What are the high-level configuration steps for private application access in Zscaler?
Unpacking the deployment methodology for ZPA.
💡
This is part of an on-going series in cybersecurity foundations. Check the cyber 101 article tag index from time to time for more content.
Today's topic is very brief but important: let's unpack the deployment methodology for Zscaler private application access. It essentially boils down to three steps/phases:
- Reachability
- This phase is focused on laying the groundwork for zscaler access and visibility.
- It requires admins and architects to know where applications reside and deploying App Connectors adjacent to those destination resources.
- Application Details
- Once we have App Connectors deployed where they need to be, we can now start defining the applications segments / grouping.
- These become critical later when we're defining access restrictions.
- Policies
- This is the point where we implement true least privilege policies and connect users with the applications they're entitled to.
- This is also where we define inspection policies, (re)authentication policies/timeouts, and the essential rules for who can access what.
- More specifically, it's at this point that we're answering some critical questions:
- What are the most impactful and sensitive applications in the organization (the "crown jewels")?
- What users in my organization carry the most risk?
- What applications/functions in the org are the least documented or clear? How do I want to handle that situation (passively monitor vs deny all) ?
For more information on this topic, check out the following resource:
https://help.zscaler.com/zpa/step-step-configuration-guide-zpa
