Perhaps the biggest attraction is the ability offer controlled third-party access. A partner using this sort of VPN is never accessing the network, only the application governed by policy.
Isn't this overkill? Not if customers are adopting cloud applications, says Ryan, who is also dismissive of the idea that conventional VPNs can be secured using VLANs and firewall policies.
"That is not what people do because of the complexity of managing those policies. Very quickly you realise that everyone is on VLAN A and has access to the network."
Zscaler Private Access - customers
Zscaler Private Access was in development for around a year with trials running for the last six months at a number of large enterprises, only a small number of which Zscaler is at liberty to mention. These are German firm MAN Diesel & Turbo and software analytics firm SAS Institute.
"Zscaler Private Access allows me to give users access to a single application, and not to my entire network. This granular application control is also prefect for the growing demand of contractors and partner access," said MAN's IT Infrastructure Architect, Tony Fergusson.
For SAS, the issue had been the inherent complexity of Network Access Control.
"Ensuring granular, application-layer access to authorized users is just part of the product, and it was much easier to roll out than either VPN or NAC," commented enterprise architect Brian Wilson.
Are there any limitations of Zscaler's approach? It will be argued that it's overkill for smaller networks that can understand and secure their networks and don't have complex multi-site datacentres with adjacent clouds. For modest installations, VPNs will still work fine. A more general issue is that Private Access implies that customers are moving to host applications in the cloud rather than the datacentre. If they want to do that then a new remote access architecture makes sense. If they are content with datacentre provision, then it might be less compelling.
Another issue will be price. Zscaler was not able ot confirm this during the launch of Private Access but said it would clearly undercut traditional VPN gateways, load balancers and backhaul.
Ultimately, the future of VPNs will look more like Private Access because it simply makes more sense for large enterprises in terms of cost, management and security. The hurdle to this is simply the heavy investment organisations already have in VPNs. This evolution will take time and some businesses will see better authentication and endpoint control as a short-term fix for the weaknesses of VPNs exposed in high-profile hacks.
Sign up for Computerworld eNewsletters.