Zscaler, profile picture
Uploaded byZscaler
1,461 views

Three ways-zero-trust-security-redefines-partner-access-ch

The document discusses the challenges of traditional partner access through VPNs and presents the Software-Defined Perimeter (SDP) as a more secure alternative. SDP enables least privileged access to private applications without granting network access, enhancing security by employing micro-segmentation and advanced visibility. Zscaler Private Access (ZPA) is highlighted as a solution for achieving secure, effortless, and managed access to internal applications for partner users.

Embed presentation

0 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION ThreeWaystheSoftware-definedPerimeterRedefines PartnerAccess Kunal Shah Principal Product Manager
1 “75% of businesses saw third-party access grow over the past two years.” Did you know? “63% of all cyber attacks could be traced either directly or indirectly to third parties.” Soha Systems Report Third-party Report Bomgar Survey Vendor Vulnerability Report
2 Virtual Private Network (VPN) access The challenges of legacy partner access • Partner users are placed on the network • Overprivileged partner access to apps • Lack of visibility into partner/user activity Software-defined Perimeter (SDP) access Enable “least privileged” access to private apps without granting network access leveraging the software-defined perimeter (SDP) Securing partner access is challenging, but what if it wasn’t? Policy Enforcement Checkpost Public Cloud Private Cloud / On-Premise DC
3 What is the Software-Defined Perimeter (SDP)? SDP provides a modern approach to remote access technology: Abandons the network-centric design, and instead secures private application access to users without granting network access. “By 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters.” Gartner, November 2017 • Decouples private application access from network access • 100% software-defined; No physical or virtual appliances needed • Application access is micro-segmented and provisioned on a “least privileged” basis • Advanced visibility into all user and app activity
4 Three Ways SDP Redefines Partner Access App access is detached from network access 1 2 3 Minimize risk with micro-segmentation Monitor any suspicious activity Partners are never placed on the network Eliminate overprivileged partner access via inside-out connections Surface area of attack is minimized Enhanced security posture with encrypted TLS micro-tunnels Granular visibility into all partner and app activity Ability to enforce policies based on individual partner user Automatic log streaming to SIEM in both past & real-time Segment of one created between partner user & app
5 The Benefits 1. Users never access the network 2. Micro-segmentation made applications invisible to unauthorized users 3. Empowered IT with comprehensive visibility & control 4. Effortless access to applications with Browser Access The Solution Needed a new approach. Decoupling application access from the network was the ideal choice. They were able to achieve this through a SDP solution. This led us to choose Zscaler Private Access (ZPA). What’s next at Navigant Considering securing access to apps for partners
6 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Software-defined access with Zscaler Private Access (ZPA)
7 BYOD Contractor Zscaler Private Access – fast, secure, software-defined access to internal apps Public Cloud • Application access is decoupled from network access. Private Cloud / Data Center • Micro-segmentation, not network segmentation. INTERNALLY MANAGED Partner Users • Inside-out connectivity makes private apps invisible • Double encrypted micro-tunnels ensure secure, segmented access to private apps.
8 Zscaler App / Browser Access1 2 Zscaler Enforcement Node (enforces policy) Data Center 4 Brokered connection App Connectors 3 3 How it works Traffic is directed to the Zscaler Enforcement Node (ZEN) • User is authenticated through IDP provider • Custom access policies are applied • Access request signal is sent to nearest App Connector 2 Partner user attempts to access web app (i.e., partner portal) through Z App or Browser Access 1 App-to-partner user connection is securely stitched together within Zscaler cloud 4 App Connector closest to partner portal responds and establishes an inside-out connection 3 Browser Access - Effortless app access for partners Secure access to web apps without ever deploying a client
9 Take ZPA and Browser Access for a test drive. Try our free 7-day hosted demo: https://www.zscaler.com/zpa-interactive ThankYou! Kunal Shah Principal Product Manager Zscaler, Inc. Lets get technical! Get a deeper look into how ZPA’s browser access works: https://help.zscaler.com/zpa/about-BrowserAccess

More Related Content

PDF
Understanding SASE
byHaris Chughtai
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
PDF
Micro segmentation and zero trust for security and compliance - Guardicore an...
byYouAttestSlideshare
 
PDF
Cloud-Enabled: The Future of Endpoint Security
byCrowdStrike
 
PPTX
microsoft-cybersecurity-reference-architectures (1).pptx
byGenericName6
 
PDF
FireEye Solutions
byPrime Infoserv
 
PPTX
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...
byThousandEyes
 
PDF
SOC, Amore Mio! | Security Webinar
bySplunk
 
Understanding SASE
byHaris Chughtai
 
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
byYouAttestSlideshare
 
Cloud-Enabled: The Future of Endpoint Security
byCrowdStrike
 
microsoft-cybersecurity-reference-architectures (1).pptx
byGenericName6
 
FireEye Solutions
byPrime Infoserv
 
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...
byThousandEyes
 
SOC, Amore Mio! | Security Webinar
bySplunk
 

What's hot

PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
Zero Trust
byBoaz Shunami
 
PPTX
Four stage business analytics model
byAnitha Velusamy
 
PDF
Netskope Overview
byNetskope
 
PPTX
SD-WAN plus cloud security
byZscaler
 
PDF
Présentation ELK/SIEM et démo Wazuh
byAurélie Henriot
 
PPT
NetWitness
byTechBiz Forense Digital
 
PDF
Journey to Cloud-Native: Where to start in your app modernization process
byVMware Tanzu
 
PPTX
.conf Go 2022 - Observability Session
bySplunk
 
PPTX
Cloud vs. On-Premises Security: Can you afford not to switch?
byZscaler
 
PDF
Endpoint Security
byAhmed Hashem El Fiky
 
PPTX
5 Steps to a Zero Trust Network - From Theory to Practice
byAlgoSec
 
PPTX
Splunk Architecture
byKishore Chaganti
 
PPTX
The Zero Trust Model of Information Security
byTripwire
 
PDF
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
PDF
Microsoft Zero Trust
byDavid J Rosenthal
 
PPTX
What is zero trust model (ztm)
byAhmed Banafa
 
PPTX
Azure sentinel
byMarius Sandbu
 
PDF
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
Zero Trust
byBoaz Shunami
 
Four stage business analytics model
byAnitha Velusamy
 
Netskope Overview
byNetskope
 
SD-WAN plus cloud security
byZscaler
 
Présentation ELK/SIEM et démo Wazuh
byAurélie Henriot
 
NetWitness
byTechBiz Forense Digital
 
Journey to Cloud-Native: Where to start in your app modernization process
byVMware Tanzu
 
.conf Go 2022 - Observability Session
bySplunk
 
Cloud vs. On-Premises Security: Can you afford not to switch?
byZscaler
 
Endpoint Security
byAhmed Hashem El Fiky
 
5 Steps to a Zero Trust Network - From Theory to Practice
byAlgoSec
 
Splunk Architecture
byKishore Chaganti
 
The Zero Trust Model of Information Security
byTripwire
 
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
Microsoft Zero Trust
byDavid J Rosenthal
 
What is zero trust model (ztm)
byAhmed Banafa
 
Azure sentinel
byMarius Sandbu
 
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 

Similar to Three ways-zero-trust-security-redefines-partner-access-ch

PPTX
3 reasons-sdp-is-replacing-vpn-in-2019
byZscaler
 
PPTX
Three ways-zero-trust-security-redefines-partner-access-v8
byZscaler
 
PPTX
How sdp delivers_zero_trust
byZscaler
 
PPTX
What Comes After VPN?
byZscaler
 
PPTX
How to Overcome Network Access Control Limitations for Better Network Security
byCryptzone
 
PPTX
Webinar remote access_no_vpn_pitfalls_111517
byZscaler
 
DOCX
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
byendawalling
 
DOCX
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
byalfredacavx97
 
PDF
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
byGovernment Technology & Services Coalition
 
PDF
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
bySaraPia5
 
PPTX
Faster, simpler, more secure remote access to apps in aws
byZscaler
 
PDF
2019 10-app gate sdp 101 09a
byCristian Garcia G.
 
PDF
Datasheet over privileged_users
byCristian Garcia G.
 
PDF
SDP Glossary v2.0
byShamun Mahmud
 
PPTX
Secure remote access to AWS your users will love
byZscaler
 
PDF
How VPNs and Firewalls Put Your Organization at Risk
byCyxtera Technologies
 
PDF
AppGate Getting Started Resources for Telarus Partners
bySaraPia5
 
PDF
zscaler-aws-zero-trust.pdf
byMuhammadSajidAbdulga
 
PPTX
Presentacion de solucion cloud de navegacion segura
byRogerChaucaZea
 
PDF
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
byCyxtera Technologies
 
3 reasons-sdp-is-replacing-vpn-in-2019
byZscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
byZscaler
 
How sdp delivers_zero_trust
byZscaler
 
What Comes After VPN?
byZscaler
 
How to Overcome Network Access Control Limitations for Better Network Security
byCryptzone
 
Webinar remote access_no_vpn_pitfalls_111517
byZscaler
 
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
byendawalling
 
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
byalfredacavx97
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
byGovernment Technology & Services Coalition
 
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
bySaraPia5
 
Faster, simpler, more secure remote access to apps in aws
byZscaler
 
2019 10-app gate sdp 101 09a
byCristian Garcia G.
 
Datasheet over privileged_users
byCristian Garcia G.
 
SDP Glossary v2.0
byShamun Mahmud
 
Secure remote access to AWS your users will love
byZscaler
 
How VPNs and Firewalls Put Your Organization at Risk
byCyxtera Technologies
 
AppGate Getting Started Resources for Telarus Partners
bySaraPia5
 
zscaler-aws-zero-trust.pdf
byMuhammadSajidAbdulga
 
Presentacion de solucion cloud de navegacion segura
byRogerChaucaZea
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
byCyxtera Technologies
 

More from Zscaler

PPTX
Zscaler mondi webinar
byZscaler
 
PPTX
Top 5 predictions webinar
byZscaler
 
PPTX
Office 365 kelly services
byZscaler
 
PPTX
Ma story then_now_webcast_10_17_18
byZscaler
 
PPTX
Get an office 365 expereience your users will love v8.1
byZscaler
 
PPTX
Schneider electric powers security transformation with one simple app copy
byZscaler
 
PDF
Top 5 mistakes deploying o365
byZscaler
 
PDF
Three Key Steps for Moving Your Branches to the Cloud
byZscaler
 
PDF
Zenith Live - Security Lab - Phantom
byZscaler
 
PPTX
Moving from appliances to cloud security with phoenix children's hospital
byZscaler
 
PPTX
O365 quick with fast user experience
byZscaler
 
PPTX
Migration to microsoft_azure_with_zscaler
byZscaler
 
PPTX
Office 365 deployment
byZscaler
 
PPTX
Dissecting ssl threats
byZscaler
 
PPTX
The secure, direct to-internet branch
byZscaler
 
PPTX
The evolution of IT in a cloud world
byZscaler
 
PPTX
Rethinking Cybersecurity for the Digital Transformation Era
byZscaler
 
PPTX
Top reasons o365 deployments fail
byZscaler
 
PPT
GDPR - are you ready?
byZscaler
 
PPTX
Rethinking Cybersecurity for the Digital Transformation Era
byZscaler
 
Zscaler mondi webinar
byZscaler
 
Top 5 predictions webinar
byZscaler
 
Office 365 kelly services
byZscaler
 
Ma story then_now_webcast_10_17_18
byZscaler
 
Get an office 365 expereience your users will love v8.1
byZscaler
 
Schneider electric powers security transformation with one simple app copy
byZscaler
 
Top 5 mistakes deploying o365
byZscaler
 
Three Key Steps for Moving Your Branches to the Cloud
byZscaler
 
Zenith Live - Security Lab - Phantom
byZscaler
 
Moving from appliances to cloud security with phoenix children's hospital
byZscaler
 
O365 quick with fast user experience
byZscaler
 
Migration to microsoft_azure_with_zscaler
byZscaler
 
Office 365 deployment
byZscaler
 
Dissecting ssl threats
byZscaler
 
The secure, direct to-internet branch
byZscaler
 
The evolution of IT in a cloud world
byZscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
byZscaler
 
Top reasons o365 deployments fail
byZscaler
 
GDPR - are you ready?
byZscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
byZscaler
 

Recently uploaded

PPTX
How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx
byVisibility Drip
 
PDF
galakticki fudbal galactic football.pdf...
byStefanFilipovic9
 
PDF
Networking 2 Syllabus using cisco packet tracer simulator
byODINARARCH
 
PDF
Beacon Kit paper foundation tech framework pdf
bySteven McGee
 
PPTX
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
PPTX
A QUIZ ABOUT THE HISTORY OF MICROSOFT WORD
byzoenadiajara1
 
PDF
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
PPTX
Competitive Positioning - All HCI Competitors vs HPE PCBE dHCI _ SimpliVity w...
byyosefemiru123
 
PDF
Front-End vs Back-End Development: Roles, Tools, Skills & Career Guide
byIndian Website Company
 
PPTX
Human Aspects of Information Security: The People Factor.pptx
byOmar Fernandez
 
How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx
byVisibility Drip
 
galakticki fudbal galactic football.pdf...
byStefanFilipovic9
 
Networking 2 Syllabus using cisco packet tracer simulator
byODINARARCH
 
Beacon Kit paper foundation tech framework pdf
bySteven McGee
 
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
A QUIZ ABOUT THE HISTORY OF MICROSOFT WORD
byzoenadiajara1
 
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
Competitive Positioning - All HCI Competitors vs HPE PCBE dHCI _ SimpliVity w...
byyosefemiru123
 
Front-End vs Back-End Development: Roles, Tools, Skills & Career Guide
byIndian Website Company
 
Human Aspects of Information Security: The People Factor.pptx
byOmar Fernandez
 

Three ways-zero-trust-security-redefines-partner-access-ch

  • 1.
    0 ©2018 Zscaler,Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION ThreeWaystheSoftware-definedPerimeterRedefines PartnerAccess Kunal Shah Principal Product Manager
  • 2.
    1 “75% of businessessaw third-party access grow over the past two years.” Did you know? “63% of all cyber attacks could be traced either directly or indirectly to third parties.” Soha Systems Report Third-party Report Bomgar Survey Vendor Vulnerability Report
  • 3.
    2 Virtual Private Network(VPN) access The challenges of legacy partner access • Partner users are placed on the network • Overprivileged partner access to apps • Lack of visibility into partner/user activity Software-defined Perimeter (SDP) access Enable “least privileged” access to private apps without granting network access leveraging the software-defined perimeter (SDP) Securing partner access is challenging, but what if it wasn’t? Policy Enforcement Checkpost Public Cloud Private Cloud / On-Premise DC
  • 4.
    3 What is theSoftware-Defined Perimeter (SDP)? SDP provides a modern approach to remote access technology: Abandons the network-centric design, and instead secures private application access to users without granting network access. “By 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters.” Gartner, November 2017 • Decouples private application access from network access • 100% software-defined; No physical or virtual appliances needed • Application access is micro-segmented and provisioned on a “least privileged” basis • Advanced visibility into all user and app activity
  • 5.
    4 Three Ways SDPRedefines Partner Access App access is detached from network access 1 2 3 Minimize risk with micro-segmentation Monitor any suspicious activity Partners are never placed on the network Eliminate overprivileged partner access via inside-out connections Surface area of attack is minimized Enhanced security posture with encrypted TLS micro-tunnels Granular visibility into all partner and app activity Ability to enforce policies based on individual partner user Automatic log streaming to SIEM in both past & real-time Segment of one created between partner user & app
  • 6.
    5 The Benefits 1. Usersnever access the network 2. Micro-segmentation made applications invisible to unauthorized users 3. Empowered IT with comprehensive visibility & control 4. Effortless access to applications with Browser Access The Solution Needed a new approach. Decoupling application access from the network was the ideal choice. They were able to achieve this through a SDP solution. This led us to choose Zscaler Private Access (ZPA). What’s next at Navigant Considering securing access to apps for partners
  • 7.
    6 ©2018 Zscaler,Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Software-defined access with Zscaler Private Access (ZPA)
  • 8.
    7 BYOD Contractor Zscaler PrivateAccess – fast, secure, software-defined access to internal apps Public Cloud • Application access is decoupled from network access. Private Cloud / Data Center • Micro-segmentation, not network segmentation. INTERNALLY MANAGED Partner Users • Inside-out connectivity makes private apps invisible • Double encrypted micro-tunnels ensure secure, segmented access to private apps.
  • 9.
    8 Zscaler App /Browser Access1 2 Zscaler Enforcement Node (enforces policy) Data Center 4 Brokered connection App Connectors 3 3 How it works Traffic is directed to the Zscaler Enforcement Node (ZEN) • User is authenticated through IDP provider • Custom access policies are applied • Access request signal is sent to nearest App Connector 2 Partner user attempts to access web app (i.e., partner portal) through Z App or Browser Access 1 App-to-partner user connection is securely stitched together within Zscaler cloud 4 App Connector closest to partner portal responds and establishes an inside-out connection 3 Browser Access - Effortless app access for partners Secure access to web apps without ever deploying a client
  • 10.
    9 Take ZPA andBrowser Access for a test drive. Try our free 7-day hosted demo: https://www.zscaler.com/zpa-interactive ThankYou! Kunal Shah Principal Product Manager Zscaler, Inc. Lets get technical! Get a deeper look into how ZPA’s browser access works: https://help.zscaler.com/zpa/about-BrowserAccess

Editor's Notes

  • #4 New approach - policy-based access to specific applications Fully software-based – no inbound gateway appliances Based on Defense Information Systems Agency (DISA) work in 2007 Popularized by Google BeyondCorp Two key criteria before providing access to an app: User device – device posture User identity – authorized user access
  • #5 SDP – Coined by Gartner
  • #9 4 Tenets: Application access is decoupled from network access, never placing partners on the network. Inside-out connectivity makes private apps invisible, never exposed to the internet Micro-segmentation, not network segmentation. Authorized users only have access to named private apps. In using the internet as the new corporate network, via double encrypted micro-tunnels which reduce lateral access