It’s 2019 and your users are working from anywhere but the office, enterprise applications have migrated to the cloud or hybrid environment, and VPN is no longer the answer to private application access in this new world of user-to-app connectivity.

1. ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION
Three Ways Zero Trust Security
Redefines Partner Access
Three reasons SDP will
replaceVPN in 2019
Kunal Shah
Principal Product
Manager
Steve Bonek
Information Security
Manager

2. 2
INTERNET
Hub-and-Spoke Architecture
Castle and Moat architecture to
protect the corporate network
Inbound
Gateway
Risk is introduced by giving too much
trust to users and networks
Complexity of ACLs and firewalls can
make remote access difficult to manage
Users become frustrated with
a poor experience
Months often spent on
getting infrastructure set up
Today’s needs aren’t solved with yesterday’s technology

3. Virtual Private Network (VPN) access
The challenges of legacy application access
• Users are placed on the network to access apps
• User experience is painful and slow
• Lack of visibility into user and application activity
Software-defined Perimeter (SDP) access
Enable “least privileged” access to private apps without
granting network access leveraging the
software-defined perimeter (SDP)
Introducing the new world of Private Application Access
Remote
user
Policy Enforcement
Checkpost
Public Cloud
Private Cloud / On-
Premise DC
Remote user

4. Software-Defined Perimeter (SDP)
A modern approach to remote access and zero trust:
Abandons the network-centric design, and instead secures private application
access using a user and app-centric approach:
“By 2021, 60% of enterprises will phase out network VPNs for digital
business communications in favor of software-defined perimeters.”
Gartner, November 2017
• Decouples private application access from network access
• 100% software-defined; No physical or virtual appliances needed
• Application access is micro-segmented and provisioned on a “least privileged” basis
• Advanced visibility into all user and app activity
• Different approach to zero trust than firewalls and users placed on network

5. Three reasons SDP is the future of private application access
App access is detached
from network access
1 2 3
Minimize risk with
micro-segmentation
Monitor any
suspicious activity
Users are never placed
on the network
Stops overprivileged access via
inside-out connections
No longer need to
leverage VPNs
On-demand TLS microtunnels eliminates
lateral movement between apps
Granular visibility into all
user and app activity
Discover previously unknown apps
and apply granular controls
Automatic log streaming to
SIEM in both past & real-time
Enforce policies to create secure
segments of one between user and app
No more ACL and FW
policies to manage

6. How TRIMEDX leverages the software-defined
perimeter (SDP)

7. Location: Indiana, USA
Industry: Healthcare Services
User Count: 1,700 employees
Who are we?
The Challenge
• TRIMEDX is a healthcare technology management
organization performing clinical engineering and clinical
asset management services.
• TRIMEDX started in the 1990s in the basement of St.
Vincent Hospital in Indianapolis, Indiana.
• Today, the company is in more than 1,800 healthcare
locations across the United States and the Cayman Islands.
• Remote workstations not receiving approved patches in a timely fashion.
• Remote users had no need to use the traditional VPN on a daily basis.
• Remote users were not prompted to change their password.

8. The Benefits
The Solution
• Must work for remote TRIMEDX technicians
• Must be seamless for the end-user
• Must be secure
Looking Forward?
• Decreased vulnerabilities for remote workstations
• Ensured compliance with policies and consistent password changes
• Better user experience
• Finalize retirement of existing VPN solution
• Investigate possible uses as part of Aramark HCT
acquisition
• Utilize solution for any new Private Cloud applications

9. ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION
Zscaler Private Access (ZPA)
The cloud-based, SDP solution that provides fast,
secure private application access to all users,
from all locations.

10. Zscaler Private Access
fast, secure, software-defined access to private apps
BYOD Branch Users
Public Cloud
Private Cloud /
Data Center
INTERNALLY
MANAGED
Remote User
The 4 Tenets
Application access is decoupled
from network access.
Micro-segmentation, not
network segmentation.
Inside-out connectivity
makes private apps invisible
Double encrypted micro-tunnels
ensure secure, segmented access
to private apps.

11. Zscaler App /
Browser Access
1
2
Zscaler Enforcement
Node (enforces policy)
4Brokered
connection
How it works
Traffic is directed to the Zscaler
Enforcement Node (ZEN)
• User is authenticated through IDP provider
• Custom access policies are applied
• Access request signal is sent to
nearest App Connector
2
User attempts to access app in the datacenter
or cloud (i.e., SAP). Leveraging either Z App or
Browser Access
1
App-to-user connection is securely stitched
together within Zscaler cloud
4
App Connector closest to the app location
responds and establishes an inside-out connection
3
How Zscaler’s SDP architecture works
App Connectors
3 3

12. Top use casesfor
ZPA
VPN Replacement
Multi-cloud
Adoption
Accelerated M&A
Secure
Partner Access

13. 13
What makes ZPA different from SSL/IPsec VPNs?1
Do I need to rip out my existing VPNs?2
How is ZPA different from other SDP solutions?3
The top questions
asked about ZPA

14. Thank You!
Try a SDP solution for yourself! Take ZPA for a
test drive with our free 7-day hosted demo:
https://www.zscaler.com/zpa-interactive
Kunal Shah
Principal Product
Manager
Steve Bonek
Information Security
Manager
VPN vs. ZPA
Side-by-side comparison
See the performance difference as
ZPA goes up against the VPN
https://zscaler.wistia.com/medias/161ir7rs9p