Resources > Security Terms Glossary > What is Zero Trust Exchange

What is Zero Trust Exchange?

What is Zero Trust Exchange?

Today’s world is hyperconnected, dynamic, and widely distributed, which means that business is now taking place off trusted corporate networks and outside the traditional security perimeter. Applications are moving out of the data center and into the cloud, and users are connecting from everywhere, and on a variety of devices. IoT and OT traffic is growing exponentially and applications are communicating with other apps—in other clouds. It all means that the network connecting employees, applications, workloads, and devices has become, simply, the internet. The cloud and data centers have become destinations with the internet as the transport layer for enterprise traffic. 

But how do you secure a network that you don’t own and can’t control?

A cloud-native Zero Trust Exchange provides a platform of services for securing all enterprise traffic and routing it intelligently through the fastest channels. The Zero Trust Exchange is the foundation for secure digital transformation, delivering the agility, security, and experiences organizations need to move ahead.

Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be — a dynamically created, policy-based secure access service edge.
Gartner, The Future of Network Security Is in the Cloud; 30 August 2019

What are the five attributes of a cloud-native Zero Trust Exchange?

As we explore below, a Zero Trust Exchange is built around five core attributes designed to tackle today’s most challenging security, connectivity, and productivity challenges. Let’s take a closer look at each:


1. Zero attack surface

The first attribute of the Zero Trust Exchange is that it eliminates an organization’s attack surface. This contrasts with legacy security approaches in which firewalls expose your applications to the internet, which means unwanted users and bad actors can discover them. On the other hand, a Zero Trust Exchange makes apps invisible to everyone but those specifically authorized to use them.


2. Connect a user to an app, not a network

Unlike traditional VPNs and firewalls, a Zero Trust Exchange connects a user directly to an app, not a network, which is key to providing a fast experience. Direct connections eliminate the need to backhaul traffic through centralized security controls that add latency. Cloud apps are designed to be accessed directly.


3. Proxy architecture, not passthrough

Legacy security solutions cannot keep up with the demands of inspecting SSL/TLS-encrypted traffic, which is the vast majority of all traffic. Unlike a next-gen firewall, a proxy architecture is designed for full content inspection, including SSL at scale, for effective cyberthreat protection and data loss prevention.


4. Secure access service edge (SASE)

Gartner defines SASE (secure access service edge) as a model for supporting the digital enterprise's changing secure access needs. Essentially, SASE is the framework for securely connecting users and machines to applications and services when their locations may be anywhere. With the SASE-based Zero Trust Exchange, policy is enforced at the edge, and it’s distributed across data centers globally to deliver a fast and productive experience for users everywhere.


5. Multitenant architecture

Leading enterprise SaaS companies build their own multitenant clouds because they are necessary for delivering the performance and scalability required for digital transformation. VMs in a public cloud have the same limitations as hardware in the gateway. In order for a Zero Trust Exchange to meet the exponential needs of the new, interconnected world, it must be built on a multitenant cloud.


Why it’s time to adopt a Zero Trust Exchange model

Enterprise applications are rapidly moving to the cloud—and this isn’t slowing down anytime soon. Leveraging the cloud helps IT achieve greater agility across various initiatives, which directly translates to lower costs and faster innovation. Moreover, businesses are becoming increasingly reliant on internet destinations and external SaaS applications to support critical business needs. Additionally, internally managed applications are being moved to the public cloud, IaaS, or PaaS, to achieve even greater agility and accessibility. Caught amid this continuing shift are users who expect to seamlessly and securely access data and applications from any device, anywhere in the world.

The new reality is that securing on-prem corporate networks to protect users and data is irrelevant in a cloud-first, mobile world. Thus, a Zero Trust Exchange is the optimal framework for securely connecting users, devices, and applications using defined business policies and regardless of the network. Legacy security appliances are difficult to maintain, ineffective at inspecting encrypted traffic at scale, and often lead to poor user experiences and higher costs.

Because a Zero Trust Exchange is built upon a multitenant, distributed cloud architecture, it can easily deliver the security functionality needed to enable users, applications, and devices to safely and efficiently utilize authorized applications and services based on an organization’s business policies.  

Essentially, a Zero Trust Exchange weaves cloud-delivered security best practices to reduce risk by preventing threats and eliminating the attack surface, improve productivity with fast access to applications and low-latency collaboration tools, and cut costs through reduced and simplified infrastructure, lower dependence on private networks, and the elimination of stacks of point products. A Zero Trust Exchange provides:

    Secure internet and SaaS access 

    A Zero Trust Exchange provides real-time cyberthreat protection, data protection (DLP, CASB, CSPM), and secure local breakouts (secure, speedy, and direct-to-cloud connections for branch offices). Because it’s cloud-delivered, policies stay with users wherever they go for identical protection in the office, at home, or on the road. 


    Secure private app access without VPN

    With a Zero Trust Exchange, there is no need for a VPN, which can be slow and frustrating for users and can also be a target for attackers. With ZTE, zero trust security is applied to connections from office to data center and B2B customer application access.


    App segmentation without network segmentation

    With a Zero Trust Exchange, an enterprise can secure apps and workloads without the additional headache of network segmentation. Application segmentation, also known as microsegmentation, improves security by creating secure segments of one between a user and app, eliminating the risk of east-west movement and overprivileged access.  


    Improved user-to-app experience management

    In addition to water-tight security, a Zero Trust Exchange is built with user experience and performance in mind. With a ZTE, performance scores can be measured by user, app, and location—making it easier to identify and resolve device and network issues.

      Zscaler Cloud Security | Two-Minute Overview

      View Video
      Zscaler Cloud Security | Two-Minute Overview

      Zscaler SASE at a Glance (AAG)

      Read the AAG
      Solution brief: Zscaler SASE at a Glance (AAG)

      Securing Remote Work

      Read the eBook
      Securing Remote Work eBook

      Learn more about what a Zero Trust Exchange can do for you

      The Zscaler Zero Trust Exchange (ZTE) is a cloud-native platform that securely connects users, apps, and devices—using business policies—over any network, in any location. The Zscaler Zero Trust Exchange is the world’s largest security platform built for the cloud, enabling increased user productivity, reduced business risk, lower costs, and far less complexity.

      The Zscaler Zero Trust Exchange was built from the ground up to enable secure digital transformation so that organizations can become more agile and competitive in the modern digital era.

      Here are some additional resources to explore as you consider the Zero Trust Exchange to support your transformation journey:


      Additional Resources: