Professional Documents
Culture Documents
ZTNA
ZTNA
private access“
May 2023
Komal Grover
Professional services consultant
Hybrid Work Model: Changing the Security
Landscape
• Remote and hybrid work scenarios are transforming the
workplace.
• IT security must change to meet the needs of this new
reality.
2
VPN as a Security Target
57% 2000%
of cyberattacks occurred increase in VPN attacks as
while using a VPN 4 companies embrace a hybrid
workplace 5
3
4
Forbes, Business VPN Users Safety, March 6, 2023
5
Help Net Security, VPN Attacks Up, June 15, 2021
VPN Access Limitations
VPN
Implicit trust
Network-level access
No contextual access
No content-malware
inspection
Unscalable and no support for
BYOD
4
4
The Era of Zero Trust
ZERO
including “never trust, always verify”—to plan industrial
and enterprise infrastructure and workflows.
5
8
Gartner Unveils the Top Eight Cybersecurity Predictions, June 21, 2022
ZTNA: How It Works
6
6
Introducing Skyhigh Private
Access
7
Skyhigh Private Access
Clientless access
8
Data-Aware ZTNA
• Skyhigh service provides infinite • No backhauling. Remote users • Tailored access policies (Identity,
scalability connect to the applications hosted application, context and dynamic
• No on-prem appliances in public cloud from our global device posture)
• Reduce MPLS-costs network of PoPs • Secures the data flow using RBI,
• User connects to the nearest PoP, • Low latency DLP and Advanced Threat
to improve user experience • The private applications are protection
• Allows access with an agent or invisible to internet • Access to individual resources is
agentless granted on a per-session basis
Gain Visibility About How Data Is Used – The Ideal use cases
Skyhigh Private Access provides: Secure access for managed and unmanaged devices Unified policy across
web, SaaS, and private applications from a fully converged platform managed by a single console.
Integrated Data Loss Prevention (DLP) scanning and seamless Remote Browser Isolation (RBI) integration
for robust data protection.
Antimalware scanning and emulation-based sandboxing to prevent malware from being uploaded to private
apps
Provides auto discovery and application access visibility that helps to identify applications accessed by a
user/set of users to provide granularity in the application access.
10
Understanding the
architecture
11
Private access architecture
Distributed Routing Table
Intranet
Internet
En
Engg App
cr
Connectivity HR App
yp
hr.acme.com engg.acme.com
te
Options
d
Tu
n ne
l
Internet Connector 2
Geo3 – PoP3
HR App
Client-initiated
hr.skyhigh.com
Secure Channel
Connector-initiated
Secure Channel
Customer Corporate Net – Site 2
hr.skyhigh.com
14
Ease of Installation: Connector Installation Script
Connector installation
• Download the PoP package
• extract the package to get the
installation script : infra.sh
• Run the script with the
required parameters
15
Getting the provisioning key
16
Status of the deployed connectors
17
Creating an applications for managed and unmanaged devices
18
Creating access policies
19
Smooth SAML integration with all IDPs
20
Web Security ZTNA RBI CASB Network Security UBA Central Management
Enabling Remote
Working
21
22
Private access analytics
23
Thank You!
www.skyhighsecurity.com