Improves remote user experience
No need to log in to a VPN client
Seamless, cloud-like experience
Direct access to apps
Solutions > VPN Retirement
We know remote access VPNs are a pain
So we developed a better alternative for you.
Read Solution BriefA brief lesson in remote access VPN history
Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.
But then things changed. Applications began moving to the cloud, extending the perimeter to the internet. Users began using the cloud to work off-network and from any device, anywhere—usually without a VPN. Remote access VPNs worked well in the network-centric world, but they fail to deliver the zero trust security, visibility, and experience needed in the age of cloud and mobility. It’s time to replace the remote access VPN.
Why the software-defined perimeter is the ideal VPN alternative
Enterprises must rethink the way users access applications. To move to a modern approach, where access is based on specific users and specific applications, many have turned to the software-defined perimeter (SDP). Built for the modern enterprise, this model enables zero trust security by exclusively connecting authorized users to specific internal applications, without placing users on the network. Take a look at what this VPN alternative is bringing to enterprise environments.
The perimeter has extended to the internet,
so it’s time to retire the network-centric VPN
Zscaler Private Access (ZPA) is a software-defined service that provides secure access to any internal application, without the need for a remote access VPN. ZPA requires no appliances, but instead uses the Zscaler security cloud to deliver a zero trust framework. ZPA uses encrypted tunnels and policies to create a segment of one between an authorized user and a named application. The inside-out connectivity from Z-Connector to cloud makes all applications invisible to the internet and creates an isolated environment around each application.
1. Zscaler Enforcement Node
- Hosted in cloud
- Used for authentication
- Customizable by admins
- Brokers a secure connection between a Z-App and
a Z-connector
2. Zscaler App
- Mobile client installed on devices
- Requests access to an app
3. App Connector
- Sits in front of apps in Azure, AWS, and other public cloud services
- Listens for access requests to apps
- No inbound connections
The benefits of VPN replacement
Enables a zero trust security strategy
Application access, not network access
Apps are made invisible to internet
Enables discovery of shadow IT applications and application of controls
Supports all application types (server-side, web apps, etc.)
Simplifies implementation and management
ZPA software can be deployed in minutes
No need to manage ACLs or FW policies
Integrates with IDP providers and LDAP/AD
Can run in parallel with existing VPN services
Reduces costs
Scales without the need for physical or virtual appliances
Requires no replication of security stacks across data centers
Per-user pricing (unlimited devices per users)
See how Aster Group UK replaced its remote access VPN and enabled seamless, zero trust access for its internal and third-party users.
Suggested Resources
