Zscaler expands Zero Trust from cloud to on-prem

Get a free Techzine subscription!

Zero Trust is a term you come across a lot in conversations around security. It is no surprise that Zscaler also focuses strongly on this. Today, the company announced the necessary additions that should make Zero Trust more attainable for more organizations.

When it comes to Zero Trust, you’re actually talking about three key concepts according to Nathan Howe, VP Emerging Technology – 5G at Zscaler, who we spoke to briefly before today’s announcement.

  1. You link users to applications, not the corporate network;
  2. Applications should be invisible to the internet;
  3. Use a proxy architecture, not a pass-through firewall.

Zscaler, with Zero Trust Exchange, has a platform that allows you to accomplish these things. However, Zscaler was also a 100 percent cloud player. That is, the company’s (SaaS) offerings run in the cloud, which means you also have to route everything from your locations through the cloud. So if a user wants to connect to an application on-prem and your organization uses Zscaler to securely make that connection, you always had to go through Zscaler’s cloud environment first.

Today, Zscaler announces that this “workaround” is no longer necessary. It now offers Zscaler ZPA Private Service Edge. This basically brings the cloud to your on-prem environment. Howe calls it a “virtualized version of the Zscaler cloud.” You can run it on-prem, but also in your own cloud environment. So in areas where Zscaler can’t offer the “five nines” availability that it wants to offer as a minimum, you can still use the company’s technology this way. It also meets the needs of companies that are unable or unwilling to move to the cloud for regulatory or other reasons.

Isolation and automation

With the announcement of ZPA Private Service Edge, however, we’re not there yet in terms of new Zero Trust functionality. Zscaler is also announcing Cloud Browser Isolation. The name of this new service already largely indicates what it does. It sets up an isolated browsing session in the cloud the moment a user wants to access the Internet. The user actually only connects to a front-end. He recieves only a bitstream on the connecting device. This ensures you can’t download content or click on links, among other things.

According to Howe, there is an obvious use case for Cloud Browser Isolation: integrating with third parties. Those third parties need access to your environment if you work together, but they don’t need to be able to download anything. Think of situations where you are working on things with multiple parties at the same time, or if you are working with freelancers who also do things for competitors. Howe also sees added value for this new service during processes surrounding mergers and acquisitions.

A third area in which Zscaler is offering new services has to do with automation. New APIs are becoming available that allow you to automatically set up security policies around new services that Zscaler discovers in your environment. You can use this to automate the revocation of rights for users. In addition, ML will make automation easier too. For the time being, Zscaler is using it mainly for automatic micro-segmentation of workloads.

Zero Trust needs training and ecosystem

Zero Trust is definitely a concept we are moving towards as a market. Actually starting and implementing Zero Trust isn’t easy. Zscaler realizes this too, of course. That’s why, in addition to announcements regarding the platform, there are also a number of other announcements to be made today.

A key component in conveying the Zero Trust message, is that security personnel are aware of the best practices around Zero Trust. Hence, Zscaler created the Zero Trust Academy. As a security professional, you can obtain certificates here, focusing on secure access to (SaaS) applications and the internet. Naturally, Zscaler’s solutions play a central role in this process.

In addition to the skills of the security professionals, it is also important that you can really get started with Zero Trust. In order to do that, not everyone should have to reinvent the wheel. That’s why Howe also puts the necessary emphasis on the ecosystem of technology partners that Zscaler integrates and collaborates with. During our conversation, he mentions Crowdstrike, Microsoft and Splunk by name. In addition, Okta, SentinelOne and IBM Security are also among the technology partners. The idea is that you get a kind of blueprint through jointly validated models. These should guide security architects in the rollout of a Zero Trust architecture.

All in all, then, Zscaler plugs various holes in its Zero Trust story. Not only in terms of technology, but also in the equally important areas of people/skills and process.