Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscríbase
Products & Solutions

Simplify Secure Connectivity to Business Partners’ Private Apps

SHAKTI KUMAR, GANESH VELLALA UMAPATHY
octubre 23, 2024 - 6 Min de lectura

In today's fast-paced business environment, organizations collaborate with an ecosystem of business partners. Therefore, the need for seamless, secure connectivity to applications and resources hosted in business partners’ networks (i.e., extranet) is paramount. Organizations are looking for ways to simplify connectivity to extranets while adhering to modern security frameworks like zero trust. Here are some areas where seamless and secure communication to business partners is essential:

  1. Healthcare and medical industry: Healthcare providers often collaborate with third-party labs, pharmacies, and insurance companies requiring secure access to patient records and health management systems. 
  2. Financial services/audit firms: Banks and financial institutions regularly interact with external vendors and partners to process transactions and manage financial data.
  3. Information technology enabled services (ITES): ITES companies, particularly those offering business process outsourcing (BPO), knowledge process outsourcing (KPO), and shared services, often need to access sensitive data and applications hosted in client data centers. 
  4. Manufacturing and supply chain: In the manufacturing sector, companies often need to grant access to their supply chain partners, including raw material suppliers and logistics providers.
  5. Telecommunications: Telecom companies often collaborate with external vendors and service providers to manage network infrastructure, billing systems, and customer data.

Herein lies the challenge of secure connectivity. Zero trust emphasizes the "never trust, always verify" approach, ensuring that every entity accessing the network is authenticated, authorized, and continuously validated before gaining access. This concept is critical when connecting to partner applications and data centers, but traditional VPN-based solutions struggle to achieve this.

When organizations go through the zero trust journey, they migrate private applications on their internal networks from VPNs to a zero trust network access (ZTNA) solution. However, these organizations also need to access applications hosted in their business partners’ networks. And since organizations do not control these networks, VPNs remain the typical means of accessing these applications. 

 

According to the Zscaler ThreatLabz 2024 VPN Risk Report, 56% of enterprises cite being the target of at least one VPN-related cyberattack in the past year.

 

Challenges of relying on VPNs for business partner connectivity

In addition to introducing vulnerability risk and increasing the attack surface, VPNs add significant operational complexity in configuring and managing access across multiple partners. Then, there are the logistical challenges of shipping VPN appliances to different sites and maintaining high availability across various locations. 

VPN challenges for extranet connectivity

 

Let’s dive deeper into what these challenges mean for an organization:

Operational complexity

Traditional VPN-based solutions necessitate manual configuration and management of multiple IPsec tunnels for each business partner, leading to significant complexity in managing virtual routing and forwarding (VRF) aware DNS settings. Custom DNS configurations are required for each partner's application, and VRF must be accurately set up to prevent IP address overlaps. This results in a heavy operational burden, with each partner needing an isolated routing and DNS framework. Consequently, scaling and maintaining the infrastructure becomes resource-intensive, hindering agility and operational efficiency.

Lateral movement risk

VPNs expose organizations to the risk of lateral movement. This is particularly risky when connecting to business partner resources, as a breach could extend beyond the organization, impacting both parties. The broad attack surface traditional VPN solutions create contradicts the core principles of zero trust.

Poor user experience

As VPN traffic often follows inefficient paths, users experience latency and reduced performance when accessing partner applications, especially if the connection spans multiple geographical locations.

Availability issues

Extending VPNs to business partners’ networks demands significant effort in scaling and maintenance, including redundant tunnels, manual configuration of failover, and constant monitoring to ensure uptime. As more partners are onboarded, management of these tunnels becomes increasingly complex. Ensuring high availability in such an environment requires extensive planning, increased operational overhead, and a heavy reliance on redundant infrastructure, which can be costly and difficult to manage effectively.

 

How Zscaler Private Access™ (ZPA) helps with business partner connectivity today

At Zscaler, we are on a mission to eliminate VPN risk and provide zero trust connectivity for all apps, no matter where they are hosted. Adopting zero trust for connectivity to business partner applications mitigates risks inherent with traditional VPNs by enforcing tighter control, limiting lateral movement, and reducing the attack surface, all while streamlining both operational and logistical efforts.

ZPA addresses some of these challenges today in two ways:

  1. Installing App Connectors in the partner’s data center: This provides direct, secure access to applications. This method generally requires less management effort compared to traditional VPN configurations but organizations may face resistance from partners due to IT overhead and resource limitations.
  2. Deploying App Connectors in the customer's data center and extending an IPsec tunnel to the partner's network: This approach allows customers to retain full control over their infrastructure, but it still presents DNS and routing complexities, albeit more manageable compared to traditional VPNs​.

 

Introducing Extranet Application Support: The simple and secure method for business partner connectivity

To solve the problem of extending ZTNA to business partners' private applications, Extranet Application Support enables trusted partners of Zscaler customers to effortlessly establish IPsec tunnels directly to Zscaler data centers. The solution ensures that only authenticated and authorized users gain access, mitigating risks associated with external access for applications.

This new capability enhances scalability by offloading tunnel termination to the cloud and ensures high availability by allowing tunnels to connect to multiple Zscaler data centers, providing seamless redundancy. The solution provides a scalable, secure, and low-maintenance approach to partner connectivity while enabling customers to onboard new partners with greater agility, facilitating quicker collaboration and integration.

Image

Here are the key benefits of using ZPA’s Extranet Application Support:

Secure partner application access: Organizations can securely connect to a partner’s private applications without exposing their internal network.

Streamlined onboarding for new business partners: Instead of manually configuring VPNs for each new partner, Extranet Application Support allows partners to connect to the Zscaler Zero Trust Exchange™ platform via IPsec. Since the platform is highly available, this drastically reduces the complexity and time required to onboard a new partner.

Multi-partner connectivity management: Organizations with multiple business partners, each requiring unique application access, can simplify connectivity by centralizing traffic routing and access control through the Zero Trust Exchange. This reduces the operational burden of managing DNS and routing configurations for each partner.

High availability and redundancy for critical partner applications: With active-active IPsec tunnels and seamless failover capabilities, organizations can ensure uninterrupted access to critical partner applications, even during network failures.

Cross-regional access to partner applications: Organizations with global operations can optimize performance by utilizing location-aware routing, ensuring users connect to the nearest data center, reducing latency and improving the overall user experience when accessing partner applications hosted in different regions.

Conclusion

ZPA’s Extranet Application Support is transforming how organizations securely connect with business partners by applying zero trust principles to streamline onboarding, enhance security, and improve agility, all while reducing complexity.

Ready to discover how this capability can revolutionize your business operations? Sign up now to explore the full potential of this innovative solution firsthand!

We’re not stopping here—to learn more about what’s new with ZPA, join our live webinar with the ZPA product team on October 30, 2024.

form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Al enviar el formulario, acepta nuestra política de privacidad.