How sdp delivers_zero_trust
3 likes851 views
The document discusses the increasing adoption of public cloud services and the need for secure access models, highlighting the role of Software-Defined Perimeters (SDPs) in achieving zero trust security. It emphasizes that modern organizations are transitioning away from traditional VPNs to SDPs for improved security, visibility, and application segmentation. Real-world use cases showcase the effectiveness of Zscaler's SDP solutions in enhancing security and simplifying access for remote users across various industries.
How sdp delivers_zero_trust
- 1. 0 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Say Hello to the Software- Defined Perimeter How SDPs deliver zero trust security Jon Oltsik Senior Principal Analyst and ESG Fellow Dhawal Sharma Sr. Director Product Management, Zscaler
- 2. 1 Public Cloud Usage Trends We currently use cloud computing services, 85% We plan to use/are interested in using cloud computing services, 12% We have no plans or interest in using cloud computing services, 3% Overall usage of public cloud computing services. (Percent of respondents, N=651)
- 3. 2 Public Cloud Usage Trends, 2013-2018 57% 70% 71% 75% 78% 85% 2013 2014 2015 2016 2017 2018 Overall usage of public cloud services, 5-year trend. (Percent of respondents)
- 4. 3 Public Cloud Usage Trends: Service Model Breakdown 39% 51% 74% 25% 24% 13% 20% 15% 7% 14% 10% 5% 1% 1% 1% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Platform-as-a-service (PaaS) Infrastructure-as-a-service (IaaS) Software-as-a-service (SaaS) Please indicate your organization’s usage of or plans for each of the following cloud computing services. (Percent of respondents, N=651) Currently use Do not currently use but we plan to No use or plans at this time but we are interested No use, plans, or interest at this time Don’t know
- 5. 4 Endpoint Device Platforms Used 35% 43% 43% 53% 69% BYOD devices that are profiled and verified to comply with our security policy Virtual desktop (VDI) workspace environments Company-issued MacOS desktop/laptop Company-issued mobile devices (Android, MacOS, etc.) Company-issued Windows desktop/laptop Which of the following endpoint device platforms are currently used by your organization’s employees? (Percent of respondents, N=385, multiple responses accepted)
- 6. 5 The perimeter has extended from the datacenter, to the internet
- 7. 6 Application Access Requirements • Can scale with business needs • Is built for zero trust access • Delivers sensitive data protection • Centralizes control for all services
- 8. 7 Current Network Access Model DMZ
- 9. 8 Application access must change • Extra burden for users • Costly and complex networks • Insecure against modern threats • Lack of granular visibility into network traffic
- 10. 9 Insanity: “Doing the same thing over and over again and expecting different results.” - Albert Einstein WORDS TO LIVE BY
- 11. 10 The Rise of the Software-defined Perimeter
- 12. 11 SDP Quote “No one has an SDP budget, but Every enterprise has an SDP need.”
- 13. 12
- 14. 13 Top Enterprise SDP Use Cases • VPN replacement • Third-party access • Privileged account management • Cloud application access • Application discovery
- 15. 14 SDPs are key to achieving a zero trust security model • Never automatically trust any user or network • Reduce the attack surface by reducing # of users able to access an application • Provide access on a strict “need to know” basis • Verify before granting any level of access to an application • Create a segment of one between a named user and a named application
- 16. 15 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Zscaler Private Access Zero trust access to internal applications
- 17. 16 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION ZPA: Make application access secure, seamless and simple Public Cloud Private Cloud / Data Center • Zero trust access to internal apps running in any environment • Embrace application segmentation by default • Provide app connectivity without placing users on-net • Delivers seamless user experience across users & apps INTERNALLY MANAGED HQMOBILE BRANCHIOT
- 18. 17 ModernPlatformsRequireModernMethodsforConnectingToThem • “By 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters” • Gartner • November 2017
- 19. 18 Building ZPA’s SDP Architecture Built on Zscaler’s Foundation • 4+ Year Dedicated Investment with a dedicated engineering team building our SDP • Leveraged a Proven End Point - Zscaler App (all ports/protocols) on Windows, Mac, IOS and Android across 1.5M+ endpoints already • User Experience is awesome! Users access internal apps just like they access Internet and SaaS “Any to Any” Internet Scale Architecture • Modern micro-services architecture with auto-scaling and containerization • Running in Zscaler Datacenters plus AWS and Azure (20+ regions)
- 20. 19 Zscaler Private Access – How the service works Zscaler App2 SDP architecture Zscaler Enforcement Node (ZEN) – secure user to app connection • Cloud Policy engine - user to app access rights 1 Zscaler App – requests access to an app2 App Connector – sits in front of apps; Inside-out connections only - “I’ll call you” 3 1 ZEN (hosts policy) Data Center App connectors 3 3 EMPLOYEESPARTNERS The experience users want. The security IT needs. New York London Sydney
- 21. 20 The 4 security tenets in action Data Center EMPLOYEESPARTNERS Remote users are never placed on-net • Application access, not network access 1 Applications are invisible to unauthorized users • Users can’t access what they can’t see • Outbound connections only 2 App segmentation not network segmentation • Define which users access which apps 3 The internet is the new secure network • Double-tunneling for secure access 4
- 22. 21 Location: Germany Industry: Manufacturing User Count: 12,000 users in over 100 locations and 70 countries Zscaler Products: ZPA, ZIA Use Case: • VPN retirement • Secure cloud adoption • Zero-trust adoption The challenge Benefits of SDP • MAN Energy Solutions was undertaking a massive cloud (AWS) adoption, and needed a better way to provide remote access to internal applications. • Needed more visibility into their network and to ensure true zero trust access to their internal applications • ZPA secures access for over 5,000 MAN ES employees. Enabled zero trust security through application segmentation and enforcing granular policies via the Zscaler Security Cloud. • Users and devices are never allowed on the network, which increases security and decreasing risk. Creating a Zero-trust network.
- 23. 22 Location: Maryland, USA Industry: Food, Beverage & Tobacco User Count: 21,000 employees Zscaler Products: ZPA, ZIA Use Case: • VPN retirement • Secure partner access The challenge Benefits of Zscaler Platform • Was having issues with their legacy VPN solution. Wanted a remote access solution that provided reliable and secure access to SAP • Leveraging Google Chromebooks and VPN services lack compatibility with these devices. In future will need a security service for secure partner access to internal apps • Needed a solution that supported a spectrum of different operating systems for employees and partners. • Provides a reliable solution for remote users to gain access to internal applications, all while enabling a zero-trust model by never placing users on the network. • Google Chromebooks have policy-based access to SAP and other sensitive internal applications • Uses ZPA’s browser access feature which requires no client on the endpoint device • Avoid lock-in
- 24. 23 Read the ESG Solution Showcase “Say Hello to the Software-Defined Perimeter” info.zscaler.com/resources-industry-reports-esg-software-defined-perimeter.html Thank You! Jon Oltsik Senior Principal Analyst and ESG Fellow Dhawal Sharma Sr. Director Product Management, Zscaler
- 25. 24