Your Apps Moved to AWS, So Why are Your Users Still on the Network?

Time for a better approach to secure remote access.

Network-centric security makes moving to AWS painful

Today, 60 percent of enterprises are running apps in AWS to increase scalability and speed. This move has extended the perimeter to the internet. Yet, many enterprises still rely on remote access VPNs, which are network-centric and not built to secure access to the internet. They also place users on the network and require physical or virtual appliances, which increases complexity and limits scalability.

Common pitfalls of network-centric approaches:
  • Places users on the network to provide access to AWS
  • Requires appliances, ACLs and FW policies
  • Provides a poor end-user experience
  • Inbound connections create opportunity for DDoS attacks
  • Lacks the ability to provide true application segmentation

Zscaler Private Access for AWS

Enabling user and application-centric security for AWS

Zscaler Private Access (ZPA) for AWS is a cloud service from Zscaler that provides zero-trust, secure remote access to internal applications running on AWS. With ZPA, applications are never exposed to the internet, making them completely invisible to unauthorized users. The service enables the applications to connect to users via inside-out connectivity versus extending the network to them. Users are never placed on the network. It provides a software-defined perimeter for AWS, that supports any device and any internal  application.

AWS Cloud Data Benefits

Move on-premises data to AWS for migrations or ongoing workflows

Simplify secure remote access to internal apps on AWS

AWS Native Security Groups are a good start, but they are often times manual intensive. Zscaler Private Access takes a user and application-centric approach to network security. It ensures that only authorized users and devices have access to specific internal applications on AWS. Rather than relying on physical or virtual appliances that are IP centric, ZPA uses lightweight infrastructure agnostic software to connect both users and applications to the Zscaler Security Cloud, where the brokered connection is stitched together. ZPA is complementary to AWS Native Security Groups, as well as AWS DirectConnect.

1.  ZPA Public Service Edge

  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
  • Brokers a secure connection between a Client Connector and App Connector

2.  Zscaler Client Connector

  • Mobile client installed on devices
  • Requests access to an app

3.  App Connector

  • Sits in front of apps in the data center, Azure, AWS, and other public cloud services
  • Provides inside-out TLS 1.2 connections to broker
  • Makes apps invisible to prevent DDoS attacks

Discover shadow IT applications on AWS

Many enterprise teams are unaware of the sheer number of applications in their environment. ZPA identifies previously undiscovered internal applications running in the data center or on AWS infrastructure. Once identified, admins can set granular policies for each application, ensuring the environment remains secure and controlled. This, combined with ZPA’s ability to make known applications invisible to unauthorized users, reduces the attack surface dramatically.

The common cloud data migration challenge

The daunting realities of data transport apply to most projects. How do you gracefully move from your current location to your new cloud, with minimal disruption, cost and time? What is the smartest way to actually move your GB, TB, or PB of data?

AWS Application Migration Services

Get instant access to AWS Application Migration Services to migrate applications

Migrate to fully managed AWS

Save time and costs by migrating your databases quickly and securely to AWS

Get Started with AWS

Learn how to start using AWS in minutes, et Started with AWS

AWS Cloud Data Plans Come With

Move on-premises data to AWS for migrations or ongoing workflows