Bring the Power of ZTNA On-Premises
ZPA Private Service Edge enables least-privilege access to private
apps without the complexity of network segmentation

Excessive trust of office users creates risk
Private applications are the heart of every enterprise, which is why it’s critical to ensure secure access to them. The problem is that users sitting at headquarters or a branch office are often inherently “trusted” by the network and security team. This trust leaves the organization exposed to risk—you need to be able to limit trust.
The challenge of providing ZTNA for office users

Network segmentation is complex
Defining segments and using internal firewalls can be complex and time-consuming, even for simple tasks

Overprivileged access is risky
Connecting a user to a data center network leads to additional security concerns

Your workforce requires different access levels
Your users include local and remote employees as well as third-party users

Local users want local access
If a user at HQ needs access to an app in the local data center, it may not make sense to go out to a cloud ZTNA service
ZTNA has gone local with ZPA Private Service Edge
Zero trust network access (ZTNA) services provide secure access to internal applications based on user-to-hostname policies. But most services are limited to your remote users.
Now, our cloud-delivered ZTNA service, Zscaler Private Access (ZPA), can be extended to your data center or public cloud edge with ZPA Private Service Edge.
ZPA Private Service Edge provides a simpler way to enable secure access to private apps and enables an identical experience for local or remote users accessing apps in the data center or cloud.

What ZPA Private Service Edge means for you

Simplified segmentation
“User-to-hostname” policies allow you to move away from “Source IP-to-destination IP” firewall rules

Protection for private apps
Create 1:1 connections between an authorized user and a specific private app to minimize lateral movement

Streamlined compliance
Comply with any regulations that prevent the use of cloud-hosted technology

Fast user experience
User seamlessly connects through the local ZTNA service, optimizing performance

We’ve been using ZPA since 2018 as a VPN alternative. When we heard about ZPA Private Service Edge, we realized that we could extend the zero trust access capabilities of the public ZPA cloud with software that can run in our own network. We’re now able to better protect our business-critical private apps, and deliver the best user experience possible, by using our ZPA Private Service Edge that runs on-premises, but is managed by Zscaler.
Nicholas Pandola
Global Director Information Security
Preparing for the Reopen: What ZPA Brings to Security, User Experience, and Compliance
Build a strategy to bring users back to the office. Learn from experts on how to combat risk, as well as secure local connections for evolved application access anywhere, with ZTNA.
