Secure Cloud Transformation: The CIO’s Journey Request Your Copy
Secure Cloud Transformation: The CIO’s Journey
Request Your Copy

Zero trust security

Make it possible

Your Mission
Solutions > VPN Alternative

We know remote access VPNs are a pain

So we developed a better alternative for you.

Compare VPN vs. ZPA

A brief lesson in remote access VPN history

Thirty years ago, the corporate network was relatively simple. Security consisted of protecting applications inside the network and building a secure perimeter around them.

But then things changed. Applications began moving to the cloud, extending the perimeter to the internet. Users began using the cloud to work off-network and from any device, anywhere—usually without a VPN. Remote access VPNs worked well in the network-centric world, but in the age of cloud and mobility, application access needs to be independent of the network. It’s time to rethink the remote access VPN.

VPNs worked well in the network-centric world, but in the age of cloud and mobility, application access needs to be independent of the network

Why the software-defined perimeter is the ideal VPN alternative

Today, private application access is shifting away from network-centric approaches and enterprises have begun seeking a modern solution where users are never on the network and app access is granted on a least privilege basis. Because of this, many have turned to the software-defined perimeter (SDP). Built for the modern enterprise, this model enables secure access by exclusively connecting authorized users to specific private applications, without placing users on the network. Take a look at what this VPN alternative is bringing to enterprise environments.

User experience

Before

VPNs require frustrating authentication measures that force users to think about whether or not they need to use VPN to access certain applications.

After

SDPs are designed to deliver a faster and more seamless experience for all users, regardless of device, location, or application.

Security

Before

VPNs make it impossible to segment by application. In fact, providing private app access means giving the user full and lateral network access, creating a larger surface area of attack.

After

SDP completely decouples network access from application access, making micro-segmentation possible and creating a darknet for both network and apps via outbound only connections.

Complexity

Before

VPN appliances require ACLs and FW policies that are manual and time consuming. Appliance stacks must also be replicated across all data center locations, making them expensive to scale and difficult to manage.

After

Since SDPs rely solely on software, they are simple to deploy, they enable “set and forget” policies, and there are no physical or virtual appliances.

User experience

Before

VPNs require frustrating authentication measures that force users to think about whether or not they need to use VPN to access certain applications.

After

SDPs are designed to deliver a faster and more seamless experience for all users, regardless of device, location, or application.

Security

Before

VPNs make it impossible to segment by application. In fact, providing private app access means giving the user full and lateral network access, creating a larger surface area of attack.

After

SDP completely decouples network access from application access, making micro-segmentation possible and creating a darknet for both network and apps via outbound only connections.

Complexity

Before

VPN appliances require ACLs and FW policies that are manual and time consuming. Appliance stacks must also be replicated across all data center locations, making them expensive to scale and difficult to manage.

After

Since SDPs rely solely on software, they are simple to deploy, they enable “set and forget” policies, and there are no physical or virtual appliances.

The perimeter has extended to the internet,
so it’s time to replace the network-centric VPN

Zscaler Private Access (ZPA) is a cloud-based, software-defined service that provides secure access to all private applications, without the need for a remote access VPN. ZPA requires no appliances, but instead uses the Zscaler security cloud to deliver scalable remote and local access to enterprise apps while never placing users on the network. ZPA uses micro-encrypted TLS tunnels and cloud-enforced policies to create a segment of one between an authorized user and a named application. The inside-out connectivity from App Connector to the Zscaler Enforcement Node makes both the network and applications invisible to the internet, creating an isolated environment around each application.

Software-defined perimeter (SDP) architecture
1.  Zscaler Enforcement Node
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between the Z-App and App Connector
2.  Zscaler App
  • Mobile client installed on devices
  • Requests access to an app
3.  App Connector
  • Sits in front of apps in datacenter, hybrid, and cloud environments
  • Listens for access requests to apps
  • No inbound connections

The benefits of VPN replacement

IMPROVES REMOTE USER EXPERIENCE
Improves remote user experience
DECOUPLES APPLICATION ACCESS FROM NETWORK ACCESS
Decouples application access from network access
SIMPLIFIES IMPLEMENTATION AND MANAGEMENT
Simplifies implementation and management
REDUCES COSTS
Reduces costs

TriMedX, a Healthcare Technology Management organization replaced their VPN with ZPA and discovered the benefits of the software-defined perimeter (SDP).

Watch Video

See how Aster Group UK replaced its remote access VPN and enabled seamless, secure application access for its internal and third-party users.

Read the Story

Suggested Resources

Solution Brief

ZPA for VPN Retirement Solution Brief

Read the Solution Brief

Gartner Report

"It’s Time to Isolate Your Services From the Internet Cesspool"

Read Findings

Whitepaper

The Definitive Guide to Secure Remote Access

Read the Paper

Side-by-side comparison

VPN vs. ZPA

See the difference

It's time to retire your VPN for a better solution

See how easy life can be without VPN. Take ZPA for a test drive with our Free 7-day Hosted Demo.

Try ZPA for Free