Solutions > ZPA for secure third-party access

It’s Time to Take your Partners off your Network

And give them segmented application access instead

Access is overextended when it comes to partners

Many enterprises have fallen victim to security breaches due to third-party partners. Whether they’ve been through stolen credentials or infected devices, the results are the same: costly security breaches that put the network at risk and allow sensitive data to be viewed without restraint.

With most remote access solutions, third-party partners are granted full network access. These overprivileged users introduce high risk to the enterprise, because you do not ultimately control your partners or the devices they use to connect to your network.

So how do you cultivate strong and productive partnerships while protecting your network and private applications?

diagram showing traditional vpn, where partner users and byod devices connect into the network and receive full and lateral network access

Partners need application access, so why introduce them to the network?

With increasingly dangerous security threats, it’s risky to extend full and lateral network access to your partners. But you do need to provide them with access to a subset of private applications. The solution is to be able to decouple application access from the network, while segmenting access based on individual users and apps, and the only way to achieve this is through zero trust network access (ZTNA) technology.

While most remote access solutions are network-centric, ZTNA focuses on providing secure connectivity between the user—employee, third-party partner, or contractor—and authorized enterprise applications, never the network. The result is micro-segmented access that maintains security while reducing risks stemming from overprivileged third-party access.

Security

Before: Third-party partners and contractors were given lateral network access, exposing the enterprise to unnecessary risk.
After: Zero trust access only gives partners access to authorized private applications, not the network.

Simplicity

Before: Remote access solutions required a client be downloaded on either a managed or personal device.
After: With browser access functionality, secure partner access is made seamless. Regardless of the device or location, a user can simply leverage a browser to gain access to authorized applications.

Visibility and Control

Before: With remote access solutions, visibility into partner activity was limited to IP address and port data.
After: ZTNA solutions deliver comprehensive visibility into all partner activity down to the user, device and named app level.

Eliminating third-party risk is easy with a zero trust network access (ZTNA) service

Zscaler Private Access is a ZTNA service that takes a user- and application-centric approach to network security. Whether a user is an employee, contractor, or third-party partner, ZPA ensures that only authorized users have access to specific internal applications without ever providing access to the network. Rather than relying on physical or virtual appliances, ZPA uses lightweight infrastructure-agnostic software, paired with browser access capabilities, to seamlessly connect all types of users to applications via inside-out connections that are stitched together within the Zscaler Security Cloud.

diagram showing zpa takes a user and application-centric approach to network security. SDP architecture leveraging Browser Access

Software-defined perimeter concept

1.  Browser Access Service
    • Redirects traffic to IDP for authentication
    • Removes need for client on device
    2.  ZPA Public Service Edge
    • Secures the user-to-app connection
    • Enforces all customized admin policies
    3.  App Connector
    • Sits in front of apps in the data center, Azure, AWS, and other public cloud services
    • Provides inside-out TLS 1.2 connections to broker
    • Makes apps invisible to prevent DDoS attacks
    NOV Logo

    “Instead of trying to create a Citrix for users to connect to the environment and
    then go to the internal registration site to register their second factor tokens, we
    just expose this to ZPA through the ZPA client-less access and that
    works phenomenally.”

    Casey Lee
    Director of IT Security, National Oilwell Varco

    Browser access enables secure partner access in minutes

    With ZPA browser access service, third-party partners and users gain secure application access without the need for a client. Partners no longer need to jump through hoops to access enterprise applications—they simply use their own device to effortlessly access the apps over the internet. The outcome is highly controlled partner access that allows users to connect to private applications from any device, any location, and at any time.

     

    Benefits
    • Seamless experience for partners and users
    • Secure app access from BYOD
    • Support for all internal web apps
    • Integrations with top IDPs
    a woman working on laptop enables secure partner access in minutes with zpa’s browser access
    CSM Bakery Solutions Logo

    Learn how CSM Bakery used ZTNA technology to enable secure private app access to thousands of users globally.

    Suggested Resources

    Solution Brief

    ZPA for Secure Third-party Access

    Gartner ZTNA Market Guide

    Learn more about zero trust network access (ZTNA)

    Webcast

    Three Ways Zero Trust Security Redefines Partner Access

    Demo

    Take ZPA for a Test Drive