Solutions > VPN Alternative

We Know Remote Access VPNs are a Pain

So we developed a better alternative for you.

VPN is a mismatch for cloud adoption and mobile users

Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.

But then things changed. Applications began moving to the cloud, a network the enterprise does not control. Users expect to seamlessly work off-network and from any device, anywhere. Remote access VPNs worked well in the network-centric world, but in the age of cloud and mobility, where there are virtual perimeters around the user, device, and application, they lack applicability.

a diagram showing with a vpn, all remote user traffic is backhauled through the centralized data center security stack and returns

Zero trust network access (ZTNA) is the ideal VPN alternative

Today, private application access is shifting away from network-centric approaches to a user- and app-centric approach. This has led to the increased popularity of “zero trust” and the adoption of zero trust network access (ZTNA) services. Also known as software-defined perimeters (SDPs), ZTNA enables secure access to private applications by establishing connectivity from user-to-application on a dynamic identity- and context-aware basis.

User experience

VPN: Traffic is backhauled to the data center making access painfully slow for the user, while repetitive logins and authentications leave users tired and frustrated.
ZTNA: ZTNA cloud-delivered services are designed for high availability, and deliver fast and seamless access to private apps, regardless of device, location, or application.

Security

VPN: Providing application access requires placing users on the network, while also exposing network IPs to the internet via VPN concentrators listening for inbound pings.
ZTNA: With ZTNA, access to private apps no longer requires network access. Service-initiated ZTNA architectures use inside-out connections to make apps invisible to the internet.

Complexity

VPN: Expensive inbound security stacks are replicated across multiple data center locations, each stack requiring management and configuration of manual and time-consuming ACL and FW policies.
ZTNA: ZTNA serves as an alternative to the inbound VPN gateway stack. Cloud-delivered ZTNA services make deployment simple and scalable, eliminating infrastructure overhead.

“By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA.”

Gartner
Market Guide on Zero Trust Network Access Steve Riley, Neil MacDonald, Lawrence Orans, June 2020

Zscaler Private Access: A VPN alternative that delivers a zero trust model

Zscaler Private Access (ZPA) is a cloud-delivered, zero trust network access (ZTNA) service that provides secure access to all private applications, without the need for a remote access VPN. ZPA delivers a zero trust model by using the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced business policies to create a secure segment of one between an authorized user and a specific named application. ZPA’s unique service-initiated architecture, in which App Connector connects outbound to the ZPA Public Service Edge (formerly Zscaler Enforcement Node) makes both the network and applications invisible to the internet. This model creates an isolated environment around each application rather than the network. This eliminates lateral movement and opportunity for ransomware spreads.

a flow chart showing ZEN sits btw the app and connector, brokering secure access from end-user to an application within the Zscaler cloud
1.  ZPA Public Service Edge
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between the Client Connector and App Connector
 
2.  Zscaler Client Connector (formerly Z App)
  • Mobile client installed on devices
  • Requests access to an app

 

3.  App Connector
  • Sits in front of apps in the datacenter, Azure, AWS, and other public cloud services
  • Provides inside-out TLS 1.2 connections to broker
  • Makes apps invisible to prevent DDoS attacks

The benefits of ZTNA as a VPN alternative

icon showing vpn replacement improves remote user experience
FAST, SEAMLESS USER EXPERIENCE
icon showing vpn replacement improves remote user experience
DECOUPLED APP ACCESS FROM NETWORK ACCESS
icon showing vpn replacement improves remote user experience
MICRO-SEGMENTED ACCESS TO PRIVATE APPS
icon showing vpn replacement improves remote user experience
SIMPLIFIED MANAGEMENT AND REDUCED COSTS
See how the largest business bank in Australia moved 80% of its customer service staff to a work-from-home environment in a matter of weeks.

See how the largest business bank in Australia moved 80% of its customer service staff to a work-from-home environment in a matter of weeks.

See how CSM Bakery enabled seamless remote access to employees while empowering its IT teams.

See how CSM Bakery enabled seamless remote access to employees while empowering its IT team

Suggested Resources

Solution Brief

ZPA for VPN Retirement Solution Brief

Gartner ZTNA Market Guide

Learn more about zero trust network access (ZTNA)

Whitepaper

The Definitive Guide to Secure Remote Access

Demo

Helping employees WFH with ZPA

It's time for an alternative to your VPN

See how you can give users the experience they want and get the security you need. Take ZPA for a test drive with our Free 7-day Hosted Demo.