Zscaler Private Access Service
Zscaler Private Access is a cloud-based service that delivers policy-based, secure access to private applications and assets without the cost, support burden, or security risks of a VPN. It delivers seamless, policy-driven, access to private internal applications and assets whether they are in the cloud, the data center, or both.
Features
- No VPN client to launch, exit, support and manage
- Enable application-specific access to staff, individual contractors, and business partners
- Users never placed on network, enabling use of unmanaged devices
- Consistent security policy enforcement for application access
- Unauthorized users are not able to see applications
- Removes complexity and security risk of VPNs
- Reduces Capex and Opex compared to traditional VPNs
- Easy and fast deployment
- Decouples private internal applications from the physical network
- Automatically routes to the location that delivers the best performance
Benefits
- Provides secure access to your internal applications
- No VPN on-premise equipment capital and support (FTE) costs
- Easily apply your organisation’s security access policy
- Applications never exposed to the internet, reducing the DDoS threat
- Seamless integration with your existing identity stores
- Scalable to any size of workforce and number of applications
- Requires no changes to current infrastructure
- Reduces the complexity of network/security architectures, accelerating cloud adoption
- Simplifies cloud security through partnerships with Microsoft/Azure and Amazon/AWS
Pricing
£0.94 a user a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
1 3 8 5 0 4 2 6 6 7 6 1 3 3 6
Contact
Truststream Security Solutions
Bryan Thomson
Telephone: 07827 327320
Email: bryan.thomson@truststream.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- There are no operational constraints to the service
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Standard Support: P1 response time 2 hours, P2 response time 4 hours, P3 response time 12 hours, P4 response time 48 hours.
Premium Support: P1 response time 30 minutes, P2 response time 1 hour, P3 response time 3 hours, P4 response time 4 hours. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Standard support is provided by Zscaler with the ZPA service. Premium support is available from Truststream at 15% of the annual net cost of the service. The Truststream Zscaler Premium Support service provides a support engineer with contextual knowledge of the customer implementation. It also gives regular technical account management meetings which can be in person or by Webex. The frequency of the meetings are agreed at the time of the implementation. Typically, more frequently initially, settling to a quarterly or bi-annual frequency.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- The implementation of the Zscaler Private Access service is not a complex nor lengthy project. Truststream supports organisations that are new to the service every step of the way. Online training and comprehensive user documentation is provided. Often, organisations evaluate and become comfortable with the service using a proof-of-concept trial. They then purchase the service and the PoC is simply switched into production making implementation straightforward and low-risk.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- We do not hold any client data
- End-of-contract process
- The customer would have to phase-in alternative application access methods in advance of the service contract ending.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Accessibility standards
- None or don’t know
- Description of accessibility
- The admin monitor is viewable as an application through a web browser. There is no user interaction as the system is passive to the end user.
- Accessibility testing
- Not applicable
- API
- No
- Customisation available
- Yes
- Description of customisation
- The ZPA service can be customised via the administration portal. It is very comprehensive in deployment, granular policy control options and reporting.
Scaling
- Independence of resources
- The Zscaler global network consists of over 100 data centers. If there is a problem with one DC, user traffic is simply routed to the nearest alternative DC. Zscaler has been designed as a scalable cloud service from day 1. Currently, over 5,000 organisations in 185 countries are using the service to make 30 billion requests a day, 125 million of which are blocked for protection and compliance purposes.
Analytics
- Service usage metrics
- Yes
- Metrics types
- The interactive reporting tool in the admin portal presents a wide range of standard reports and provides the ability to create custom reports as well. It supports real-time interactive analysis.
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Zscaler
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
- Other
- Other data at rest protection approach
- We do not hold customer data
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- For compliance mandates on local log archival, Zscaler Nanolog Streaming Service (NSS) allows you to transmit your logs to your SIEM in real time for external logging or advanced threat correlation. You can even fine-tune threat feeds to receive particular data in order to accommodate SIEM Events Per Second (EPS) restrictions.
- Data export formats
- Other
- Other data export formats
- Customizable to send log fields based on complex log filters
- Data import formats
- Other
- Other data import formats
- Live user credentials from ADFS or SSO integration
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
The SaaS will be available to accept Customer’s Transactions and Sessions 100% of the total hours during every month Customer uses the SaaS. Service Availability is monitored by a third party service (Site 24x7 by ZOHO), and Service Availability is validated by this third-party service. Excluded Transactions and Sessions would not be factored into this Service Availability validation. Failure to meet this Service Availability Agreement results in a Service Credit as follows. Percentage of Transactions and Sessions Processed During a Month:
>= 99.999%, service credit 0 days;
< 99.999% but >= 99.99%, service credit 3 days;
< 99.99% but >= 99.00%, service credit 7 days;
< 99.00% but >= 98.00%, service credit 15 days;
< 98.00%, service credit 30 days. - Approach to resilience
- N+1 failover Data Centres
- Outage reporting
- Public Dashboard & Email. The Zscaler Service Continuity Customer Notification Protocol is available on request. Type the term into a search engine.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Other
- Other user authentication
- SAML
- Access restrictions in management interfaces and support channels
- Role-based access control. Details available upon request.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Other
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Brightline for Zscaler, The British Assessment Bureau for Truststream
- ISO/IEC 27001 accreditation date
- 26/06/14 for Zscaler, 07/10/16 for Truststream
- What the ISO/IEC 27001 doesn’t cover
- Truststream scope: provision of cyber security services. Zscaler scope: the Zscaler cloud operations for its Security as a Service platform (including operations employees and network operations center) located in Zscaler’s network operations center in San Jose, California. Everything else is out of scope.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Truststream is Cyber Essentials Plus certified
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Truststream is Cyber Essentials Plus certified
- Information security policies and processes
- Available on request
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Available on request
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- Following industry best practices with Qualys scanning
- Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Available upon request
- Incident management type
- Undisclosed
- Incident management approach
- Available upon request
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- New NHS Network (N3)
Pricing
- Price
- £0.94 a user a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Full product on qualified 30-day proof-of-concept trial. When organisations satisfy themselves that the service functions as advertised, they usually proceed to purchase and the PoC trial is simply switched to production and the full production user-load added.