On Tuesday, cloud security provider Zscaler announced Zscaler Private Access (ZPA), a new tool that the company said will eliminate the need of “insecure” VPNs (virtual private networks). Like a VPN, the cloud-based ZPA offers a secure way to access an organization’s internal resources when an employee is outside of the corporate network.
As the business world becomes increasingly mobile, especially with the rise of BYOD in the enterprise, the need for secure access to corporate assets is huge. Traditional VPNs have been around in one form or another for quite some time, but the way in which a VPN provides access is something that Zscaler said is a real security threat.
SEE: Network Security Policy Template (Tech Pro Research)
Typically, a VPN will use dedicated connections and encryption to provide users access to an entire network. This approach, Zscaler said, lowers the effectiveness of perimeter security, and could lead to breaches.
By separating data access from network access, ZPA gives users access to the private applications and services they need to use, but not the network as a whole. This secures the resources themselves, and it also allows the organization to move those applications or services to a different data center or network, with no effect on the user.
“With Zscaler Private Access, you essentially make your most precious internal assets dark to the outside world, because unless a user is authorized to access an asset, they won’t even be able to see that it exists. Even when a user has access to an application, they will not be able to route back to it,” Zscaler CIO Patrick Foxhoven said in a press release.
Denzil Wessels, senior director of product management for emerging technologies at Zscaler, said that one of the big use cases was third-parties and independent contractors who need access to apps. With a traditional VPN, their access was only as good as the rules that were defined for them. But, ZPA offers per-application access by user, which means they’ll only be able to access the apps they need.
The client sees a simulated network, not the real thing. A specific tunnel connects the user to an individual application, so the application and assets are never directly exposed to the users. But, it doesn’t interfere with their workflow.
ZPA works with the ZScaler app, which collects web traffic and provides web security. A new tool called the ZEN Connector builds the tunnel and collects traffic destined for private applications, before wrapping it up and sending it back to the user. ZScaler’s global cloud stitches the connectivity together, and its Central Authority brings a centralized policy engine and a single UI. ZPA is available to new customers as a standalone product, or to existing Zscaler customers.
When asked how this contrasts with a web-based SSL VPN or using an HTTPS connection with a secure web app, Wessels said ZPA differs because those two options “were very web app-dependent, and they were very prone to breaking web applications that were there, because they were trying to rewrite them all the time, being a reverse proxy.”
SEE: 5 things you should know about VPNs (ZDNet)
Another big pain with those tools was the end user experience, Wessels said, because users had to be routed to another site to access the network. But, with ZPA, users go directly to the application.
So, ZPA wants to take on VPN and change access for the enterprise. But, does VPN technology need disrupting?
“Traditional client-based VPN is still quite relevant and used by enterprises globally today, and will continue to be for the foreseeable future,” said Gartner’s Eric Ahlm. “What’s changed from a market perspective is VPN technology is rarely purchased as a stand-alone technology.”
Nowadays, Ahlm said, most enterprises get their VPN from their firewall provider and don’t need a VPN replacement. However, Ahlm said, new connectivity cases suggest that traditional, client-based VPNs may need some augmentation.
The biggest gaps Ahlm identified were mobile VPN tools and some cloud-based resources. Being that ZPA offers a single UI, and it was created to work with the public cloud and other cloud platforms, it could have a decent chance at unseating the VPN for some clients.
The 3 big takeaways for TechRepublic readers
- Zscaler, which provides cloud security tools, recently launched its Zscaler Private Access (ZPA), a cloud-based tool that it hopes will unseat VPNs in many organizations.
- ZPA separates data access from network access and offers named user to named application access. Users don’t get access to the whole network–only to the applications and data necessary for them to do their job.
- While ZPA offers a unique alternative to traditional, client-based VPNs, Gartner’s Eric Ahlm said he isn’t sure that there is much need for an alternative to today’s VPN technology.