Security

Review: Zscaler Private Access Streamlines Government Operations

This platform enforces zero trust security through the principle of least privilege.

Carlos Soto is an award-winning reviewer and journalist with 20 years of experience covering technology and business within various sectors and industries.

Keeping data and its corresponding systems safe for workers in with hybrid schedules is challenging for any IT security team. In the past, I have worked with IT security to help categorize which teams and user groups had access to which applications and files as part of redundant mapping exercises designed to reinforce security and compliance reporting. These types of activities burn a lot of time and resources, depleting productivity.

With those challenges in mind, companies such as Zscaler are changing the way users access resources to deliver not only security but also increased productivity. Zscaler Private Access promises to boost security with a zero-trust solution that connects authorized users directly to agency-approved private applications without access to the network.

As a cloud-delivered, zero-trust network access solution, ZPA offers a compelling alternative to any agency looking to remove legacy VPNs or perimeter-based security models and move to something more scalable, sustainable and secure. Agencies of all sizes could help IT security staff dramatically reduce cyber risk while significantly improving application performance and agency productivity.

ZPA reduces the attack surface by hiding applications from the internet. I tested Zscaler by using the same application while also traveling the farthest possible distance in the United States from my home network on the East Coast, all the way out to Hawaii. I was interested to see if we could detect any lag time when using Zscaler in my home office compared with working from the Hawaiian Islands, where all of our data and applications were far away.

Click the banner below to start implementing smarter security.

x_security_q325_animated_click_desktop_03

x_security_q325_animated_click_mobile_03

Reducing Exposure to Denial-of-Service Attacks

In Hawaii, I noticed that because all connections are outbound-only with ZPA, it in effect reduces exposure to specific attacks such as those that use denial-of-service techniques. The platform also removes all open, inbound firewall ports, further securing an agency’s network since the incoming traffic isn’t routed through an internal network. Instead, it’s brokered through the Zscaler cloud via lightweight Zscaler App Connectors.

While on the island of Oahu, I noticed that the same rapid setup and integration to mission-critical applications occurred whether we were on the more remote north or western shores, at the center of the island or in the busy metropolitan center of Honolulu.

DISCOVER: This is how agencies are controlling cloud spending.

Accessing Internal Resources Without a Network

As opposed to traditional VPNs, using Zscaler Private Access does not require users to connect to a network or establish direct paths to internal resources. As a software-defined, cloud-based solution, ZPA provides secure access to internal applications without placing users on the network. It uses a brokered, identity- and context-based access model to provide access to critical resources. This access is built around zero-trust principles to ensure data integrity.

From a security operations center perspective, because ZPA separates application access from network access, the solution is able to reduce any attack vector and the overall vulnerability surface, minimizing lateral movement. For agency CISOs, this capability empowers networks with a key security advantage for handling sensitive data. This approach also supports access to applications across multicloud environments, data centers and hybrid architectures, which makes it ideal for agencies with complex IT environments.

Since ZPA will only secure users with access to authorized applications based on contextual factors such as identity and location, it’s compliant with Executive Order 14028 and the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model. This model carries a stringent identity verification and continuous monitoring process, which ZPA is compliant with and easily achieves.

Work on the go and from remote locations for agency users will continue and will continue to present nightmares for many IT security teams. But with security applications such as Zscaler, CISOs can rest easier knowing their agencies are better protected without compromising mission-critical operations and productivity.

SPECIFICATIONS

PRODUCT LINE: Zscaler
MODEL: Professional Edition
MAIN SOFTWARE TYPE: Subscription license
SOFTWARE SUB TYPE: Online and appliance-based services
LICENSE QUANTITY: One user
LICENSE VALIDATION PERIOD: One year

Key Challenges in Effectively Implementing Agency Security from Solutions such as Zscaler

While ZPA offers numerous advantages, there are some implementation considerations that agencies need to consider in order to drive even more success and efficiency.

The first consideration is the journey IT teams need to account for when transitioning from legacy VPNs and perimeter-based security over to ZPA. This migration requires careful planning, especially for large agencies with aging infrastructure. The planning should include an effective communication strategy for users as well as training. Using ZPA is a lot easier than fiddling with VPNs, but it is quite different from what users have been doing with their legacy infrastructure.

It also helps if agencies validate all of their identity information as part of the inventory of app mapping. This step should also include mapping access patterns to feed into new security policies. Since ZPA’s policy model may require security and IT teams to adopt new processes, it’s essential that training and support from Zscaler be extended to the IT implementation teams as well. This is an essential step for a smooth initial rollout.

Cloud reliance is another key step that agencies must evaluate. They should ensure that their approach to cloud infrastructure aligns with existing interagency service-level agreements. Additionally, you don’t want to have a misalignment between the use of Zscaler and any mission-critical continuity requirements.

One great feature of ZPA is that it supports various compliance frameworks, including NIST SP 800-53 and FISMA. This helps facilitate the understanding of the level of authorization for agencies handling sensitive but unclassified or controlled unclassified information.

As onerous as some of these steps are to undertake, the performance and security that they support are worth it. Agencies with remote operations around the world or those that are distributed across large networks will find a lot of benefit from ZPA due to its architecture, which is built on Zscaler’s Security Service Edge platform. This platform provides consistent application performance regardless of user location by leveraging a global cloud infrastructure with over 150 data centers. Because of that, whether users are in Washington, D.C., or the Hawaiian Islands, they will always have secure and fast access to the data and applications that they need to do their jobs.