Watch a detailed rundown of the essentials of successful zero trust architecture with Nathan Howe, VP of Emerging Technologies at Zscaler.
- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Success Stories Hear first-hand transformation stories
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Products & Solutions
- Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your OT and IoT Provide zero trust connectivity for OT and IoT devices and secure remote access to OT systems.
- Products Transform your organization with 100% cloud-native services
- Solutions Propel your business with zero trust solutions that secure and connect your resources
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possibleGet StartedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow DeploymentGet StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Platform
- Platform Overview Unified platform for transformation
- Capabilities Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformationLearn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant LeaderRead ReportZscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE) New Positioned Highest in the Ability to Execute
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Security Assessment Toolkit Analyze your environment to see where you could be exposed
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
- Ransomware ROI Calculator Assess the ROI of ransomware risk reduction
- Training and Certifications Engaging learning experiences, live training, and certifications
- Customer Success Center Quickly connect to resources to accelerate your transformation
- Customer Success Stories Hear first-hand transformation stories
![Customer success center]( "Customer success center")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
- Events Upcoming opportunities to meet with Zscaler
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, photos, logos, and other brand assets
- News and Press Zscaler in the news
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
-
What Is Zero Trust Architecture? Zero trust architecture is a security architecture built to reduce a network's attack surface, prevent lateral movement of threats, and lower the risk of a data breach based on the core tenets of the zero trust security model. Such a model puts aside the traditional "network perimeter"—inside of which all devices and users are trusted and given broad permissions—in favor of least-privilege access controls, granular microsegmentation, and multifactor authentication (MFA).
Zero Trust Architecture and Zero Trust Network Access—What’s the Difference?
Before we examine zero trust architecture in more detail, let's distinguish between these two interrelated terms:
- A zero trust architecture (ZTA) is a design that supports zero trust principles, such as airtight access management, strict device and user authentication, and strong segmentation. It’s distinct from, and in many ways designed to replace, a “castle and moat” architecture, which trusts anything inside by default.
- Zero trust network access (ZTNA) is a zero trust use case that offers users secure access to applications and data when the users, apps, or data may not be inside a traditional security perimeter, which has become increasingly common in the age of the cloud and hybrid work.
To put the two together, a zero trust architecture provides the foundation organizations need to deliver ZTNA and make their systems, services, APIs, data, and processes accessible from anywhere, at any time, and from any device.
Understanding the Need for Zero Trust Architecture
For the last three decades or so, organizations have been building and reconfiguring complex, wide-area hub-and-spoke networks. In such an environment, users and branches connect to the data center by way of private connections. To access applications they need, the users have to be on the network.
Hub-and-spoke networks are secured with stacks of appliances such as VPNs and firewalls, using an architecture known as castle-and-moat network security. This approach served organizations well when their applications resided in their data centers, but now—with the rise of cloud services, emerging technologies, and rising security concerns—it’s slowing them down.
Today, organizations are driving digital transformation. They’re embracing the cloud, mobility, AI, the internet of things (IoT), and operational technology (OT) to become more agile and competitive. Users are everywhere, and organizations’ data no longer sits exclusively in their data centers. To collaborate and stay productive, users want direct access to apps from anywhere, at any time.
Routing traffic back to the data center to securely reach applications in the cloud doesn’t make sense anymore. That’s why organizations are moving away from the hub-and-spoke network model in favor of one that offers direct connectivity to the cloud: a zero trust architecture.
This video gives a simple yet detailed rundown of secure digital transformation.
How Zero Trust Architecture Works
Zero trust begins with the assumption that everything on the network is hostile or compromised, and access to an application is only granted after user identity, device posture, and business context have been verified and policy checks enforced. In this model, all traffic must be logged and inspected – requiring a degree of visibility that traditional security controls can’t achieve.
A true zero trust approach minimizes your organization’s attack surface, prevents lateral movement of threats, and lowers the risk of a breach. It’s best implemented with a proxy-based architecture that connects users directly to applications instead of the network, enabling further controls to be applied before connections are permitted or blocked.
To ensure no implicit trust is ever granted, a successful zero trust architecture subjects every connection to a series of controls before establishing a connection. This is a three-step process:
- Verify identity and context. Once the user/device, workload, or IoT/OT device requests a connection, irrespective of the underlying network, the zero trust architecture first terminates the connection and verifies identity and context by understanding the “who, what, and where” of the request.
- Control risk. Once the identity and context of the requesting entity are verified and segmentation rules are applied, the zero trust architecture evaluates the risk associated with the connection request and inspects the traffic for cyberthreats and sensitive data.
- Enforce policy. Finally, a risk score is computed for the user, workload, or device to determine whether it’s allowed or restricted. If the entity is allowed, the zero trust architecture establishes a secure connection to the internet, SaaS app, or IaaS/PaaS environment.
Benefits of Zero Trust Architecture
A zero trust architecture provides the precise, contextual user access you need to run at the speed of modern business while protecting your users and data from malware and other cyberattacks. As the bedrock of ZTNA, an effective zero trust architecture helps you:
- Grant safe, fast access to data and applications for remote workers, including employees and partners, wherever they are, improving the user experience
- Provide reliable remote access as well as manage and enforce security policy more easily and consistently than you can with legacy technology like VPNs
- Protect sensitive data and apps—on-premises or in a cloud environment, in transit or at rest—with tight security controls, including encryption, authentication, health checks, and more
- Stop insider threats by no longer granting default, implicit trust to any user or device inside your network perimeter
- Restrict lateral movement with granular access policies down to the resource level, reducing the likelihood of a breach
- Detect, respond to, and recover from successful breaches more quickly and effectively to mitigate their impact
- Gain deeper visibility into the what, when, how, and where of users’ and entities’ activities with detailed monitoring and logging of sessions and actions taken
- Assess your risk in real time with detailed authentication logs, device and resource health checks, user and entity behavior analytics, and more
(Adapted from “Implementing a Zero Trust Architecture,” a National Institute of Standards and Technology [NIST] Special Publication)
One True Zero Trust Architecture: The Zscaler Zero Trust Exchange
The Zscaler Zero Trust Exchange™ is an integrated, cloud native platform founded on the principle of least-privileged access and the idea that no user, workload, or device is inherently trustworthy. Instead, the platform grants access based on identity and context such as device type, location, application and content to broker a secure connection between a user, workload, or device—over any network, from anywhere, based on business policy.
The Zero Trust Exchange helps your organization:
- Eliminate the internet attack surface and lateral movement of threats. User traffic never touches your network. Instead, users connect directly to applications through one-to-one encrypted tunnels, preventing discovery and targeted attacks.
- Improve the user experience. Unlike static, legacy network architectures with a “front door” that backhauls data to processing centers, the Zero Trust Exchange intelligently manages and optimizes direct connections to any cloud or internet destination and enforces adaptive policies and protections inline at the edge, as close to the user as possible.
- Seamlessly integrate with leading cloud, identity, endpoint protection, and SecOps providers. Our holistic platform combines core security functions (e.g., SWG, DLP, CASB, firewall, sandboxing) with emerging technologies like browser isolation, digital experience monitoring, and ZTNA for a full-featured cloud security stack.
- Reduce costs and complexity. The Zero Trust Exchange is simple to deploy and manage, with no need for VPNs or complex network perimeter firewall policies.
- Deliver consistent security at scale. Zscaler operates the world’s largest security cloud, distributed across more than 150 data centers worldwide, processing more than 240 billion transactions at peak periods and preventing 8.4 billion threats every day.
Ready to experience true zero trust? Learn more about the Zscaler Zero Trust Exchange.
Suggested Resources
-
Seven Elements of Highly Successful Zero Trust Architecture
Get the ebook -
Why Firewalls Cannot Do Zero Trust
Watch on demand -
A Brief History of Zero Trust: Major Milestones in Rethinking Enterprise Security
Get the white paper -
Zero Trust Adoption Report | Cybersecurity Insiders
Get the full report -
What Is Zero Trust?
Learn more -
Gartner Market Guide for Zero Trust Network Access
Get the full report