SlideShare a Scribd company logo

3 reasons-sdp-is-replacing-vpn-in-2019

Zscaler
Zscaler

It’s 2019 and your users are working from anywhere but the office, enterprise applications have migrated to the cloud or hybrid environment, and VPN is no longer the answer to private application access in this new world of user-to-app connectivity.

Internet
1 of 14
©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Three Ways Zero Trust Security Redefines Partner Access Three reasons SDP will replaceVPN in 2019 Kunal Shah Principal Product Manager Steve Bonek Information Security Manager
2 INTERNET Hub-and-Spoke Architecture Castle and Moat architecture to protect the corporate network Inbound Gateway Risk is introduced by giving too much trust to users and networks Complexity of ACLs and firewalls can make remote access difficult to manage Users become frustrated with a poor experience Months often spent on getting infrastructure set up Today’s needs aren’t solved with yesterday’s technology
Virtual Private Network (VPN) access The challenges of legacy application access • Users are placed on the network to access apps • User experience is painful and slow • Lack of visibility into user and application activity Software-defined Perimeter (SDP) access Enable “least privileged” access to private apps without granting network access leveraging the software-defined perimeter (SDP) Introducing the new world of Private Application Access Remote user Policy Enforcement Checkpost Public Cloud Private Cloud / On- Premise DC Remote user
Software-Defined Perimeter (SDP) A modern approach to remote access and zero trust: Abandons the network-centric design, and instead secures private application access using a user and app-centric approach: “By 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters.” Gartner, November 2017 • Decouples private application access from network access • 100% software-defined; No physical or virtual appliances needed • Application access is micro-segmented and provisioned on a “least privileged” basis • Advanced visibility into all user and app activity • Different approach to zero trust than firewalls and users placed on network
Three reasons SDP is the future of private application access App access is detached from network access 1 2 3 Minimize risk with micro-segmentation Monitor any suspicious activity Users are never placed on the network Stops overprivileged access via inside-out connections No longer need to leverage VPNs On-demand TLS microtunnels eliminates lateral movement between apps Granular visibility into all user and app activity Discover previously unknown apps and apply granular controls Automatic log streaming to SIEM in both past & real-time Enforce policies to create secure segments of one between user and app No more ACL and FW policies to manage
How TRIMEDX leverages the software-defined perimeter (SDP)
Location: Indiana, USA Industry: Healthcare Services User Count: 1,700 employees Who are we? The Challenge • TRIMEDX is a healthcare technology management organization performing clinical engineering and clinical asset management services. • TRIMEDX started in the 1990s in the basement of St. Vincent Hospital in Indianapolis, Indiana. • Today, the company is in more than 1,800 healthcare locations across the United States and the Cayman Islands. • Remote workstations not receiving approved patches in a timely fashion. • Remote users had no need to use the traditional VPN on a daily basis. • Remote users were not prompted to change their password.
The Benefits The Solution • Must work for remote TRIMEDX technicians • Must be seamless for the end-user • Must be secure Looking Forward? • Decreased vulnerabilities for remote workstations • Ensured compliance with policies and consistent password changes • Better user experience • Finalize retirement of existing VPN solution • Investigate possible uses as part of Aramark HCT acquisition • Utilize solution for any new Private Cloud applications
©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Zscaler Private Access (ZPA) The cloud-based, SDP solution that provides fast, secure private application access to all users, from all locations.
Zscaler Private Access fast, secure, software-defined access to private apps BYOD Branch Users Public Cloud Private Cloud / Data Center INTERNALLY MANAGED Remote User The 4 Tenets Application access is decoupled from network access. Micro-segmentation, not network segmentation. Inside-out connectivity makes private apps invisible Double encrypted micro-tunnels ensure secure, segmented access to private apps.
Zscaler App / Browser Access 1 2 Zscaler Enforcement Node (enforces policy) 4Brokered connection How it works Traffic is directed to the Zscaler Enforcement Node (ZEN) • User is authenticated through IDP provider • Custom access policies are applied • Access request signal is sent to nearest App Connector 2 User attempts to access app in the datacenter or cloud (i.e., SAP). Leveraging either Z App or Browser Access 1 App-to-user connection is securely stitched together within Zscaler cloud 4 App Connector closest to the app location responds and establishes an inside-out connection 3 How Zscaler’s SDP architecture works App Connectors 3 3
Top use casesfor ZPA VPN Replacement Multi-cloud Adoption Accelerated M&A Secure Partner Access
13 What makes ZPA different from SSL/IPsec VPNs?1 Do I need to rip out my existing VPNs?2 How is ZPA different from other SDP solutions?3 The top questions asked about ZPA
Thank You! Try a SDP solution for yourself! Take ZPA for a test drive with our free 7-day hosted demo: https://www.zscaler.com/zpa-interactive Kunal Shah Principal Product Manager Steve Bonek Information Security Manager VPN vs. ZPA Side-by-side comparison See the performance difference as ZPA goes up against the VPN https://zscaler.wistia.com/medias/161ir7rs9p

Recommended

Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
Zscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
 
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...
CatoNetworks
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
Haris Chughtai
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
Zscaler
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
Zscaler
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 

Recommended

Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
Zscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
 
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more afforda...
CatoNetworks
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
Haris Chughtai
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
Zscaler
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
Zscaler
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
Cloud Distribution
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise Management Associates
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
Zscaler
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution Overview
Claudiu Sandor
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
infoeliechahine
 
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile EraThe Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
Digital Transformation EXPO Event Series
 
Software Defined WAN – SD-WAN
Software Defined WAN – SD-WANSoftware Defined WAN – SD-WAN
Software Defined WAN – SD-WAN
MarketingArrowECS_CZ
 
Extending Security to EVERY Edge
Extending Security to EVERY EdgeExtending Security to EVERY Edge
Extending Security to EVERY Edge
itnewsafrica
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 

More Related Content

What's hot

Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
Cloud Distribution
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise Management Associates
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
Zscaler
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution Overview
Claudiu Sandor
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
infoeliechahine
 
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile EraThe Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
Digital Transformation EXPO Event Series
 
Software Defined WAN – SD-WAN
Software Defined WAN – SD-WANSoftware Defined WAN – SD-WAN
Software Defined WAN – SD-WAN
MarketingArrowECS_CZ
 
Extending Security to EVERY Edge
Extending Security to EVERY EdgeExtending Security to EVERY Edge
Extending Security to EVERY Edge
itnewsafrica
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 

What's hot (20)

Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution Overview
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
 
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile EraThe Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
 
Software Defined WAN – SD-WAN
Software Defined WAN – SD-WANSoftware Defined WAN – SD-WAN
Software Defined WAN – SD-WAN
 
Extending Security to EVERY Edge
Extending Security to EVERY EdgeExtending Security to EVERY Edge
Extending Security to EVERY Edge
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 

Similar to 3 reasons-sdp-is-replacing-vpn-in-2019

Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
Zscaler
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
Zscaler
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
Zscaler
 
Case study fortune 500 final
Case study fortune 500 finalCase study fortune 500 final
Case study fortune 500 final
Block Armour
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
Block Armour
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
Zscaler
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
 
Secure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureSecure access to applications on Microsoft Azure
Secure access to applications on Microsoft Azure
Zscaler
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copy
Zscaler
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lan
cnnetwork
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
ssuserea0dfe
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overviewStef Coetzee
 

Similar to 3 reasons-sdp-is-replacing-vpn-in-2019 (20)

Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
 
Case study fortune 500 final
Case study fortune 500 finalCase study fortune 500 final
Case study fortune 500 final
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Secure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureSecure access to applications on Microsoft Azure
Secure access to applications on Microsoft Azure
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copy
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lan
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
 

More from Zscaler

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
Zscaler
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
Zscaler
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
Zscaler
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
Zscaler
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
Zscaler
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
Zscaler
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
Zscaler
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
Zscaler
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
Zscaler
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
Zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
Top reasons o365 deployments fail
Top reasons o365 deployments failTop reasons o365 deployments fail
Top reasons o365 deployments fail
Zscaler
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
Zscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Zscaler
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 

More from Zscaler (16)

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Top reasons o365 deployments fail
Top reasons o365 deployments failTop reasons o365 deployments fail
Top reasons o365 deployments fail
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 

Recently uploaded

JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 

Recently uploaded (20)

JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 

3 reasons-sdp-is-replacing-vpn-in-2019

  • 1. ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Three Ways Zero Trust Security Redefines Partner Access Three reasons SDP will replaceVPN in 2019 Kunal Shah Principal Product Manager Steve Bonek Information Security Manager
  • 2. 2 INTERNET Hub-and-Spoke Architecture Castle and Moat architecture to protect the corporate network Inbound Gateway Risk is introduced by giving too much trust to users and networks Complexity of ACLs and firewalls can make remote access difficult to manage Users become frustrated with a poor experience Months often spent on getting infrastructure set up Today’s needs aren’t solved with yesterday’s technology
  • 3. Virtual Private Network (VPN) access The challenges of legacy application access • Users are placed on the network to access apps • User experience is painful and slow • Lack of visibility into user and application activity Software-defined Perimeter (SDP) access Enable “least privileged” access to private apps without granting network access leveraging the software-defined perimeter (SDP) Introducing the new world of Private Application Access Remote user Policy Enforcement Checkpost Public Cloud Private Cloud / On- Premise DC Remote user
  • 4. Software-Defined Perimeter (SDP) A modern approach to remote access and zero trust: Abandons the network-centric design, and instead secures private application access using a user and app-centric approach: “By 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters.” Gartner, November 2017 • Decouples private application access from network access • 100% software-defined; No physical or virtual appliances needed • Application access is micro-segmented and provisioned on a “least privileged” basis • Advanced visibility into all user and app activity • Different approach to zero trust than firewalls and users placed on network
  • 5. Three reasons SDP is the future of private application access App access is detached from network access 1 2 3 Minimize risk with micro-segmentation Monitor any suspicious activity Users are never placed on the network Stops overprivileged access via inside-out connections No longer need to leverage VPNs On-demand TLS microtunnels eliminates lateral movement between apps Granular visibility into all user and app activity Discover previously unknown apps and apply granular controls Automatic log streaming to SIEM in both past & real-time Enforce policies to create secure segments of one between user and app No more ACL and FW policies to manage
  • 6. How TRIMEDX leverages the software-defined perimeter (SDP)
  • 7. Location: Indiana, USA Industry: Healthcare Services User Count: 1,700 employees Who are we? The Challenge • TRIMEDX is a healthcare technology management organization performing clinical engineering and clinical asset management services. • TRIMEDX started in the 1990s in the basement of St. Vincent Hospital in Indianapolis, Indiana. • Today, the company is in more than 1,800 healthcare locations across the United States and the Cayman Islands. • Remote workstations not receiving approved patches in a timely fashion. • Remote users had no need to use the traditional VPN on a daily basis. • Remote users were not prompted to change their password.
  • 8. The Benefits The Solution • Must work for remote TRIMEDX technicians • Must be seamless for the end-user • Must be secure Looking Forward? • Decreased vulnerabilities for remote workstations • Ensured compliance with policies and consistent password changes • Better user experience • Finalize retirement of existing VPN solution • Investigate possible uses as part of Aramark HCT acquisition • Utilize solution for any new Private Cloud applications
  • 9. ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Zscaler Private Access (ZPA) The cloud-based, SDP solution that provides fast, secure private application access to all users, from all locations.
  • 10. Zscaler Private Access fast, secure, software-defined access to private apps BYOD Branch Users Public Cloud Private Cloud / Data Center INTERNALLY MANAGED Remote User The 4 Tenets Application access is decoupled from network access. Micro-segmentation, not network segmentation. Inside-out connectivity makes private apps invisible Double encrypted micro-tunnels ensure secure, segmented access to private apps.
  • 11. Zscaler App / Browser Access 1 2 Zscaler Enforcement Node (enforces policy) 4Brokered connection How it works Traffic is directed to the Zscaler Enforcement Node (ZEN) • User is authenticated through IDP provider • Custom access policies are applied • Access request signal is sent to nearest App Connector 2 User attempts to access app in the datacenter or cloud (i.e., SAP). Leveraging either Z App or Browser Access 1 App-to-user connection is securely stitched together within Zscaler cloud 4 App Connector closest to the app location responds and establishes an inside-out connection 3 How Zscaler’s SDP architecture works App Connectors 3 3
  • 12. Top use casesfor ZPA VPN Replacement Multi-cloud Adoption Accelerated M&A Secure Partner Access
  • 13. 13 What makes ZPA different from SSL/IPsec VPNs?1 Do I need to rip out my existing VPNs?2 How is ZPA different from other SDP solutions?3 The top questions asked about ZPA
  • 14. Thank You! Try a SDP solution for yourself! Take ZPA for a test drive with our free 7-day hosted demo: https://www.zscaler.com/zpa-interactive Kunal Shah Principal Product Manager Steve Bonek Information Security Manager VPN vs. ZPA Side-by-side comparison See the performance difference as ZPA goes up against the VPN https://zscaler.wistia.com/medias/161ir7rs9p

Editor's Notes

  1. New approach - policy-based access to specific applications Fully software-based – no inbound gateway appliances Based on Defense Information Systems Agency (DISA) work in 2007 Popularized by Google BeyondCorp Two key criteria before providing access to an app: User device – device posture User identity – authorized user access
  2. SDP – Coined by Gartner
  3. Key talking points: - Comparing between the difference of a VPN or other SDP solutions as you walk through our ZPA specific architecture
  4. VPN Replacement: No physical or virtual appliances Effortless user experience Application segmentation by default No inbound connections to the network or apps Multi-cloud Adoption: Enable secure and accelerated adoption of cloud Direct-to-cloud access creates optimized user experience Lessens network complexity, no site-to-site VPN needed Secure Partner Access: Application segmentation without network segmentation Visibility and control of user/app activity Simplicity for users accessing partner apps Accelerate M&A: No need to converge networks or NAT? Security to apps is standardized across all assets and users. Consistent user experience across all acquired or divested assets
  5. How is ZPA different from an SSL/IPsec VPN? • SSL VPNs and IPsec VPNs differ in how they create the tunnel between the user and an app, but not in what they do—both types of VPNs create a network connection. ZPA does not create a network connection to enable application access. Cloud-based VPNs? • No. VPN stands for Virtual Private Network. Zscaler Private Access doesn’t make a network connection, so it’s no kind of VPN at all. (As an aside, we considered naming the product ZPN for Zscaler Private Network…and we were hammered by the analysts for even bringing up the word “network!”) How is ZPA different from other SDP solutions? inside-out only connections Other SDP solutions serve as a proxy which still needs DDoS protection and still grants network access Additionally we are SDP as a service and operate on our established Zscaler Cloud. Also we are FedRamp Certified. ● Do I need to rip out my existing VPNs? • No. You can migrate on your schedule. How, exactly do we ensure that a user (regardless of user rights on endpoint) can´t bypass Z APP? Can’t the user just revert to using their VPN and go right past ZPA? • To ensure that this could not happen, the admin would need to ensure that VPN access to the application is disabled.