Zenith Live 2019 Keynotes Watch Now
Zenith Live 2019 Keynotes Watch Now

Transforming the Enterprise

Watch Keynotes
Solutions > Alternative VPN

Les réseaux VPN d’accès à distance sont contraignants.

Nous vous proposons donc une meilleure solution.

Voir la vidéo

VPN is a mismatch for cloud adoption and mobile users

Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.

But then things changed. Applications began moving to the cloud, a network the enterprise does not control. Users expect to seamlessly work off-network and from any device, anywhere. Remote access VPNs worked well in the network-centric world, but in the age of cloud and mobility, where there are virtual perimeters around the user, device, and application, they lack applicability.

a diagram showing with a vpn, all remote user traffic is backhauled through the centralized data center security stack and returns

Zero Trust Network Access (ZTNA) is the ideal VPN alternative

Today, private application access is shifting away from network-centric approaches to a user and apps centric one. This has led to the increased popularity of “zero trust” and the adoption of zero trust network access (ZTNA) services. Also known as software-defined perimeters (SDPs), ZTNA enables secure access to private applications by establishing connectivity from user-to-application based on a dynamic identity- and context-aware basis.

ZTNA is different to VPN in these 3 main ways:

User experience

VPN

Traffic is backhauled to the data center making access painfully slow for the user, while repetitive logins and authentications leave users tired and frustrated.

ZTNA

ZTNA cloud-delivered services are designed for high availability, and deliver fast and seamless access to private apps, regardless of device, location, or application

Security

VPN

Providing application access requires placing users on the network; while exposing network IPs to the internet via VPN concentrators listening for inbound pings

ZTNA

With ZTNA, access to private apps no longer requires network access. Service-initiated ZTNA architectures use inside out connection to make apps invisible to the internet

Complexity

VPN

Expensive inbound security stacks are replicated across multiple data center locations, each stack requiring management, and configuration of manual and time-consuming ACL and FW policies

ZTNA

ZTNA serves as an alternative to the inbound VPN gateway stack. Cloud-delivered ZTNA services make deployment simple and scalable, eliminating infrastructure overhead.

User experience

VPN

Traffic is backhauled to the data center making access painfully slow for the user, while repetitive logins and authentications leave users tired and frustrated.

ZTNA

ZTNA cloud-delivered services are designed for high availability, and deliver fast and seamless access to private apps, regardless of device, location, or application

Security

VPN

Providing application access requires placing users on the network; while exposing network IPs to the internet via VPN concentrators listening for inbound pings

ZTNA

With ZTNA, access to private apps no longer requires network access. Service-initiated ZTNA architectures use inside out connection to make apps invisible to the internet

Complexity

VPN

Expensive inbound security stacks are replicated across multiple data center locations, each stack requiring management, and configuration of manual and time-consuming ACL and FW policies

ZTNA

ZTNA serves as an alternative to the inbound VPN gateway stack. Cloud-delivered ZTNA services make deployment simple and scalable, eliminating infrastructure overhead.

Zscaler Private Access: A VPN alternative that delivers a zero trust model

Zscaler Private Access (ZPA) is a cloud-delivered, zero trust network access (ZTNA) service that provides secure access to all private applications, without the need for a remote access VPN. ZPA delivers a zero trust model by using the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced business policies to create a secure segment of one between an authorized user and a specific named application. ZPA’s unique service-initiated architecture where App Connector connect outbound to the Zscaler broker makes both the network and applications invisible to the internet, creating an isolated environment around each application rather than the network. This eliminates lateral movement and opportunity for ransomware spreads.

a flow chart showing ZEN sits btw the app and connector, brokering secure access from end-user to an application within the Zscaler cloud
1.  Zscaler Enforcement Node
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between the Z-App and App Connector
2.  Zscaler App
  • Mobile client installed on devices
  • Requests access to an app
3.  App Connector
  • Sits in front of apps in the datacenter, Azure, AWS, and other public cloud services
  • Provides inside-out TLS 1.2 connections to broker
  • Makes apps invisible to prevent DDoS attacks

The benefits of ZTNA as a VPN alternative

icon showing vpn replacement FAST, SEAMLESS USER EXPERIENCE
FAST, SEAMLESS USER EXPERIENCE
icon showing vpn replacement DECOUPLED APP ACCESS FROM NETWORK ACCESS
DECOUPLED APP ACCESS FROM NETWORK ACCESS
icon showing vpn replacement MICRO-SEGMENTED ACCESS TO PRIVATE APPS
MICRO-SEGMENTED ACCESS TO PRIVATE APPS
icon showing vpn replacement SIMPLIFIED MANAGEMENT AND REDUCED COSTS
SIMPLIFIED MANAGEMENT AND REDUCED COSTS
TriMedX, a Healthcare Technology Management organization replaced their vpn with zpa and discovered the benefits of the sdp

TriMedX, a Healthcare Technology Management organization replaced their VPN with ZTNA and discovered the benefits of ZPA.

Watch Video

Aster Group UK a housing association replaced vpn and enabled seamless, secure application access for its internal and third-party users

See how Aster Group UK replaced its remote access VPN and enabled seamless, secure application access for both internal and third-party users with ZTNA.

Read the Story

Suggested Resources

Solution Brief

ZPA for VPN Retirement Solution Brief

Read the Solution Brief

Gartner Report

SDP, Gartner's Recommended Zero Trust Networking Project

Read Findings

Whitepaper

The Definitive Guide to Secure Remote Access

Read the Paper

Side-by-side comparison

VPN vs. ZPA

See the difference

It's time for an alternative to your VPN

See how you can give users the experience they want and get the security you need. Take ZPA for a test drive with our Free 7-day Hosted Demo.

Essayez ZPA gratuitement