Zscaler Private Access (ZPA)

Zscaler Private Access (ZPA)  is a Zero Trust Network Access  solution. When replacing traditional remote access VPN technology, which is not aligned with NIST 800-207 Zero Trust principles, Zscaler Private Access (ZPA)  is the solution. It serves enterprises that prefer not to manage the underlay by installing a client connector agent on end-user machines. It provides access to private applications and SaaS applications remotely when users are traveling while building secure connectivity and ensuring least privilege access to these applications rather than everything within the perimeter.

The base bundle of Zscaler Private Access (ZPA) comes with essential features that depend on client requirements. For secure private access, configuration of client connectors and app connectors on-premises or in the cloud is necessary. Additional features include remote browser isolation capability and secure browser access, which can replace existing Privileged Access Management  solutions. DLP  capabilities and double encryption ensure the underlying provider cannot strip packets and examine contents.

I would assess the security level achieved with Zscaler Private Access (ZPA)'s Zero Trust architecture as inherent to the system. The security policies focus on users and applications rather than network-based constructs. It offers configuration levers for ingesting risk from identity and application standpoints, generating a cumulative score that can trigger connection drops when breaching thresholds. These features align with NIST 800-207 principles. The Risk360 view helps assess security policies and rule sets, providing recommendations for policy tightening.

Zscaler Private Access (ZPA) can be improved by expanding integrations. While they integrate with standard vendors such as CrowdStrike, deeper integrations with other vendors are needed. They should harmonize risk scores between different vendors, as each might score things differently, requiring a robust handshake for meaningful integration.

There is room for having a complete on-premises option. While Zscaler Private Access (ZPA) wants users to utilize their infrastructure for scale benefits, regulated environments such as government and investment banks need on-premises processing for regulations and low latency requirements. High-frequency trading firms require processing traffic internally rather than through internet channels.

In the future, I expect expansion of integrations because architects need flexibility in vendor selection based on use cases. The solution needs better handshake capabilities between vendors for risk scores and other metrics. Support-wise, they have a strong presence globally, including challenging markets such as China, though very remote offshore areas remain uncovered.

I have worked with Akamai  since 2019, when I first gained exposure to it.

I have worked with Zscaler Private Access (ZPA) and Palo Alto as an enterprise security architect across multiple client engagements as part of network security implementations. I have also worked with competitors including Cloudflare . As we were partners, we received preferential access to support. I rate this solution 9 out of 10.

We are using secure remote access for internal applications, and that's why we are using Zscaler Private Access (ZPA)  now. I work with Zscaler Private Access (ZPA) . I use it just for the VPN functionality.

The best advantage of the product is that it is always on as a VPN, which gives us much more functionality. It is basically easy to use and easy to configure. The solution for Zscaler Private Access (ZPA) is seamless for this.

From a visibility perspective, they have added more content features where we can see security and other aspects through available dashboards. That's the only notable addition, plus they are implementing the overall security architecture of tenants, which gives much more information to work with.

The only room for improvement is the troubleshooting problem with iPhones as of now.

The review should be anonymous; there should not be any personal or business details given. Both should be anonymous.

I have been using it for around four or five years.

The installation and deployments are straightforward; it is just a two-liner process. There is something in the documentation that might need changes, but it's pretty straightforward.

The documentation has to be perfect as it has not been updated for a long time. They need to update it based on the latest version and the commands we use.

The solution is stable enough.

We are using cloud services, but I am not sure about the scalability specifically.

Based on the limited users, this is perfectly fine since we are using only one box, and we haven't faced many issues with that.

I am not happy with the technical support from Zscaler Private Access (ZPA), particularly in India, where reachability is an issue with salespersons. Sometimes we need to reach a salesperson to get issues resolved, especially for mobile problems we're still facing. We lack specific root causes, and it's tough to relay information to users, considering multiple contributors such as phone numbers and internet service providers. We need more visibility on what problems users are facing with reachability.

I would rate technical support six points out of ten.

Neutral

I have not used any other VPNs apart from Zscaler Private Access (ZPA).

I see some ROI in the product. Since we have a very small team, the ROI is around 20% to 30%. I would say 30%.

I am not using AWS Backup  anymore since we spoke almost two years ago. I have a backup solution managed by another team, and there's a discussion about AWS  for backup. I am responsible for the IT security part only.

I do not work with popular vendors such as Palo Alto or Fortinet, as my primary domain is Check Point, and it's all about security. I use Check Point for this purpose. I do not work with the product ZoneAlarm . We use only a specific firewall from Check Point and utilize only the firewall. We are not using Check Point CloudGuard  Web Application Firewall ; we are using a normal firewall, the Firewall as a gateway. The name of the product is Check Point Firewall Gateway.

I am not using a web gateway. We do not use products such as Harmony  or Harmony  Browse. I am using a VPN from Cisco for endpoint protection. I am not using the cloud firewall from Zscaler Private Access (ZPA). I am not working with Zscaler B2B  or ZTNA  as a service.

From a troubleshooting perspective, we face an issue with iPhones affecting about 10% of users. Even when we provide logs, they are not able to figure out what exactly is happening. It's not possible for users to collect logs each time, and this is a peculiar problem happening with 10 to 15 users.

The operational flexibility is very effective; there are no problems, and I did not have any issues with that. The solution is affordable, but there are other parts that could add much more information, which may not be useful for us at the moment, making it a bit expensive. There is also a China-specific solution, which is really expensive.

I agree to share my details with the Zscaler vendor. I do not want to be a reference for Zscaler Private Access (ZPA).

On a scale of 1-10, I rate this solution a 9.

For our main use cases for Zscaler Private Access (ZPA) , it’s providing us a VPN solution for our clients, connecting to data build resources, and providing them security.

It's challenging to explain which features of Zscaler Private Access (ZPA)  are most valuable because the main client is the IT department in our company, and we, as DevOps, are deploying this solution as infrastructure for them. From our case, and as I'm familiar with this tool, the most value is the VPN connection because it provides access for all company members to data builds in a secure way.

Zscaler Private Access (ZPA) does an excellent job offering secure remote access to internal applications for our distributed workforce because it provides a granular way to grant access for specific people with specific applications.

Zscaler Private Access (ZPA) has been very effective in providing operational flexibility during our company's transition to cloud environments, as it helped us significantly, and it was deployed even before we migrated to the cloud itself.

Concerning improvements for Zscaler Private Access (ZPA), we have occasional issues, but I don't think they are related to the product itself; they may be related more to infrastructure problems or something else related to the network because it's a network application.

The current pain points we sometimes experience relate to the additional security applications we have on the laptops, and sometimes I don't know if I didn't get any notification from the application because it's an agent problem or something security-wise blocking this.

I have been using Zscaler Private Access (ZPA) for more than three years.

I would describe my experience deploying Zscaler Private Access (ZPA) as very straightforward, but I think it could allow more automatic ways to deploy and configure instead of having to connect to each new instance manually and configure it.

We didn’t have any issues with Zscaler Private Access (ZPA)’s stability, availability, or reliability.

I don’t know how Zscaler Private Access (ZPA)’s cloud-native architecture is used for scaling within my company, but we do use something deployed in the cloud, and from my perspective, we only deploy the agent, exactly what we took from the marketplace.

As for support from Zscaler Private Access (ZPA), I might have used it, but it’s primarily handled by the IT team.

I know we had something before Zscaler Private Access (ZPA) to address similar needs, but I don’t remember the application name. The decision to move to Zscaler Private Access (ZPA) was possibly because it’s more native in the cloud environment and provides us an easier way to get or configure this.

In regard to other solutions I considered before implementing Zscaler Private Access (ZPA), I don’t know because the decision on what to use and what to install came from management.

Regarding the micro-segmentation feature of Zscaler Private Access (ZPA), I can explain less, and I think the IT team who are managing it can explain better.

I don't know how Zscaler Private Access (ZPA) has helped minimize lateral movement within our network because I don't know how to measure this reduction.

Since implementing Zscaler Private Access (ZPA), I've not noticed any changes in the visibility or monitoring of user access patterns because it's not part of our responsibility. We deploy it, and the IT team is configuring and monitoring it, fixing issues if it's working or not.

I'm not familiar with all benefits from using Zscaler Private Access (ZPA) that I haven't discussed, as I am only familiar with the VPN-related functionality and the segmentation which provides granular security access for the clients.

I rate Zscaler Private Access (ZPA) eight out of ten.

Our use case for Zscaler Private Access (ZPA)  is that it provides Private Access.

Zscaler Private Access (ZPA)  means allowing users access to the internal network in AWS  in a secure way.

I use Zscaler Private Access (ZPA) to secure remote access to internal applications.

The most valuable feature of Zscaler Private Access (ZPA) is the ability to manage access with policies, all in one, which provides our security team the ability to provide the required permission for each team, and also visibility. If something goes wrong, I have a very friendly UI to see what's going wrong, why the user is blocked, or what the issue might be.

Zscaler has allowed an easy, secure way for us to access our internal resources from outside.

Its effectiveness for my organization is mainly security, as users can access those applications only if they have the permission to go through Zscaler.

Zscaler has helped with operational flexibility because when a new employee starts, it's very easy to give them the required permissions. Everything is managed in an Active Directory or Okta in our case, and it's very easy to have the user ready to start working with just a few clicks.

Zscaler Private Access (ZPA) is a very good product, though there are some areas for improvement.

The solution is not scalable; we deploy it in a high-availability environment, but it's not automated. We need to deploy it and ensure it will be available in two different Availability Zones, but it's not something that can be done with automation, such as auto-scaling.

I would appreciate seeing dynamic scaling implemented because it would be beneficial if an instance goes down to automatically start another one.

I have used Zscaler Private Access (ZPA) for a minimum of two to three years.

When we tried to deploy it, the first thing it indicated was that we were not subscribed, so we subscribed, and then the product was available for us.

The solution is not scalable; we deploy it in a high-availability environment, but it's not automated. We need to deploy it and ensure it will be available in two different Availability Zones, but it's not something that can be done with automation, such as auto-scaling.

Regarding auto-scaling or dynamically scaling, I am not familiar with this capability if it exists as a new feature.

I have not worked with customer support, as our IT department takes care of anything that isn't working and requires support.

Positive

The deployment process is actually very easy; we manage it with Terraform , so we are deploying the instance, activating it, and it's ready to go.

After we have the Terraform  set up, it takes just minutes to deploy.

I do not use the micro-segmentation feature.

I'm not exposed to the pricing, so I cannot give feedback on that as I'm just a technical DevOps person deploying it.

Zscaler has helped to manage complexity and cost compared to traditional network architecture.

On a scale of 1-10, I rate Zscaler Private Access (ZPA) a 9.

The main use cases for Zscaler Private Access (ZPA)  include allowing network access. We use it mostly for private laptops and Macs, and we are also using it for communication between EC2s.

I can provide examples of how it has been effective in the organization. We use Zscaler Private Access (ZPA)  to control the communication, mostly for the bands and working groups within the organization itself, so we can have complete control of who can access which resources on Amazon.

The features I appreciate the most about Zscaler Private Access (ZPA) are that it is very easy to use, and we have Terraform  for it, which makes it even easier and very straightforward.

I have utilized the segment feature, and we call it segmentation, though I am not certain if there is a difference between micro-segmentation and segmentation itself.

It has helped my organization in terms of minimizing lateral movement within the network, and I can confirm that.

I have not thought about how Zscaler Private Access (ZPA) can be improved, so I do not have any specific suggestions.

For the next release, I hope to see features that would make Zscaler Private Access (ZPA) even better, but I am quite satisfied with the product, so I am unsure if there is anything better they can implement.

I have used Zscaler Private Access (ZPA) for two years now, as I have been with the company for two years.

I have not used Zscaler Private Access (ZPA)'s cloud-native architecture for scaling.

I have not had to use their customer service or technical support.

Perhaps our IT department did, but I have not had any issues since then.

Positive

In terms of the setup, I am using Terraform  for it, so it is very straightforward. We are using Infrastructure as Code , so I am not certain if there is an interface that can be improved.

I was not involved in the setup as it was implemented before I joined the company.

I have found Zscaler Private Access (ZPA) to be very effective at providing operational flexibility during my organization's transition to cloud environments.

I do not remember the name of any other solutions that were considered before implementing Zscaler Private Access (ZPA), but there were several POCs conducted before the company decided on Zscaler Private Access (ZPA).

It is pretty straightforward and easy to use. On a scale of one to ten, I would rate Zscaler Private Access (ZPA) a ten.