Zpedia 

/ What Is the Zero Trust Exchange?

What Is the Zero Trust Exchange?

The Zscaler Zero Trust Exchange™ is a cloud native cybersecurity platform built on zero trust architecture. Following the principle of least-privileged access, the platform establishes trust based on user identity and context—including location, device, application, and content—and then creates secure, direct user-to-app, app-to-app, and machine-to-machine connections.
Zscaler Zero Trust Exchange

How Does the Zero Trust Exchange Work?

The Zero Trust Exchange eliminates the attack surface by making applications invisible to the internet. Plus, because the traffic never touches your network directly, lateral movement is impossible. Ultimately, this approach significantly reduces your organization's risk of falling victim to ransomware and other malware, accidental or malicious data loss, and more.

In our hyperconnected, dynamic, and distributed world, the traditional security perimeter is vanishing. Applications are moving into the cloud, and users are connecting from everywhere, on all kinds of devices. IoT and OT traffic are exploding, and apps are communicating with each other across clouds. In effect, the network connecting employees, apps, workloads, and devices today is the internet itself. The cloud and data centers have become destinations, with the internet as the transport layer for traffic.

So, how do you secure a network you don’t own and can’t control?

The Zero Trust Exchange provides a platform of services for securing all enterprise traffic and routing it intelligently through the fastest channels. It's the foundation for secure digital transformation, delivering the agility, security, automation, and experiences your organization needs to move ahead.

Quote

Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be — a dynamically created, policy-based secure access service edge.

Gartner, The Future of Network Security Is in the Cloud; 30 August 2019

5 Key Attributes of the Cloud Native Zero Trust Exchange

The Zero Trust Exchange is built around five core attributes designed to tackle today’s most challenging security, connectivity, and productivity challenges.

1. Zero Attack Surface

The Zero Trust Exchange eliminates your organization’s attack surface. With legacy security approaches, firewalls expose your applications to the internet, enabling unwanted users and bad actors to discover them. Instead, the Zero Trust Exchange makes apps invisible to everyone but those specifically authorized to use them.

2. Connect Users to Apps, Not Your Network

Unlike traditional network access models, the Zero Trust Exchange connects users directly to apps, not to your network, providing a fast experience. Cloud applications are designed to be accessed directly, and direct connections eliminate the need to backhaul traffic through centralized security controls that add latency.

3. Proxy Architecture, Not Passthrough

Legacy security solutions can't keep up with the demands of inspecting TLS/SSL-encrypted traffic, which is the vast majority of all traffic. Unlike a next-gen firewall, a proxy architecture is designed for full content inspection, including encrypted traffic at scale, for effective cyberthreat protection and data loss prevention.

4. Secure Access Service Edge

Gartner defines secure access service edge (SASE) as a model for supporting digital enterprises' changing secure access needs. Essentially, SASE is the framework for securely connecting users and machines to apps and services when their locations may be anywhere. With the SASE-based Zero Trust Exchange, policy is enforced at the edge and distributed across data centers globally to deliver a fast, productive experience for users everywhere.

5. Multitenant Architecture

Leading enterprise SaaS companies build multitenant clouds to deliver the performance and scalability required for digital transformation initiatives to succeed. Virtual machines (VMs) in a public cloud have the same limitations as hardware in the gateway, though. To meet the exponentially growing needs of our interconnected world, the Zero Trust Exchange is built on a multitenant cloud.

Why It’s Time to Adopt the Zero Trust Exchange

Enterprise applications are rapidly moving to the cloud, and this won't slow down any time soon. Leveraging the cloud helps IT stay more agile across various initiatives, which translates to lower costs and faster innovation. Moreover, businesses are increasingly relying on internet destinations and external SaaS applications to support critical business needs, and they're moving internally managed applications to the public cloud, IaaS, or PaaS, for greater agility and accessibility. Amid this continuing shift, users still expect to be able to seamlessly and securely access data and applications from any device, anywhere in the world. Legacy security models can't support this.

Securing on-premises corporate networks to protect users and data is irrelevant in a cloud-first, mobile world. This makes the Zero Trust Exchange the optimal framework for securely connecting users, devices, and applications using defined business policies regardless of the network. Legacy security appliances are difficult to maintain, ineffective at inspecting encrypted traffic at scale, and often lead to poor user experiences and higher costs.

Because the Zero Trust Exchange platform is built on a multitenant, distributed cloud architecture, it can easily deliver the necessary security functionality to enable users, applications, and devices to safely and efficiently access authorized applications and services based on your business policies.

The Zero Trust Exchange weaves cloud-delivered security best practices to:

  • Reduce risk by preventing threats and eliminating the attack surface
  • Improve productivity with fast access to applications
  • Cut costs through simplified infrastructure

Secure Internet and SaaS Access

The Zero Trust Exchange provides real-time cyberthreat protection, data protection (DLP, CASB, CSPM), and secure local breakouts (fast direct-to-cloud connections for branch offices). Cloud-delivered policies stay with users for identical protection anywhere.

Secure Private App Access Without VPN

VPNs can be slow and frustrating for users, not to mention a target for attackers. The Zero Trust Exchange applies zero trust security to connections from office to data center and B2B customer application access, eliminating the need for a VPN.

App Segmentation Without Network Segmentation

The Zero Trust Exchange lets you secure apps and workloads without the headache of network segmentation. Application segmentation (a.k.a. microsegmentation) creates a secure segment between a user and app, eliminating the risk of east-west movement and overprivileged access. Improved User-to-App Experience Management The Zero Trust Exchange is built with user experience and performance in mind. Performance scores can be measured by user, app, and location, making it easier to identify and resolve endpoint and network issues.

See What the Zero Trust Exchange Can Do for You

The Zscaler Zero Trust Exchange is a cloud native platform that securely connects users, apps, and devices—using business policies—over any network, in any location. It's the world’s largest cloud security platform, enabling increased user productivity, reduced business risk, lower costs, and far less complexity.

We built it from the ground up to enable secure digital transformation so organizations can become more agile and competitive in the modern digital era.

Zscaler Zero Trust Exchange Architecture

The Zero Trust Exchange connects and secures users, workloads, and devices over any network from any location.

Suggested Resources

Zscaler Cloud Security | Two-Minute Overview
Zscaler SASE at a Glance
Read the solution brief
Securing Remote Work
Download our ebook
The CIO’s Guide to Accelerating Secure Digital Transformation
Read the ebook

01 / 02