Zscaler Uses the Cloud to Create a VPN Alternative

A new Private Access service takes a different approach to enabling secure remote connectivity.


Since the dawn of the Internet era, virtual private networking (VPN) has been the cornerstone of enterprise remote access technology. Now security vendor Zscaler is aiming to disrupt the staid VPN market with a new approach built for the modern cloud era.

Zscaler's core technology is a cloud-based Web security platform that can help reduce risks for connections outbound from an enterprise. In contrast, with its new Private Access technology, Zscaler is aiming to reduce risks for connections inbound to an enterprise.

Zscaler has been working on the Private Access technology for nearly three years, according to Patrick Foxhoven, CIO and vice president of Emerging Technologies at Zscaler. He added that Private Access is functionally different from a traditional Internet Protocol Security (IPsec) or Secure Sockets Layer VPN (SSL-VPN).

"The VPN space hasn't been disrupted in a meaningful way in over a decade," Foxhoven told eWEEK.

Zscaler didn't want to provide simple network connectivity as a VPN, Foxhoven said, since a VPN in his view can negatively impact security by increasing the attack surface. The Zscaler secure access technology takes a different approach from a traditional VPN, which typically simply provides a secure tunnel into an enterprise network.

"We wanted to bring a disruptive cloud-scale approach to the challenge of remote access," he said.

Zscaler already has a client that runs on endpoints that helps enforce policy and filter outbound Internet traffic. Foxhoven said the client application has been enhanced now to enable the Private Access technology.

In terms of the security architecture, Zscaler now also has a lightweight virtual machine (VM) connector technology that can be deployed in a private data center or in a public cloud. Basically, the connector reaches out to the Zscaler cloud service, enabling access to an enterprise or private data center without actually exposing the private areas to the public Internet, Foxhoven said. From a security perspective, Zscaler is using multiple forms of strong authentication, including digital fingerprinting of connecting devices.

"We can have a very strong chain of trust and identity," he said. "We then stitch together very dynamically for on-demand, per-application tunnels."

That is, instead of enabling remote VPN user access, which provides access to a given slice of a network, Zscaler is aiming to provide very granular access to the specific services needed by a remote user.

"We're not giving the client an IP address on the remote network, so the user doesn't have any presence or remote visibility on the network," Foxhoven said.

In some typical VPN use cases, users are simply aiming to get remote file and printer access, which are both supported use cases in the Zscaler Private Access approach. Another common use for VPN is for remote voice access, providing users with a phone number inside of a corporate network. Most modern voice over IP (VoIP) technologies make use of Session Initiation Protocol (SIP), which is not supported in the first release of Zscaler Private Access. Foxhoven said SIP support is on the roadmap for a future update.

"We believe that in the future there is going to be no such thing as a trusted network, and that's why we have invested in developing Zscaler Private Access," he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.