The New Remote Access VPN, is not a VPN
by Stuart Hardy - Director at OneSecure
Aside from some minor architecture and protocol changes over the last decade, remote access VPN solutions have remained largely unchanged in the market since 2000.
As the name implies, remote access VPN solutions have been designed to securely connect a company’s mobile users to the corporate network, so they can replicate the network access they would have when sitting inside the trusted network.
Diagram 1.1: To date Remote Access VPN design
Image source: Zscaler
But whilst remote access VPN’s have not changed much, the need for secure remote application access is at an all-time high as users become more mobile, or increasingly work from home. As a result, this has led to user frustration, as they expect the same level of service and ease of use when connecting to their applications remotely, as when they are in the office.
After such a long period with little innovation, it should come as little surprise that one company has redeveloped the remote access VPN model, to align it with current and future trends in the growing user mobility and cloud application world. That company is Zscaler. Already known for its revolutionary Zscaler Internet Access, Zscaler Private Access is leading the way by designing a solution that will replace the remote access VPN solution and according to Stuart Hardy, eventually even your WAN.
Zscaler Private Access has been developed to improve every aspect of remote access VPN while paying special attention to the key role cloud application delivery will play in the future.
Diagram 1.2: Zscaler Private Access, Remote Access VPN replacement
Image source: Zscaler
I believe that a new era of remote access is upon us where users get access to applications and not the network – i.e. users will connect directly to private cloud applications without needing to connect into the corporate LAN. A faster, simpler and more scalable access for trusted and untrusted network users.
Zscaler Private Access (ZPA) secures users’ and third parties’ inbound access to internal company-owned technology resources. These applications live in a data centre and/or cloud environment(s), public and/or private. Significant security controls allow users and third parties access over any network in a Zero Trust model, wherein you adopt a continuous adaptive risk and trust assessment (CARTA) approach towards users. Application access becomes the key to service delivery and avoids
bringing users onto the corporate network while giving you full visibility into user activity.
ZPA solves some significant pain points for organisations that deploy and manage private remote access VPN solutions. Aside from being an appliance-less service delivered from the cloud as-a-service, ZPA greatly improves security by removing network-wide access and connecting the user to the ZPA cloud network instead. This change in architecture allows company administrators to deliver application only access to users plugging multiple security holes. This is especially effective in 3rd
party application access, mergers and divestitures.
While the immediate focus for ZPA is remote access VPN retirement, the product is expected to challenge the very notion of a network or WAN in future, as customers move to cloud reducing the reliance in a traditional network.