Solutions > VPN Alternative

We Know Remote Access VPNs are a Pain

So we developed a better alternative for you.

Compare VPN vs. ZPA

VPN is a mismatch for cloud adoption and mobile users

Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.

But then things changed. Applications began moving to the cloud, a network the enterprise does not control. Users expect to seamlessly work off-network and from any device, anywhere. Remote access VPNs worked well in the network-centric world, but in the age of cloud and mobility, where there are virtual perimeters around the user, device, and application, they lack applicability.

a diagram showing with a vpn, all remote user traffic is backhauled through the centralized data center security stack and returns

Zero trust network access (ZTNA) is the ideal VPN alternative

Today, private application access is shifting away from network-centric approaches to a user- and app-centric approach. This has led to the increased popularity of “zero trust” and the adoption of zero trust network access (ZTNA) services. Also known as software-defined perimeters (SDPs), ZTNA enables secure access to private applications by establishing connectivity from user-to-application on a dynamic identity- and context-aware basis.

ZTNA differs from VPN in three key ways:

User experience

VPN

Traffic is backhauled to the data center making access painfully slow for the user, while repetitive logins and authentications leave users tired and frustrated.

ZTNA

ZTNA cloud-delivered services are designed for high availability, and deliver fast and seamless access to private apps, regardless of device, location, or application.

Security

VPN

Providing application access requires placing users on the network, while also exposing network IPs to the internet via VPN concentrators listening for inbound pings.

ZTNA

With ZTNA, access to private apps no longer requires network access. Service-initiated ZTNA architectures use inside-out connections to make apps invisible to the internet.

Complexity

VPN

Expensive inbound security stacks are replicated across multiple data center locations, each stack requiring management and configuration of manual and time-consuming ACL and FW policies.

ZTNA

ZTNA serves as an alternative to the inbound VPN gateway stack. Cloud-delivered ZTNA services make deployment simple and scalable, eliminating infrastructure overhead.

User experience

VPN

Traffic is backhauled to the data center making access painfully slow for the user, while repetitive logins and authentications leave users tired and frustrated.

ZTNA

ZTNA cloud-delivered services are designed for high availability, and deliver fast and seamless access to private apps, regardless of device, location, or application.

Security

VPN

Providing application access requires placing users on the network, while also exposing network IPs to the internet via VPN concentrators listening for inbound pings.

ZTNA

With ZTNA, access to private apps no longer requires network access. Service-initiated ZTNA architectures use inside-out connections to make apps invisible to the internet.

Complexity

VPN

Expensive inbound security stacks are replicated across multiple data center locations, each stack requiring management and configuration of manual and time-consuming ACL and FW policies.

ZTNA

ZTNA serves as an alternative to the inbound VPN gateway stack. Cloud-delivered ZTNA services make deployment simple and scalable, eliminating infrastructure overhead.

“By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA.”

Gartner
Market Guide on Zero Trust Network Access Steve Riley, Neil MacDonald, Lawrence Orans, June 2020

Zscaler Private Access: A VPN alternative that delivers a zero trust model

Zscaler Private Access (ZPA) is a cloud-delivered, zero trust network access (ZTNA) service that provides secure access to all private applications, without the need for a remote access VPN. ZPA delivers a zero trust model by using the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced business policies to create a secure segment of one between an authorized user and a specific named application. ZPA’s unique service-initiated architecture, in which App Connector connects outbound to the ZPA Public Service Edge (formerly Zscaler Enforcement Node) makes both the network and applications invisible to the internet. This model creates an isolated environment around each application rather than the network. This eliminates lateral movement and opportunity for ransomware spreads.

a flow chart showing ZEN sits btw the app and connector, brokering secure access from end-user to an application within the Zscaler cloud
1.  ZPA Public Service Edge
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between the Client Connector and App Connector
2.  Zscaler Client Connector (formerly Z App)
  • Mobile client installed on devices
  • Requests access to an app
3.  App Connector
  • Sits in front of apps in the datacenter, Azure, AWS, and other public cloud services
  • Provides inside-out TLS 1.2 connections to broker
  • Makes apps invisible to prevent DDoS attacks

The benefits of ZTNA as a VPN alternative

icon showing vpn replacement improves remote user experience
FAST, SEAMLESS USER EXPERIENCE
icon showing vpn replacement DECOUPLED APP ACCESS FROM NETWORK ACCESS
DECOUPLED APP ACCESS FROM NETWORK ACCESS
icon showing vpn replacement MICRO-SEGMENTED ACCESS TO PRIVATE APPS
MICRO-SEGMENTED ACCESS TO PRIVATE APPS
icon showing vpn replacement DECOUPLED APP ACCESS FROM NETWORK ACCESS
SIMPLIFIED MANAGEMENT AND REDUCED COSTS
See how the largest business bank in Australia moved 80% of its customer service staff to a work-from-home environment in a matter of weeks.

See how the largest business bank in Australia moved 80% of its customer service staff to a work-from-home environment in a matter of weeks.

Watch Video

See how CSM Bakery enabled seamless remote access to employees while empowering its IT teams.

See how CSM Bakery enabled seamless remote access to employees while empowering its IT teams.

Watch Video

Suggested resources

Solution Brief

ZPA for VPN Retirement Solution Brief

Read the Solution Brief

Gartner ZTNA Market Guide

Learn more about zero trust network access (ZTNA)

Read the Guide

Whitepaper

The Definitive Guide to Secure Remote Access

Read the Paper

Demo

Helping employees WFH with ZPA

Watch the Demo

It's time for an alternative to your VPN

See how you can give users the experience they want and get the security you need. Take ZPA for a test drive with our Free 7-day Hosted Demo.

Try ZPA for Free