBook

The challenge of incumbent remote access solutions

A data center mindset in a cloud-first era slows transformation

Enterprises are in the midst of a transformation. Security, once built upon the idea of the secure perimeter, has now changed, taking users direct to their apps. Networks leveraging the hub-and-spoke architecture are now leveraging the internet. But even given this transformation, enterprises have continued to rely on traditional solutions, like the remote access VPN, which are hosted in the data center.

Common pitfalls of incumbent remote access solutions
  • Poor user experience
  • Increased complexity for admins due to appliances
  • High costs to purchase and manage appliances
  • Increased risk with users on network
  • Inability to control access to specific apps
  • Lack of visibility into applications being accessed
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Zscaler Private Access

Secure remote access to internal applications, via cloud, not appliances

Zscaler Private Access (ZPA) is a cloud service from Zscaler that provides seamless and secure remote access to internal applications running in cloud or data center. The service delivers a cloud-like user experience, taking remote employees directly to the app vs. extending the network to them. Since the service is completely cloud based there are no gateway appliances necessary, which reduces both cost and complexity. Admins have full visibility into the applications running in their environment, as well as who and when they are being accessed. And policies hosted in the global Zscaler cloud determine which remote users have access to which specific applications.

Read the Solution Brief
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.
See Our Solution View the Challenge

Zscaler Private Access benefits

Transform with Zscaler.

Users receive better experience

Integrates with SSO and provides seamless direct-to-app remote user experience.

Less complexity for admins

Network admins can segment based on application from within the web UI. No need to segment by network. No IP address segmentation or access control lists required.

Secure remote access, without network access

Policy based access to apps, with no access to network. Visibility into apps being accessed by users and ability to discover and secure unsanctioned apps

Traffic remains private via internet network

Service uses dynamic, application specific TLS-based end to end encrypted tunnels. Enterprises can bring their own PKI as well.

No hardware appliances, lower costs

The cloud service requires no hardware. Enterprises can easily scale across multiple data centers with no need to purchase new appliances.

Scale elastically, reduce latency

The service uses the global Zscaler cloud to ramp up new users and route them to the app location nearest to them, leveraging a vast cloud network across multiple continents.

See how MAN Diesel & Turbo SE uses ZPA to provide zero-trust access to internal apps, at global scale.

Read Case Study

See how this e-commerce company replaced its remote access VPN and now provides a better experience, while improving security.

Read Case Study

Software-defined perimeter for secure remote access

The Zscaler Private Access (ZPA) service provides seamless and secure remote access to internal applications, regardless of where they exist, and without placing users on the corporate network. The cloud service requires no complex remote access VPN gateway appliances, and uses cloud-hosted policies to authenticate access and route traffic to the application located nearest the user. A true software-defined solution.

1.  Cloud Policy Engine
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between a Z-App and
    a Z-connector
2.  Z-App
  • Mobile client installed on devices
  • Requests access to an app
3.  Z-Connector
  • Sits in front of apps in Azure, AWS, and other public cloud services
  • Listens for access requests to apps
  • No inbound connections

Discover applications running within your environment

Zscaler Private Access uses Z-connectors, which sit in front of applications to identify user traffic flowing to all applications nearby. This enables admins to both identify previously undiscovered applications being used within their environment, and then apply granular, policy-based access controls to reduce Shadow IT while helping to ensure that admins remain in control of the environment.

Control which users access which applications

Zscaler Private Access enables application segmentation. This allows security admins to set policies for specific user groups and applications, as well as associated subdomains. Network admins do not have to segment by network.

1.  Create and define policy names
2.  Set different permissions levels for users and user groups
3.  Select the applications each policy is associated with
4.  Easily add new rules and policies for your users and applications from within the UI

Suggested Resources


Watch a demo of Zscaler Private Access

Watch Now 

Solution Brief

ZPA for Remote Access VPN Retirement

Read the Solution Brief 

Definitive Guide

Read The Definitive Guide To Secure Remote Access

Get the Guide