Security Overlay Network for Ultimate Security
by Mark Snodgrass
Volatile corporate environments with a high number of mergers and acquisitions, with outsourced
operations or with a significant number of contract staff are challenging companies to provide remote
access to private corporate applications in a safe and secure manner.
The traditional approach is to provide a Virtual Private Network (VPN), however this has one glaring deficiency. It is a network
connection! A connection that can be used by any bad actor. A pipe through the perimeter that can allow any traffic to
reach into the heart of the organization. It is a connection that can be inadvertently abused because end users, who in this
case are not part of your company, have become infected with spyware, ransomware or any other form of malware. In short, VPNs are
not a good solution for any company that require robust security.
Companies are often challenged during a merger/spinoff process to provide access to certain corporate applications, with no
assurance that the environment to which they are connecting is itself secure. With no visibility on the network controls of the
acquired company, they are asked to open a trusted network connection. Similarly, in a spinoff, cutting the trusted network may
be held up because key users still require access to some internal applications.
Contractor access via VPN is another area fraught with risk, with several highly visible breaches directly attributed to this
vector. The temporary access given to contractors poses a significant ongoing risk to companies, and as temporary
often becomes ongoing, the risk never goes away.
So how do we provide a secure remote access solution that addresses the risks with traditional VPN solutions?
The answer is Zscaler Private Access (ZPA).
With ZPA, all your remote access use cases are covered:
- Provide partner application access, not network access
- Migrate private apps to AWS, Azure, Google Cloud Compute without network infrastructure changes
- Allow application access for acquisitions and divestitures
- Replace legacy VPN replacement
The ZPA architecture is a more secure and agile approach that funnels end user traffic through a security layer that
insulates and protects the company from all but authorized traffic between specific outside endpoints and specific internal
applications, enforced by the Zscaler Cloud. In effect, ZPA implements a Dark Net that ensures that only the
end points are communicating, with no visibility to the rest of the network. Users with access to specific applications
cannot just start browsing through the network because ZPA is enforcing the control to both ends of the connection.
In addition, ZPA provisions outside user access to sensitive internal applications on a per-user basis, with real-time
visibility on user connectivity, and with full auditing of every access. With the added benefits associated with a Cloud
service (no CapEx, low OpEx, dynamic scaling, flexibility, pay per user subscription, etc.), ZPA significantly improves
your security posture at a lower TCO compared to your current VPN solution.
To explore possibilities with Zscaler Private Access, contact Hararei for a free and confidential initial discussion.