Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More
Products > Zscaler Private Access

A new approach to securing
internal applications

Secure remote access is better
with a software-defined perimeter

Read the eBook

The challenge of network-centric security

For 30 years, enterprises have relied on network-centric methods to connect users to the network, and by extension the applications running on it. But the way users work has changed, and with applications moving to cloud, the perimeter has extended to the internet. This renders network-centric solutions, like remote access VPNs, obsolete.

Common pitfalls of network-centric approaches:
  • Places users on-net which increases risk
  • Provides a poor end user experience
  • Inbound connections create opportunity for DDoS attacks
  • Requires appliances, ACLs and FW policies
  • No ability to provide application segmentation
  • Lack of visibility into app-related activity
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Zscaler Private Access

Enabling user and application-centric security

Zscaler Private Access (ZPA) is a cloud service from Zscaler that provides zero-trust, secure remote access to internal applications running on cloud or data center. With ZPA, applications are never exposed to the internet, making them completely invisible to unauthorized users. The service enables the applications to connect to users via inside-out connectivity versus extending the network to them. Users are never placed on the network. It provides a software-defined perimeter that works across any IT environments, any device and any internal application.

Read the Datasheet
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.
See Our Solution View the Challenge

Zscaler Private Access benefits

Transform with Zscaler.

Users receive better experience

Integrates with SSO and provides seamless direct-to-app remote user experience.

Less complexity for admins

Network admins can segment based on application from within the web UI. No need to segment by network. No IP address segmentation or access control lists required.

Secure remote access, without network access

Policy based access to apps, with no access to network. Visibility into apps being accessed by users and ability to discover and secure unsanctioned apps

Traffic remains private via internet network

Service uses dynamic, application specific TLS-based end to end encrypted tunnels. Enterprises can bring their own PKI as well.

No hardware appliances, lower costs

The cloud service requires no hardware. Enterprises can easily scale across multiple data centers with no need to purchase new appliances.

Scale elastically, reduce latency

The service uses the global Zscaler cloud to ramp up new users and route them to the app location nearest to them, leveraging a vast cloud network across multiple continents.

See how MAN Diesel & Turbo SE uses ZPA to provide zero-trust access to internal apps, at global scale.

Read Case Study

See how this e-commerce company replaced its remote access VPN and now provides a better experience, while improving security.

Read Case Study

Delivering a truly software-defined perimeter solution

Zscaler Private Access takes a user and application-centric approach to network security. It ensures that only authorized users and devices have access to specific internal applications. Rather than relying on physical or virtual appliances, ZPA uses lightweight infrastructure agnostic software to connect both users and applications to the Zscaler Security Cloud, where the brokered connection is stitched together.

1.  Cloud Policy Engine
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between a Z-App and
    a Z-connector
2.  Z-App
  • Mobile client installed on devices
  • Requests access to an app
3.  Z-Connector
  • Sits in front of apps in Azure, AWS, and other public cloud services
  • Listens for access requests to apps
  • No inbound connections

Discover and secure shadow IT applications

Many enterprise teams are unaware of the sheer number of applications in their environment. ZPA identifies previously undiscovered internal applications running in the datacenter or on public cloud infrastructure. Once identified, admins can set granular policies for each application, ensuring the environment remains secure and controlled. This, combined with ZPA’s ability to make known applications invisible to unauthorized users, reduces the attack surface dramatically.

Choose application segmentation, not network segmentation

In the past admins needed to segment networks to ensure secure user connections. Today, enterprises use ZPA to control which users access which applications. Admins can easily set granular policies at the application level for specific users, users groups, applications, application groups and associated subdomains.

1.  Create and define policy names
2.  Set different permissions levels for users and user groups
3.  Select the applications each policy is associated with
4.  Easily add new rules and policies for your users and applications from within the UI

Suggested Resources


Watch a demo of Zscaler Private Access

Watch Now 

Interactive Demo

Take ZPA for a Test Drive

Begin Interaction 

Definitive Guide

Read The Definitive Guide To Secure Remote Access

Get the Guide