We Know Remote Access VPNs are a Pain
So we developed a better alternative for you.
VPN is a mismatch for cloud adoption and mobile users
Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.
But then things changed. Applications began moving to the cloud, a network the enterprise does not control. Users expect to seamlessly work off-network and from any device, anywhere. Remote access VPNs worked well in the network-centric world, but in the age of cloud and mobility, where there are virtual perimeters around the user, device, and application, they lack applicability.
Zero trust network access (ZTNA) is the ideal VPN alternative
Today, private application access is shifting away from network-centric approaches to a user- and app-centric approach. This has led to the increased popularity of “zero trust” and the adoption of zero trust network access (ZTNA) services. Also known as software-defined perimeters (SDPs), ZTNA enables secure access to private applications by establishing connectivity from user-to-application on a dynamic identity- and context-aware basis.
VPN: Traffic is backhauled to the data center making access painfully slow for the user, while repetitive logins and authentications leave users tired and frustrated.
ZTNA: ZTNA cloud-delivered services are designed for high availability, and deliver fast and seamless access to private apps, regardless of device, location, or application.
VPN: Providing application access requires placing users on the network, while also exposing network IPs to the internet via VPN concentrators listening for inbound pings.
ZTNA: With ZTNA, access to private apps no longer requires network access. Service-initiated ZTNA architectures use inside-out connections to make apps invisible to the internet.
VPN: Expensive inbound security stacks are replicated across multiple data center locations, each stack requiring management and configuration of manual and time-consuming ACL and FW policies.
ZTNA: ZTNA serves as an alternative to the inbound VPN gateway stack. Cloud-delivered ZTNA services make deployment simple and scalable, eliminating infrastructure overhead.
“By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA.”
Market Guide on Zero Trust Network Access Steve Riley, Neil MacDonald, Lawrence Orans, June 2020
Zscaler Private Access: A VPN alternative that delivers a zero trust model
Zscaler Private Access (ZPA) is a cloud-delivered, zero trust network access (ZTNA) service that provides secure access to all private applications, without the need for a remote access VPN. ZPA delivers a zero trust model by using the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced business policies to create a secure segment of one between an authorized user and a specific named application. ZPA’s unique service-initiated architecture, in which App Connector connects outbound to the ZPA Public Service Edge (formerly Zscaler Enforcement Node) makes both the network and applications invisible to the internet. This model creates an isolated environment around each application rather than the network. This eliminates lateral movement and opportunity for ransomware spreads.
1. ZPA Public Service Edge
- Hosted in cloud
- Used for authentication
- Customizable by admins
- Brokers a secure connection between the Client Connector and App Connector
2. Zscaler Client Connector (formerly Z App)
- Mobile client installed on devices
- Requests access to an app
3. App Connector
- Sits in front of apps in the datacenter, Azure, AWS, and other public cloud services
- Provides inside-out TLS 1.2 connections to broker
- Makes apps invisible to prevent DDoS attacks
The benefits of ZTNA as a VPN alternative
FAST, SEAMLESS USER EXPERIENCE
DECOUPLED APP ACCESS FROM NETWORK ACCESS
MICRO-SEGMENTED ACCESS TO PRIVATE APPS
SIMPLIFIED MANAGEMENT AND REDUCED COSTS
See how the largest business bank in Australia moved 80% of its customer service staff to a work-from-home environment in a matter of weeks.
See how CSM Bakery enabled seamless remote access to employees while empowering its IT team