Join Us for Zenith Live 2019 Learn More
Join Us for Zenith Live 2019 Learn More

Transforming the Enterprise

Register Now
Solutions > VPN Alternative

We know remote access VPNs are a pain

So we developed a better alternative for you.

Compare VPN vs. ZPA

A brief lesson in remote access VPN history

Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.

But then things changed. Applications began moving to the cloud, extending the perimeter to the internet. Users began using the cloud to work off-network and from any device, anywhere—usually without a VPN. Remote access VPNs worked well in the network-centric world, but in the age of cloud and mobility, application access needs to be independent of the network. It’s time to rethink the remote access VPN.

a diagram showing with a vpn, all remote user traffic is backhauled through the centralized data center security stack and returns

Why the software-defined perimeter is the ideal VPN alternative

Today, private application access is shifting away from network-centric approaches and enterprises have begun seeking a modern solution where users are never on the network and app access is granted on a least privilege basis. Because of this, many have turned to the software-defined perimeter (SDP). Built for the modern enterprise, this model enables secure access by exclusively connecting authorized users to specific private applications, without placing users on the network. Take a look at what this VPN alternative is bringing to enterprise environments.

User experience

Before

VPNs require frustrating authentication measures that force users to think about whether or not they need to use VPN to access certain applications.

After

SDPs are designed to deliver a faster and more seamless experience for all users, regardless of device, location, or application.

Security

Before

VPNs make it impossible to segment by application. In fact, providing private app access means giving the user full and lateral network access, creating a larger surface area of attack.

After

SDP completely decouples network access from application access, making micro-segmentation possible and creating a darknet for both network and apps via outbound only connections.

Complexity

Before

VPN appliances require ACLs and FW policies that are manual and time consuming. Appliance stacks must also be replicated across all data center locations, making them expensive to scale and difficult to manage.

After

Since SDPs rely solely on software, they are simple to deploy, they enable “set and forget” policies, and there are no physical or virtual appliances.

User experience

Before

VPNs require frustrating authentication measures that force users to think about whether or not they need to use VPN to access certain applications.

After

SDPs are designed to deliver a faster and more seamless experience for all users, regardless of device, location, or application.

Security

Before

VPNs make it impossible to segment by application. In fact, providing private app access means giving the user full and lateral network access, creating a larger surface area of attack.

After

SDP completely decouples network access from application access, making micro-segmentation possible and creating a darknet for both network and apps via outbound only connections.

Complexity

Before

VPN appliances require ACLs and FW policies that are manual and time consuming. Appliance stacks must also be replicated across all data center locations, making them expensive to scale and difficult to manage.

After

Since SDPs rely solely on software, they are simple to deploy, they enable “set and forget” policies, and there are no physical or virtual appliances.

The perimeter has extended to the internet,
so it’s time to replace the network-centric VPN

Zscaler Private Access (ZPA) is a cloud-based, software-defined service that provides secure access to all private applications, without the need for a remote access VPN. ZPA requires no appliances, but instead uses the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced policies to create a segment of one between an authorized user and a named application. The inside-out connectivity from App Connector to the Zscaler Enforcement Node makes both the network and applications invisible to the internet, creating an isolated environment around each application.

a flow chart showing ZEN sits btw the app and connector, brokering secure access from end-user to an application within the Zscaler cloud
1.  Zscaler Enforcement Node
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between the Z-App and App Connector
2.  Zscaler App
  • Mobile client installed on devices
  • Requests access to an app
3.  App Connector
  • Sits in front of apps in the datacenter, Azure, AWS, and other public cloud services
  • Provides inside-out TLS 1.2 connections to broker
  • Makes apps invisible to prevent DDoS attacks

The benefits of VPN replacement

icon showing vpn replacement improves remote user experience
Improves remote user experience
icon showing vpn replacement decouple application access from network access
Decouples application access from network access
icon showing vpn replacement eliminates complexity for administrators
Simplifies implementation and management
icon showing vpn replacement reduce cost so its better for the business
Reduces costs
TriMedX, a Healthcare Technology Management organization replaced their vpn with zpa and discovered the benefits of the sdp

TriMedX, a Healthcare Technology Management organization replaced their VPN with ZPA and discovered the benefits of the software-defined perimeter (SDP).

Watch Video

Aster Group UK a housing association replaced vpn and enabled seamless, secure application access for its internal and third-party users

See how Aster Group UK replaced its remote access VPN and enabled seamless, secure application access for its internal and third-party users.

Read the Story

Suggested Resources

Solution Brief

ZPA for VPN Retirement Solution Brief

Read the Solution Brief

Gartner Report

SDP, Gartner's Recommended Zero Trust Networking Project

Read Findings

Whitepaper

The Definitive Guide to Secure Remote Access

Read the Paper

Side-by-side comparison

VPN vs. ZPA

See the difference

It's time to retire your VPN for a better solution

See how easy life can be without VPN. Take ZPA for a test drive with our Free 7-day Hosted Demo.

Try ZPA for Free