The shift to remote and hybrid work at scale has created unprecedented demand for our cloud-delivered Zero Trust Network Access (ZTNA) solution, Netskope Private Access (NPA). This is no surprise. According to a recent Gartner forecast analysis, “By 2024, at least 40% of all remote access usage will be served predominantly by Zero Trust Network Access (ZTNA), up from less than 5% at the end of 2020.”* The shift to ZTNA solutions, especially as a better, more secure alternative to traditional VPNs, is rapidly taking hold.
Unlike legacy remote access VPN, ZTNA provides authenticated and authorized users with conditional access to specific applications instead of the network. As part of our industry-leading SASE platform, Netskope Private Access (NPA) was built from the ground up to provide application access for a modern workforce embracing cloud, securely and efficiently connecting users, from anywhere, on any device, to any enterprise private application regardless of location or instance.
As a cloud-delivered ZTNA solution, NPA means there is no hardware to procure and no complex network routing. It can be rapidly deployed and, thanks to our NewEdge infrastructure, it can scale up to meet the influx of demand. Shifting to a cloud-delivered service allows customers to transition from CapEx to OpEx, eliminating the need for hardware procurement, sizing headaches, and complex network routing associated with traditional remote access VPN appliances. This makes more sense anyway, as their workloads have been steadily migrating to the cloud for quite some time and end-users have also left the traditional security perimeter.
NPA also utilizes the Netskope client to steer user traffic to the Netskope Security Cloud where the security policy is enforced and to support both web applications and non-web/thick client applications, such as SSH, RDP, SQL servers, as well as to facilitate Active Directory and SCCM connectivity. There’s also the clientless browser option which makes NPA particularly good for contractors, third-parties, and BYOD employees with varied access restrictions.
Here’s how we’re seeing NPA in action with some of our customers:
Supporting remote and hybrid work
We recently worked with a European government agency that previously didn’t allow any remote work. In Spring 2020, this agency had to quickly stand up infrastructure to enable remote access to internal resources to support their workers (some of them are VIP government officials). WIthout existing remote access infrastructure, the team decided to test remote access VPN, Virtual Desktop Infrastructure, and ZTNA technology. NPA was selected as part of this POC. According to the customer, standing up VPN and VDI infrastructure was not only challenging, but by comparison, the Networking team was able to get the NPA POC up and running in a few hours and immediately gain popularity among their test users. “Selecting NPA was a no-brainer,” the customer told us.
Alternatives to VPN
As another example, a world-renowned brewing company had a strategic directive to transform its networking and security infrastructure to SASE architecture and consolidate vendors. The existing VPN infrastructure was strained under the demand of remote users, requiring complex routing to support traffic going to the data center and public cloud environment. Hairpinning traffic (a common, but inefficient tactic to backhaul traffic through the data center before routing to the public cloud environments) resulted in a poor user experience, hindering productivity. Having recently adopted the Netskope SASE platform, including NPA, this company’s networking team has been able to deliver superior application connectivity and consistent user experience for the end-user, cutting down support tickets and user complaints.
DevOp access in hybrid cloud and multi-cloud
An organization in the hospitality industry, operating thousands of locations, came to Netskope because their internal developers needed access to backend API resources in the Virtual Private Cloud (VPC) hosted by AWS. Using NPA, the developers can now focus on coding, access resources across multiple VPC’s and not go through a slow and cumbersome process of connecting to key resources through remote access VPN.
Strengthen security posture and remote patching
Concerned about ransomware attacks, a global media and branding giant had a security team that practiced regular patching but struggled to keep up with the volume of end-user devices being operated by remote employees. The end-user devices needed to be connected to the Active directory service and SCCM to receive the latest security policy and patching, so when the majority of their users were sent home, many devices were at risk of being out of compliance. Working with Netskope, the teams quickly provisioned Netskope Private Access to enable connectivity with AD servers and SCCM. This customer now is using NPA to provide access to over a thousand private applications to employees and contractors.
Netskope customers realize more benefits from NPA every day, including use cases such as delivering day one access following M&A and providing clientless, browser-only access to private web applications for third party contractors using non corporate-owned devices or other unmanaged devices to access corporate resources.
NPA capabilities and benefits
- Netskope unified steering client – With the Netskope client, it automatically steers users’ traffic to the Netskope Security Cloud, where the security policy is enforced, including verification of the trust level (user authentication, device posture check) and, based on the access policy, delivers the private resources to the users, regardless where is used is located, and where the resources are hosted.
- Clientless/ browser access for private web applications – This clientless browser access option is ideal for contractors, suppliers using third-party-managed devices. It also provides a convenient option for employee BYOD. Netskope enables access to both HTTP and HTTPS applications.
- Application & protocol support – NPA supports both TCP and UDP protocols. Using the Netskope client, NPA supports both web applications and non-web/thick applications, such as SSH, RDP, Windows Active Directory, and several other enterprise applications.
- End to end encryption for data security – Now only the traffic is initiated from inside-out, not discoverable by the outside; the traffic is also encrypted from end to end to ensure privacy and confidentiality.
- Unique two-hop architecture – NewEdge is highly peered with cloud service providers, minimizing latency and dramatically improving the performance and user experience.
- Load balancing and scalability – Users can easily deploy multiple publishers (application connectors) across the network and cloud environments which automatically rout and load balance application traffic
- Strong device posture check – Netskope Private Access assesses and asserts device security posture as a requirement for access to private applications, such as ensuring the user’s endpoint security is enabled or mobile devices are not jailbroken/rooted.
Enterprises adopting SASE architecture view ZTNA as a critical step. ZTNA offerings provide frictionless secure access that empowers end users, reduces complexity, and streamlines operations. Here are the benefits NPA offers:
- Enhance security posture with Zero Trust and reduce attack surface eliminating the exposure of protocols and services to the public internet.
- Enable user productivity with fast, frictionless access to resources
- Simplify IT operations – Simplify network routing, bypass legacy network architecture, with easy deployment and maintenance
- Unvarnished visibility and consistent policy enforcement – The Netskope unified platform, client, and policy engine, ensure security controls and policy are consistently applied regardless of where users are, and what resources they are accessing.
- Flexible and scalable – The cloud-delivered service that is fast to implement, flexible and scalable to meet demand.
- Embrace cloud adoption – Support hybrid cloud infrastructure, provide direct user-to-application connectivity, bypassing legacy networking infrastructure
Join Netskope for “Unpacking updates to the Netskope SASE and Zero Trust Platform” on September 16, 2021, when you’ll learn where Netskope fits into the SASE architecture, an overview of the new and updated Netskope products, and how the benefits of these products mean better security, faster performance, and lower total cost of ownership.
*Gartner Forecast Analysis, Remote and Hybrid Workers, Worldwide, June 2021