SlideShare a Scribd company logo

zscaler-aws-zero-trust.pdf

M
MuhammadSajidAbdulga

Cost effective Intelligent Threat Security

Technology
1 of 8
Download to read offline
Zscaler and AWS Delivering Zero Trust Security for Users, Data, and Workloads
Introduction Workload migration to Amazon Web Services (AWS) is now a reality for many organizations and public sector agencies. The global pandemic has only reinforced the importance of enterprises accelerating digital transformation and identifying strategies to migrate critical applications to AWS so they can ensure business continuity and resilience, reduce expenses, and gain new efficiencies. IT environments today have evolved from on-premises physical servers to virtualized infrastructure that supports applications and workloads across multiple AWS Regions, enabling users to access these applications anywhere, anytime. Perimeter-based security has failed to address the needs of modern business The prevalent security model in the cloud is based on shared responsibility whereby AWS is responsible for the security of the underlying cloud infrastructure while businesses assume the responsibility of securing their workloads and applications in the cloud. AWS Shared Responsibility Model Source: https:/ /aws.amazon.com/compliance/shared-responsibility-model/
For the past thirty years, organizations have been building and optimizing complex, wide-area, hub-and- spoke networks, connecting users and branches to the data center over a private network. These hub- and-spoke networks were secured with stacks of security appliances, such as VPNs and firewalls, using an architecture known as castle-and-moat security. This approach served them well when the majority of employees worked at corporate offices with their data and applications residing at the data center. Today, users work from anywhere and frequently access applications and data that reside in the cloud. For fast and productive collaboration, users require direct access to apps from anywhere at any time. It no longer makes sense to route user traffic back to the data center for access and security in order to reach applications hosted on AWS. As cyberattacks become more sophisticated and users work from everywhere, perimeter security using VPNs and firewalls provide incomplete, inconsistent security and a poor user experience for the following reasons: • VPNs and firewalls extend the corporate network, expanding the attack surface and enabling threats to quickly move laterally, resulting in security breaches • A patchwork of legacy security point products introduces cost and complexity, resulting in missed attacks • Backhauling remote user traffic to the datacenter for access and security (hairpinning) results in latency, slow performance, and a poor user experience • Multi-vendor products provide inconsistent security across users, devices, and locations and make it difficult to prioritize threats (multiple dashboards) • Adversaries bypass traditional defenses with increasingly sophisticated threats delivered at scale • As organizations undergo application transformation—migrating applications to AWS or embracing SaaS applications—they need to move away from castle-and-moat security based on firewalls and VPNs to a modern architecture that secures fast and direct access to applications from anywhere at any time They need to adopt a zero trust architecture. Zscaler Zero Trust Exchange An AWS Advanced Tier Software Partner, Zscaler has been a leader in zero trust security for a decade and has successfully helped thousands of companies secure their digital transformations with the Zscaler Zero Trust Exchange. Zscaler’s zero trust architecture is an integrated platform that acts as an intelligent switchboard to broker connections between users, devices, and applications in AWS. Every request is verified using identity and context such as device type, location, application, and content. Once identity and context are verified, the zero trust architecture evaluates the risk associated with the connection request, as well as inspects the traffic for cyberthreats and SaaS Connection initiated to an app, not a network Inside-out Connections Monitor Experience 7. Enforce Policy 6. Prevent Data Loss 5. Prevent Compromise 4. Assess Risk (adaptive control) 3. Where is the connection going? 2. What is the access context? 1. Who is connecting? Connection Terminated Access over any network User + Device | Thing | Workload AWS Internet Data Center Factory Enforce Policy, Per- Session Decision and Enforcement Control Content and Access Verify Identity and Context
sensitive data. And finally, policy is enforced before establishing a connection to AWS applications. This modern approach eliminates security, networking, and backhauling/performance challenges, enabling organizations to accelerate their app and workload migrations to AWS while delivering superior security and a positive user experience. The Zero Trust Exchange is the world’s largest security cloud with over 150 points of presence (PoPs) around the world and in most AWS Regions globally, including GovCloud East and West. The distributed architecture with performance hubs ensures that any communication can be sent directly to AWS efficiently and securely. How Zscaler and AWS drive secured digital transformation 1. Protecting the users Powering a user-focused, secure hybrid workforce requires flexibility for supporting employees and third parties in any location and on any device. It calls for a user experience that offers fast, secure, and reliable access to data, apps, and workloads within AWS. It demands a solution that scales with the business and protects against known and unknown threats. Zscaler protects AWS users by: • Connecting the users directly to specific AWS workloads and never to the network. This ensures that threats cannot propagate laterally to infect other users, devices, and applications • Having users and apps sit behind the zero trust exchange to render them invisible from the internet. Bad actors can’t attack what they can’t see. As a result, users are not affected by malware or cyber threats such as ransomware and phishing This enables organizations to significantly reduce risk, improve productivity, and deliver a superior user experience. 150 PoPs Worldwide Secure Internet/Saas Access (ZIA) API-CASB Digital User Experience Any User Workforce, Contractor, B2B Customer Any Device Corp Managed, BYOD Any Location HQ, Branch, Factory, Home Secure Private App Access (ZPA) SaaS Internet AWS IDP Application Peering Connector Connector Direct Connect Connectivity Browser, Client Connector, SD-WAN or Router
Zscaler is a complete, integrated cloud-native solution that replaces disjointed, legacy point products and fulfills the vision for security service edge (SSE) by bringing together several core technologies to support AWS workloads. These include: • Zscaler Internet Access (ZIA) for cloud secure web gateway (SWG), cloud access security broker (CASB), cloud data loss prevention (DLP) and more • Zscaler Private Access (ZPA) for next-gen zero trust network access (ZTNA) • Zscaler Digital Experience (ZDX) for digital experience monitoring (DEM) 2. Protecting the data Users work remotely from a variety of devices, accessing and uploading data in AWS offerings like S3. As a result, perimeter-focused security appliances cannot protect this data, and turning to a different point product for each new use case breeds cost and complexity. Zscaler Data Protection follows data wherever it goes to enforce the principles of zero trust. Data is scanned inline for real-time classification and policy enforcement. Browser isolation streams data as pixels to unmanaged devices to stop exfiltration. Data at rest in AWS is scanned for sensitive information and automatic revocation of risky shares. Zscaler Data Protection is set apart by: • Being part of the most unified security platform that fills the needs of SSE and beyond • A unified policy engine that protects data consistently wherever it goes • Full SSL inspection from the world’s largest, most high performance security cloud • A proven platform deployed at scale across the world’s largest organizations 3. Protecting the workloads As workloads migrate to the cloud, organizations have an urgent and compelling need to modernize their networks and security to ensure business competitiveness. Legacy architectures, using VPNs, firewalls and security virtual appliances create routable mesh networks which expand the network attack surface and increase the risk of workload compromise. Complexity increases as multiple virtual appliances are replicated across locations. This creates significant challenges for organizations such as the risk of lateral threat movement, reduced productivity and collaboration as well as higher costs and the complexity of managing network security architectures to secure a hybrid workforce and cloud-based applications. Zscaler has extended its proven Zero Trust Exchange to secure not only user traffic, but hybrid and multi- cloud connectivity with Workload Communications. The solution enables a specific workload to securely communicate with another workload in any region of any cloud provider, over any network – often over the internet in both hybrid and multi-cloud environments. This consolidated approach not only eliminates the need to acquire and manage point product solutions that increase cost and management overhead, it also increases cross-functional collaboration between teams and accelerates digital transformation. Predefined and customizable dictionaries Inline: SSL Inspection Real-time DLP Policy Enforcement Browser Isolation Advanced Classification: EDM, IDM, OCR AWS Connector Out-of-Band: Data Classification Sharing Control Any User Workforce, Contractor, B2B Customer Any Device Corp Managed, BYOD Any Location HQ, Branch, Factory, Home Connectivity Browser, Client Connector, SD-WAN or Router
Workload Communications Zero Trust Exchange AWS West AWS East Public Cloud Public Cloud HQ DC 1 DC 2 DC 3 Workload to Internet • Attack surface reduction • Runtime compromise and data loss prevention without virtual FWs/proxies Workload to Workload • AWS accounts • AWS to data center Segmentation • User-to-app, app-to-app segmentation without network segmentation • AWS workload identity based micro-segmentation With Workload Communications, Zscaler has completely reimagined cloud connectivity by enabling zero trust for cloud workloads which delivers simple, secure access for workloads to the internet and private applications. Unlike legacy network solutions, Workload Communications provides a direct-to-AWS architecture using the proven Zscaler Zero Trust Exchange platform to verify trust based on identity and context to enable secure workload-to-internet communication, workload- to-workload communication across multiple regions and AWS Availability Zones and workload-to-workload communications within the AWS environment.
FW Management VPC Internal VPC Transit Gateway Bidirectional VPC East-West VPC App 2 VPC App 1 VPC Internal SaaS To the other AWS Regions, Data Centers, Public Clouds Region 1 Public Clouds Region 2 DC Key Benefits Workload Communications eliminates the network attack surface by directly connecting workloads to the internet and to private applications using a full proxy architecture. This architecture dramatically simplifies connectivity by eliminating routing, VPNs, transit gateways, transit hubs, and firewalls, while allowing for flexible forwarding and easing policy management by using the proven ZIA and ZPA policy framework. This unique approach provides three key benefits to AWS users: • Zero attack surface and data loss prevention - By using direct-to-cloud architecture to take traffic off the corporate network, applications in AWS environments are invisible to cyber threats reducing the risk of data loss • Simplified cloud connectivity - The Zero Trust architecture also avoids performance bottlenecks as IP overlap issues are removed, route distributions are no longer needed, and workloads are directly connected to other applications • Superior application performance at scale - Zscaler is built on a truly distributed architecture where every communication that reaches the service edge gets processed instantly for identity and context. The peering relationship with AWS in most regions globally, including GovCloud East and West ensures the shortest path between applications no matter where they are hosted, reducing latency and improving application performance Traditional security architecture creates complex routing, IP overlap/conflict and firewall/VPN bloat and squid proxies for cyber threat and data protection
App 2 VPC App 1 VPC Internal SaaS To the other AWS Regions, Data Centers, Public Clouds Region 1 Public Clouds Region 2 DC Security VPC Zero trust security solutions from Zscaler Workload Communications eliminates VM bloat (FWs, squid proxies, routing) and routing complexity (no IP overlap issues) Summary Together, Zscaler and AWS are helping organizations drive their secured digital transformation journeys, delivering: • Efficient routing that reduces latency and accelerates workload migration to AWS • Network and security architecture simplification via the elimination of firewalls and VPNs • Always-on access that improves end user experiences • Stronger, more comprehensive security posture to eliminate threats to cloud native applications • Increased business agility for a competitive edge • Lower costs to free up funds that are better spent elsewhere in the business Zero trust security solutions from Zscaler are readily available for purchase on the AWS Marketplace. We have everything you need to protect your users, data, and workloads. +1 408.533.0288 Zscaler, Inc. (HQ) • 120 Holger Way • San Jose, CA 95134 zscaler.com About Zscaler Zscaler (NASDAQ: ZS) accelerates digital transformation so that customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest inline cloud security platform. Learn more at zscaler.com or follow us on Twitter @zscaler. ©2023 Zscaler, Inc. All rights reserved. Zscaler™, Zero Trust Exchange™, Zscaler Internet Access™, ZIA™, Zscaler Private Access™, ZPA™ and ZDX™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners. Learn more about Zscaler for AWS

Recommended

(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...
Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...
Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...Microsoft Private Cloud
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Cloud Computing
Cloud Computing Cloud Computing
Cloud Computing MUFIX Community
 
Cloud Computing Ppt
Cloud Computing PptCloud Computing Ppt
Cloud Computing PptAnjoum .
 
Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Chindala Murali
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Mahesh Tibrewal
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxHarish Chander
 

Recommended

(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...
Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...
Microsoft Windows Azure - Platfrom Appfabric Service Bus And Access Control P...Microsoft Private Cloud
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Cloud Computing
Cloud Computing Cloud Computing
Cloud Computing MUFIX Community
 
Cloud Computing Ppt
Cloud Computing PptCloud Computing Ppt
Cloud Computing PptAnjoum .
 
Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Chindala Murali
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Mahesh Tibrewal
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxHarish Chander
 
Cloud computing
Cloud computingCloud computing
Cloud computingperfectican
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topologyIRSHAD RATHER
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS WorkloadsAmazon Web Services
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelHitesh Mohapatra
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSAmazon Web Services
 
Paper id 21201458
Paper id 21201458Paper id 21201458
Paper id 21201458IJRAT
 
Cloud services.pdf
Cloud services.pdfCloud services.pdf
Cloud services.pdfAsif Ali
 
CLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxCLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxsakshi126838
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingImane SBAI
 
What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?QOS Networks
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
Public cloud: A Review
Public cloud: A ReviewPublic cloud: A Review
Public cloud: A ReviewAjay844
 
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...Citrix
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingShashank Viswanadha
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service modelsPrateek Soni
 
High performance Of Cloud Computing
High performance Of Cloud ComputingHigh performance Of Cloud Computing
High performance Of Cloud ComputingStuart Braud
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

More Related Content

Similar to zscaler-aws-zero-trust.pdf

Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topologyIRSHAD RATHER
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS WorkloadsAmazon Web Services
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelHitesh Mohapatra
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSAmazon Web Services
 
Paper id 21201458
Paper id 21201458Paper id 21201458
Paper id 21201458IJRAT
 
Cloud services.pdf
Cloud services.pdfCloud services.pdf
Cloud services.pdfAsif Ali
 
CLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxCLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxsakshi126838
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingImane SBAI
 
What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?QOS Networks
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
Public cloud: A Review
Public cloud: A ReviewPublic cloud: A Review
Public cloud: A ReviewAjay844
 
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...Citrix
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service modelsPrateek Soni
 
High performance Of Cloud Computing
High performance Of Cloud ComputingHigh performance Of Cloud Computing
High performance Of Cloud ComputingStuart Braud
 

Similar to zscaler-aws-zero-trust.pdf (20)

Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topology
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment model
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWS
 
Paper id 21201458
Paper id 21201458Paper id 21201458
Paper id 21201458
 
Cloud services.pdf
Cloud services.pdfCloud services.pdf
Cloud services.pdf
 
CLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxCLOUD SEMINAR.pptx
CLOUD SEMINAR.pptx
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
Public cloud: A Review
Public cloud: A ReviewPublic cloud: A Review
Public cloud: A Review
 
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
Ensure the Secure, Reliable Delivery of Applications to Any User, Over Any Ne...
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service models
 
High performance Of Cloud Computing
High performance Of Cloud ComputingHigh performance Of Cloud Computing
High performance Of Cloud Computing
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 

zscaler-aws-zero-trust.pdf

  • 1. Zscaler and AWS Delivering Zero Trust Security for Users, Data, and Workloads
  • 2. Introduction Workload migration to Amazon Web Services (AWS) is now a reality for many organizations and public sector agencies. The global pandemic has only reinforced the importance of enterprises accelerating digital transformation and identifying strategies to migrate critical applications to AWS so they can ensure business continuity and resilience, reduce expenses, and gain new efficiencies. IT environments today have evolved from on-premises physical servers to virtualized infrastructure that supports applications and workloads across multiple AWS Regions, enabling users to access these applications anywhere, anytime. Perimeter-based security has failed to address the needs of modern business The prevalent security model in the cloud is based on shared responsibility whereby AWS is responsible for the security of the underlying cloud infrastructure while businesses assume the responsibility of securing their workloads and applications in the cloud. AWS Shared Responsibility Model Source: https:/ /aws.amazon.com/compliance/shared-responsibility-model/
  • 3. For the past thirty years, organizations have been building and optimizing complex, wide-area, hub-and- spoke networks, connecting users and branches to the data center over a private network. These hub- and-spoke networks were secured with stacks of security appliances, such as VPNs and firewalls, using an architecture known as castle-and-moat security. This approach served them well when the majority of employees worked at corporate offices with their data and applications residing at the data center. Today, users work from anywhere and frequently access applications and data that reside in the cloud. For fast and productive collaboration, users require direct access to apps from anywhere at any time. It no longer makes sense to route user traffic back to the data center for access and security in order to reach applications hosted on AWS. As cyberattacks become more sophisticated and users work from everywhere, perimeter security using VPNs and firewalls provide incomplete, inconsistent security and a poor user experience for the following reasons: • VPNs and firewalls extend the corporate network, expanding the attack surface and enabling threats to quickly move laterally, resulting in security breaches • A patchwork of legacy security point products introduces cost and complexity, resulting in missed attacks • Backhauling remote user traffic to the datacenter for access and security (hairpinning) results in latency, slow performance, and a poor user experience • Multi-vendor products provide inconsistent security across users, devices, and locations and make it difficult to prioritize threats (multiple dashboards) • Adversaries bypass traditional defenses with increasingly sophisticated threats delivered at scale • As organizations undergo application transformation—migrating applications to AWS or embracing SaaS applications—they need to move away from castle-and-moat security based on firewalls and VPNs to a modern architecture that secures fast and direct access to applications from anywhere at any time They need to adopt a zero trust architecture. Zscaler Zero Trust Exchange An AWS Advanced Tier Software Partner, Zscaler has been a leader in zero trust security for a decade and has successfully helped thousands of companies secure their digital transformations with the Zscaler Zero Trust Exchange. Zscaler’s zero trust architecture is an integrated platform that acts as an intelligent switchboard to broker connections between users, devices, and applications in AWS. Every request is verified using identity and context such as device type, location, application, and content. Once identity and context are verified, the zero trust architecture evaluates the risk associated with the connection request, as well as inspects the traffic for cyberthreats and SaaS Connection initiated to an app, not a network Inside-out Connections Monitor Experience 7. Enforce Policy 6. Prevent Data Loss 5. Prevent Compromise 4. Assess Risk (adaptive control) 3. Where is the connection going? 2. What is the access context? 1. Who is connecting? Connection Terminated Access over any network User + Device | Thing | Workload AWS Internet Data Center Factory Enforce Policy, Per- Session Decision and Enforcement Control Content and Access Verify Identity and Context
  • 4. sensitive data. And finally, policy is enforced before establishing a connection to AWS applications. This modern approach eliminates security, networking, and backhauling/performance challenges, enabling organizations to accelerate their app and workload migrations to AWS while delivering superior security and a positive user experience. The Zero Trust Exchange is the world’s largest security cloud with over 150 points of presence (PoPs) around the world and in most AWS Regions globally, including GovCloud East and West. The distributed architecture with performance hubs ensures that any communication can be sent directly to AWS efficiently and securely. How Zscaler and AWS drive secured digital transformation 1. Protecting the users Powering a user-focused, secure hybrid workforce requires flexibility for supporting employees and third parties in any location and on any device. It calls for a user experience that offers fast, secure, and reliable access to data, apps, and workloads within AWS. It demands a solution that scales with the business and protects against known and unknown threats. Zscaler protects AWS users by: • Connecting the users directly to specific AWS workloads and never to the network. This ensures that threats cannot propagate laterally to infect other users, devices, and applications • Having users and apps sit behind the zero trust exchange to render them invisible from the internet. Bad actors can’t attack what they can’t see. As a result, users are not affected by malware or cyber threats such as ransomware and phishing This enables organizations to significantly reduce risk, improve productivity, and deliver a superior user experience. 150 PoPs Worldwide Secure Internet/Saas Access (ZIA) API-CASB Digital User Experience Any User Workforce, Contractor, B2B Customer Any Device Corp Managed, BYOD Any Location HQ, Branch, Factory, Home Secure Private App Access (ZPA) SaaS Internet AWS IDP Application Peering Connector Connector Direct Connect Connectivity Browser, Client Connector, SD-WAN or Router
  • 5. Zscaler is a complete, integrated cloud-native solution that replaces disjointed, legacy point products and fulfills the vision for security service edge (SSE) by bringing together several core technologies to support AWS workloads. These include: • Zscaler Internet Access (ZIA) for cloud secure web gateway (SWG), cloud access security broker (CASB), cloud data loss prevention (DLP) and more • Zscaler Private Access (ZPA) for next-gen zero trust network access (ZTNA) • Zscaler Digital Experience (ZDX) for digital experience monitoring (DEM) 2. Protecting the data Users work remotely from a variety of devices, accessing and uploading data in AWS offerings like S3. As a result, perimeter-focused security appliances cannot protect this data, and turning to a different point product for each new use case breeds cost and complexity. Zscaler Data Protection follows data wherever it goes to enforce the principles of zero trust. Data is scanned inline for real-time classification and policy enforcement. Browser isolation streams data as pixels to unmanaged devices to stop exfiltration. Data at rest in AWS is scanned for sensitive information and automatic revocation of risky shares. Zscaler Data Protection is set apart by: • Being part of the most unified security platform that fills the needs of SSE and beyond • A unified policy engine that protects data consistently wherever it goes • Full SSL inspection from the world’s largest, most high performance security cloud • A proven platform deployed at scale across the world’s largest organizations 3. Protecting the workloads As workloads migrate to the cloud, organizations have an urgent and compelling need to modernize their networks and security to ensure business competitiveness. Legacy architectures, using VPNs, firewalls and security virtual appliances create routable mesh networks which expand the network attack surface and increase the risk of workload compromise. Complexity increases as multiple virtual appliances are replicated across locations. This creates significant challenges for organizations such as the risk of lateral threat movement, reduced productivity and collaboration as well as higher costs and the complexity of managing network security architectures to secure a hybrid workforce and cloud-based applications. Zscaler has extended its proven Zero Trust Exchange to secure not only user traffic, but hybrid and multi- cloud connectivity with Workload Communications. The solution enables a specific workload to securely communicate with another workload in any region of any cloud provider, over any network – often over the internet in both hybrid and multi-cloud environments. This consolidated approach not only eliminates the need to acquire and manage point product solutions that increase cost and management overhead, it also increases cross-functional collaboration between teams and accelerates digital transformation. Predefined and customizable dictionaries Inline: SSL Inspection Real-time DLP Policy Enforcement Browser Isolation Advanced Classification: EDM, IDM, OCR AWS Connector Out-of-Band: Data Classification Sharing Control Any User Workforce, Contractor, B2B Customer Any Device Corp Managed, BYOD Any Location HQ, Branch, Factory, Home Connectivity Browser, Client Connector, SD-WAN or Router
  • 6. Workload Communications Zero Trust Exchange AWS West AWS East Public Cloud Public Cloud HQ DC 1 DC 2 DC 3 Workload to Internet • Attack surface reduction • Runtime compromise and data loss prevention without virtual FWs/proxies Workload to Workload • AWS accounts • AWS to data center Segmentation • User-to-app, app-to-app segmentation without network segmentation • AWS workload identity based micro-segmentation With Workload Communications, Zscaler has completely reimagined cloud connectivity by enabling zero trust for cloud workloads which delivers simple, secure access for workloads to the internet and private applications. Unlike legacy network solutions, Workload Communications provides a direct-to-AWS architecture using the proven Zscaler Zero Trust Exchange platform to verify trust based on identity and context to enable secure workload-to-internet communication, workload- to-workload communication across multiple regions and AWS Availability Zones and workload-to-workload communications within the AWS environment.
  • 7. FW Management VPC Internal VPC Transit Gateway Bidirectional VPC East-West VPC App 2 VPC App 1 VPC Internal SaaS To the other AWS Regions, Data Centers, Public Clouds Region 1 Public Clouds Region 2 DC Key Benefits Workload Communications eliminates the network attack surface by directly connecting workloads to the internet and to private applications using a full proxy architecture. This architecture dramatically simplifies connectivity by eliminating routing, VPNs, transit gateways, transit hubs, and firewalls, while allowing for flexible forwarding and easing policy management by using the proven ZIA and ZPA policy framework. This unique approach provides three key benefits to AWS users: • Zero attack surface and data loss prevention - By using direct-to-cloud architecture to take traffic off the corporate network, applications in AWS environments are invisible to cyber threats reducing the risk of data loss • Simplified cloud connectivity - The Zero Trust architecture also avoids performance bottlenecks as IP overlap issues are removed, route distributions are no longer needed, and workloads are directly connected to other applications • Superior application performance at scale - Zscaler is built on a truly distributed architecture where every communication that reaches the service edge gets processed instantly for identity and context. The peering relationship with AWS in most regions globally, including GovCloud East and West ensures the shortest path between applications no matter where they are hosted, reducing latency and improving application performance Traditional security architecture creates complex routing, IP overlap/conflict and firewall/VPN bloat and squid proxies for cyber threat and data protection
  • 8. App 2 VPC App 1 VPC Internal SaaS To the other AWS Regions, Data Centers, Public Clouds Region 1 Public Clouds Region 2 DC Security VPC Zero trust security solutions from Zscaler Workload Communications eliminates VM bloat (FWs, squid proxies, routing) and routing complexity (no IP overlap issues) Summary Together, Zscaler and AWS are helping organizations drive their secured digital transformation journeys, delivering: • Efficient routing that reduces latency and accelerates workload migration to AWS • Network and security architecture simplification via the elimination of firewalls and VPNs • Always-on access that improves end user experiences • Stronger, more comprehensive security posture to eliminate threats to cloud native applications • Increased business agility for a competitive edge • Lower costs to free up funds that are better spent elsewhere in the business Zero trust security solutions from Zscaler are readily available for purchase on the AWS Marketplace. We have everything you need to protect your users, data, and workloads. +1 408.533.0288 Zscaler, Inc. (HQ) • 120 Holger Way • San Jose, CA 95134 zscaler.com About Zscaler Zscaler (NASDAQ: ZS) accelerates digital transformation so that customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest inline cloud security platform. Learn more at zscaler.com or follow us on Twitter @zscaler. ©2023 Zscaler, Inc. All rights reserved. Zscaler™, Zero Trust Exchange™, Zscaler Internet Access™, ZIA™, Zscaler Private Access™, ZPA™ and ZDX™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners. Learn more about Zscaler for AWS