Zscaler Private Access

Zscaler Private Access (ZPA) is all about making your assets and applications more secure with the help of dedicated cloud-based service. To achieve this, ZPA will secure access to your IT crown jewels with the help of a policy-based and context-focused approach to security.

As a welcome bonus, ZPA wants to get its job done better than any virtual private network (VPN) while cutting down on fat when it comes to maintenance demands, costs, and security risks. If you are into protecting access to private assets and applications across the cloud, data centers, or just wherever you keep your enterprise resources, Zscaler Private Access is surely worthy of your attention.

Now, let’s see why this is the case.

Zscaler Private Access security features

Zscaler Private Access markets its security model around the idea of intelligent restriction of access to internal services and applications of an organization. At the same time, it wants to position itself as a safer alternative to VPNs by eliminating the need to connect to one’s network to get access to applications.

Instead of this, you can establish a set of context-based access policies that will govern access to internal assets based on the requirement of a specific task that needs to be done. This means that accessing these resources is done without accessing networks, which, understandably, minimizes risks coming from this avenue of attack.

This sets ZPA apart from the Zscaler Internet Access (ZIA) solution by the same provider that is dedicated to providing online access to public applications. With a ZPA, you get the single sign-on (SSO) authentication for all the apps your organization uses, as well as custom access policies that can be defined and scaled in line with your needs.

Management features

Running ZPA is made easier with the help of an array of management features that come packaged with this solution. First of all, you can integrate its SSO with widely used identity solutions such as Okta or Azure AD. If you are implementing a BYOD policy ZPA will provide you with browser-based access for smoother operation.

With ZPA, full visibility of all activities that involve users and applications is made possible by intelligence admins that perform several tasks. In addition to learning which applications run in your public cloud at all times, you have real-time insights into what any user is doing at any moment, as well as into the state of each server and connector. 

Also, you can also automatically send user audit logs to your Security Information and Event Management (SIEM) provider.

Finally, ZPA comes with a single pane of glass platform that helps you control access to every application in a granular manner. This means that the associated policies are hosted in the cloud tasked with managing who can access which app or not. Going beyond the level of an individual user, you also segment your access policies to user or application groups.

Zscaler Private Access interface

The living and the beating heart of the Zscaler Private Access is the ZPA Admin Portal which is chock-full of dashboards that you would expect to see when promised a bird’s eye view of your resources, users, and infrastructure. 

Despite this lofty technological goal, the Portal is anything but cluttered, despite giving you valuable insights into everything that goes with your apps and users. In addition, you have an equally useful overview of the operation of your servers. Once activated, these dashboards will be your key assistants in getting the most out of the Zscaler Private Access service. 

Applications Dashboard, for example, gives you insights into all applications used by your organization. Users Dashboard does the same for the users while the Health Dashboard covers the status of your App Connectors and ZPA Private Service Edges. The majority of these tools come with the support for various search and time range options. 

The interface also features a range of diagnostic features, including those that notify you of user activity, user status, app connector status, ZPA private service edge status, etc. 

To make things easier, you can have your ZPA automatically identify and notify you of the applications the access to which is being requested by users, or do everything manually. The same interface is used to set up specific policies that regulate access to apps, with an option to make all other applications virtually invisible and unroutable to unauthorized users. 

You can install Zscaler Client Connector to any of your devices, including mobile platforms, in order to manage access to applications from any location. The Connector is easily accessed by providing SAML 2.0-based SSO credentials.

Pricing

If you want to get your hands on Zscaler Private Access, we hope that you have developed tolerance to reticence when it comes to pricing. So, despite professing the ideals of convenience and accessibility, Zscaler will let you know that learning more about their plans and pricing requires you to set aside some time to talk to their “cloud security specialist”. 

At the same time, the services provided are described as being packaged “in bundles on an annual, per-user subscription basis”. What is on offer here is a range of editions that are described as Professional Edition, Business Edition, and Transformation Edition. 

What sets them apart is the range of services they provide, starting with the Professional edition that is described as an entry-level solution with core functions. On the other hand, Business Edition focuses more on corporate-friendly features that are suitable for an organization with an on-premise and remote workforce as well as third-party users. 

Finally, the bravely named Transformation Edition extends the usability of the core and business-oriented service to application workloads and business-to-business customers.

Conclusion

If you are considering Zero Trust Network Access (ZTNA) as an IT security solution option, Zscaler Private Access (ZPA) will be able to scratch that itch more than competently.

ZPA is a cloud-delivered service that delivers on the promise to restrict access to only the users you want to have it, with the context and temporary requirements of a particular task being the key criteria based on which it is granted.

Now, getting used to the idea that you can get access to essential enterprise resources without a network takes some time and mental reprogramming, but if you want to adopt the cloud to extend your security perimeter to the whole of the internet, you can hardly go wrong with the Zscaler Private Access service.