The era of cloud and mobility has changed the way we work and transformed the internet into the transport network for most enterprises. Even so, many continue to rely on security technologies designed for the old world, when users and data were on the network and applications were housed in the data center.
ESG believes that the challenge of using legacy security methods in the cloud era will be a key catalysts for the adoption of a new user- and application-centric approach known as zero trust security. The zero trust model is enabled by the software-defined perimeter (SDP), delivering secure anywhere access to internal applications without the use of VPN technology.
2. 1
Public Cloud Usage Trends
We currently use cloud
computing services, 85%
We plan to use/are interested in
using cloud computing services,
12%
We have no plans or interest in using
cloud computing services, 3%
Overall usage of public cloud computing services. (Percent of respondents, N=651)
3. 2
Public Cloud Usage Trends, 2013-2018
57%
70% 71%
75% 78%
85%
2013 2014 2015 2016 2017 2018
Overall usage of public cloud services, 5-year trend. (Percent of respondents)
4. 3
Public Cloud Usage Trends: Service Model Breakdown
39%
51%
74%
25%
24%
13%
20%
15%
7%
14%
10%
5%
1%
1%
1%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Platform-as-a-service (PaaS)
Infrastructure-as-a-service
(IaaS)
Software-as-a-service (SaaS)
Please indicate your organization’s usage of or plans for each of the following cloud
computing services. (Percent of respondents, N=651)
Currently use
Do not currently use but we plan to
No use or plans at this time but we are interested
No use, plans, or interest at this time
Don’t know
5. 4
Endpoint Device Platforms Used
35%
43%
43%
53%
69%
BYOD devices that are profiled and verified to
comply with our security policy
Virtual desktop (VDI) workspace environments
Company-issued MacOS desktop/laptop
Company-issued mobile devices (Android,
MacOS, etc.)
Company-issued Windows desktop/laptop
Which of the following endpoint device platforms are currently used by your
organization’s employees? (Percent of respondents, N=385, multiple
responses accepted)
7. 6
Application Access Requirements
• Can scale with business needs
• Is built for zero trust access
• Delivers sensitive data protection
• Centralizes control for all services
9. 8
Application access must change
• Extra burden for users
• Costly and complex networks
• Insecure against modern threats
• Lack of granular visibility into network traffic
10. 9
Insanity: “Doing the same thing over and over again
and expecting different results.”
- Albert Einstein
WORDS TO LIVE BY
15. 14
SDPs are key to achieving a zero trust security model
• Never automatically trust any user or network
• Reduce the attack surface by reducing # of users able to access an application
• Provide access on a strict “need to know” basis
• Verify before granting any level of access to an application
• Create a segment of one between a named user and a named application
19. 18
Building ZPA’s SDP Architecture
Built on Zscaler’s Foundation
• 4+ Year Dedicated Investment with a dedicated engineering team building our SDP
• Leveraged a Proven End Point - Zscaler App (all ports/protocols) on Windows, Mac, IOS and
Android across 1.5M+ endpoints already
• User Experience is awesome! Users access internal apps just like they access Internet and SaaS
“Any to Any” Internet Scale Architecture
• Modern micro-services architecture with auto-scaling and containerization
• Running in Zscaler Datacenters plus AWS and Azure (20+ regions)
20. 19
Zscaler Private Access – How the service works
Zscaler App2
SDP architecture
Zscaler Enforcement Node (ZEN) –
secure user to app connection
• Cloud Policy engine - user to app access rights
1
Zscaler App – requests access to an app2
App Connector – sits in front of apps;
Inside-out connections only - “I’ll call
you”
3 1
ZEN (hosts policy)
Data Center
App connectors
3
3
EMPLOYEESPARTNERS
The experience users want. The security IT needs.
New York London Sydney
21. 20
The 4 security tenets in action
Data Center
EMPLOYEESPARTNERS
Remote users are never
placed on-net
• Application access,
not network access
1
Applications are invisible
to unauthorized users
• Users can’t access
what they can’t see
• Outbound
connections only
2
App segmentation not
network segmentation
• Define which users
access which apps
3
The internet is the new
secure network
• Double-tunneling for
secure access
4
22. 21
Location: Germany
Industry: Manufacturing
User Count: 12,000 users in over 100
locations and 70 countries
Zscaler Products: ZPA, ZIA
Use Case:
• VPN retirement
• Secure cloud adoption
• Zero-trust adoption
The challenge
Benefits of SDP
• MAN Energy Solutions was undertaking a
massive cloud (AWS) adoption, and needed a
better way to provide remote access to internal
applications.
• Needed more visibility into their network and to
ensure true zero trust access to their internal
applications
• ZPA secures access for over 5,000 MAN ES employees.
Enabled zero trust security through application
segmentation and enforcing granular policies via the
Zscaler Security Cloud.
• Users and devices are never allowed on the network,
which increases security and decreasing risk. Creating a
Zero-trust network.
23. 22
Location: Maryland, USA
Industry: Food, Beverage &
Tobacco
User Count: 21,000 employees
Zscaler Products: ZPA, ZIA
Use Case:
• VPN retirement
• Secure partner access
The challenge
Benefits of Zscaler Platform
• Was having issues with their legacy VPN solution. Wanted a
remote access solution that provided reliable and secure
access to SAP
• Leveraging Google Chromebooks and VPN services lack
compatibility with these devices. In future will need a
security service for secure partner access to internal apps
• Needed a solution that supported a spectrum of different
operating systems for employees and partners.
• Provides a reliable solution for remote users to gain access to internal
applications, all while enabling a zero-trust model by never placing users
on the network.
• Google Chromebooks have policy-based access to SAP and other
sensitive internal applications
• Uses ZPA’s browser access feature which requires no client on the
endpoint device
• Avoid lock-in
24. 23
Read the ESG Solution Showcase
“Say Hello to the Software-Defined Perimeter”
info.zscaler.com/resources-industry-reports-esg-software-defined-perimeter.html
Thank You!
Jon Oltsik
Senior Principal Analyst and
ESG Fellow
Dhawal Sharma
Sr. Director Product
Management, Zscaler