Zscaler Private Access (ZPA) provides seamless, zero trust access to private applications running on public cloud or within the data center, ensuring they remain completely invisible to unauthorized users by avoiding having them exposed to the internet. The service never places users on the network itself, and supports both managed and unmanaged devices and any private application (not just web apps).
ZPA ensures that only authorized users have access to specific private applications by creating secure segments of one between individual devices and apps, according to Zscaler. It uses lightweight software to connect apps and users to the Zscaler security cloud, where the brokered micro-tunnels are stitched together in the location closest to the user.
The service provides visibility into previously undiscovered internal applications running in the data center or public cloud, allowing admins to set granular policies for discovered applications to ensure least-privilege access. With ZPA, authorized users have access to specific private apps without the need to access the network, reducing the risk of lateral movement and the spread of ransomware.