Zscaler Private Access and Zero Trust Network Access Solutions

ZTNA, or Zero Trust Network Access, provides secure, identity-based access to private applications and data for users and devices by verifying their identity and device health before granting temporary, granular access to only the necessary resources, rather than broad network access. It replaces traditional VPNs by creating a "software-defined perimeter" (SDP) for each user and application, significantly reducing the attack surface and improving security for modern, cloud-first organizations.

Zscaler Private Access (ZPA) is a next-generation, non-VPN based solution for secure remote access. The patented Zscaler Private Access solution works by abstracting the private, internal application from the network on which it resides, providing access from authorized users to specific applications via encrypted, per–session microtunnels that are created upon demand.

The end user is never directly connected to the application, nor is the user connected to the network on which the application resides. ZPA instead delivers functionality similar to a forward and a reverse proxy acting together. This ensure that networks and applications cannot be infected or exploited by open network tunnels.

Redefining Private Application Access

• Access to private applications, whether they are in your Data Center or a private segment of a Cloud Provider, no longer requires access to a public network, or use of a VPN. By hiding the public attack surface, the risk of cyber attack is dramatically decreased, and the possibility of DDOS attacks against private applications is removed.
• Inside–out connections ensure applications are invisible to unauthorized users and are never exposed to the Internet, preventing DDOS attacks
• Application segmentation, without network segmentation, connects users to specific applications and limits lateral movement
• The Internet becomes the new secure network via end–to–end encrypted TLS tunnels

Zscaler is a platform, which means Zero Trust can be combined with other security functions such as Data Loss Prevention, Cloud Application Access, Application Bandwidth Management, and Secure Web Gateway in a single platform. This platform can then be used for management and complicance reporting and security monitoring. For an example of a holistic platform approach to application, see our Zscaler for SAP page.

Zero Trust Network Access is one component of a Secure Access Service Edge (SASE) architecture.

Learn more at: Zero Trust Network Access