Zenith Live is coming to Europe in October. Join us! Register
Zenith Live is coming to Europe in October. Join us!
Register
Solutions > VPN Retirement

We know remote access VPNs are a pain

So we developed a better alternative for you.

Read Solution Brief

A brief lesson in remote access VPN history

Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.

But then things changed. Applications began moving to the cloud, extending the perimeter to the internet. Users began using the cloud to work off-network and from any device, anywhere—usually without a VPN. Remote access VPNs worked well in the network-centric world, but they fail to deliver the zero trust security, visibility, and experience needed in the age of cloud and mobility. It’s time to replace the remote access VPN.

Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Why the software-defined perimeter is the ideal VPN alternative

Enterprises must rethink the way users access applications. To move to a modern approach, where access is based on specific users and specific applications, many have turned to the software-defined perimeter (SDP). Built for the modern enterprise, this model enables zero trust security by exclusively connecting authorized users to specific internal applications, without placing users on the network. Take a look at what this VPN alternative is bringing to enterprise environments.

User experience

Before

VPNs require frustrating authentication measures that force users to think about whether or not they need to use VPN to access certain applications.

After

SDPs are designed to deliver a faster and more seamless experience for all users, regardless of device, location, or application.

Security

Before

VPNs make it impossible to segment by application. In fact, in order to access an app, a user must be on-net. With compromised user devices gaining full network access, you create a larger attack surface.

After

An SDP uses policies to create zero trust connectivity between authorized users and internal applications. It doesn’t place users on the network or expose an app to the internet.

Complexity

Before

VPN appliances require ACLs and FW policies that are manual and time consuming. Appliance stacks must also be replicated across all data center locations, making them expensive to scale and difficult to manage.

After

Since SDPs rely solely on software, they are simple to deploy, they enable “set and forget” policies, and there are no physical or virtual appliances.

User experience

Before

VPNs require frustrating authentication measures that force users to think about whether or not they need to use VPN to access certain applications.

After

SDPs are designed to deliver a faster and more seamless experience for all users, regardless of device, location, or application.

Security

Before

VPNs make it impossible to segment by application. In fact, in order to access an app, a user must be on-net. With compromised user devices gaining full network access, you create a larger attack surface.

After

An SDP uses policies to create zero trust connectivity between authorized users and internal applications. It doesn’t place users on the network or expose an app to the internet.

Complexity

Before

VPN appliances require ACLs and FW policies that are manual and time consuming. Appliance stacks must also be replicated across all data center locations, making them expensive to scale and difficult to manage.

After

Since SDPs rely solely on software, they are simple to deploy, they enable “set and forget” policies, and there are no physical or virtual appliances.

The perimeter has extended to the internet,
so it’s time to retire the network-centric VPN

Zscaler Private Access (ZPA) is a software-defined service that provides secure access to any internal application, without the need for a remote access VPN. ZPA requires no appliances, but instead uses the Zscaler security cloud to deliver a zero trust framework. ZPA uses encrypted tunnels and policies to create a segment of one between an authorized user and a named application. The inside-out connectivity from Z-Connector to cloud makes all applications invisible to the internet and creates an isolated environment around each application.

1.  Zscaler Enforcement Node
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between a Z-App and
    a Z-connector
2.  Zscaler App
  • Mobile client installed on devices
  • Requests access to an app
3.  App Connector
  • Sits in front of apps in Azure, AWS, and other public cloud services
  • Listens for access requests to apps
  • No inbound connections

The benefits of VPN replacement

Improves remote user experience

No need to log in to a VPN client

Seamless, cloud-like experience

Direct access to apps

Enables a zero trust security strategy

Application access, not network access

Apps are made invisible to internet

Enables discovery of shadow IT applications and application of controls

Supports all application types (server-side, web apps, etc.)

Simplifies implementation and management

ZPA software can be deployed in minutes

No need to manage ACLs or FW policies

Integrates with IDP providers and LDAP/AD

Can run in parallel with existing VPN services

Reduces costs

Scales without the need for physical or virtual appliances

Requires no replication of security stacks across data centers

Per-user pricing (unlimited devices per users)

See how Aster Group UK replaced its remote access VPN and enabled
seamless, zero trust access for its internal and third-party users

Read the Story

Suggested Resources

Solution brief

ZPA for VPN Retirement Solution Brief

Read the Solution Brief 

Whitepaper

The Definitive Guide to Secure Remote Access

Read the Paper 

ESG Solution Showcase

Say Hello to the Software-defined Perimeter (SDP)

Read Report 

It's time to retire your VPN for a better solution

See how easy life can be without VPN. Take ZPA for a test drive with our Free 7-day Hosted Demo.

Try ZPA for Free