Zero Trust Network Access: “Unlocking the core principals of Skyhigh

private access“

May 2023
Komal Grover
Professional services consultant
 Hybrid Work Model: Changing the Security
Landscape
• Remote and hybrid work scenarios are transforming the
workplace.
• IT security must change to meet the needs of this new
reality.

• Traditional security can lead to:

• Bypassing on-premises security
• Malware intrusion
• Data loss

2
 VPN as a Security Target

57% 2000%
of cyberattacks occurred increase in VPN attacks as
while using a VPN 4 companies embrace a hybrid
workplace 5

3
4
Forbes, Business VPN Users Safety, March 6, 2023
5
Help Net Security, VPN Attacks Up, June 15, 2021
VPN Access Limitations

VPN
Implicit trust
Network-level access
No contextual access
No content-malware
inspection
Unscalable and no support for
BYOD

4
4
 The Era of Zero Trust

• Zero Trust is the term for an evolving set of cybersecurity

paradigms that move defenses from static, network-based
perimeters to focus on users, assets, and resources.

• A Zero Trust Architecture uses zero trust principles—

ZERO
including “never trust, always verify”—to plan industrial
and enterprise infrastructure and workflows.

TRUST • 60% of organizations will embrace Zero Trust as a starting

point for security by 2025.

5
8
Gartner Unveils the Top Eight Cybersecurity Predictions, June 21, 2022
ZTNA: How It Works

6
6
Introducing Skyhigh Private
Access

7
 Skyhigh Private Access

Client based access

Clientless access

8
 Data-Aware ZTNA

More Private Apps Outside Adhere to Zero Trust

the Datacenter Principles
Scalable Cloud Capacity

• Skyhigh service provides infinite • No backhauling. Remote users • Tailored access policies (Identity,
scalability connect to the applications hosted application, context and dynamic
• No on-prem appliances in public cloud from our global device posture)
• Reduce MPLS-costs network of PoPs • Secures the data flow using RBI,
• User connects to the nearest PoP, • Low latency DLP and Advanced Threat
to improve user experience • The private applications are protection
• Allows access with an agent or invisible to internet • Access to individual resources is
agentless granted on a per-session basis
Gain Visibility About How Data Is Used – The Ideal use cases

Skyhigh Private Access provides: Secure access for managed and unmanaged devices Unified policy across
web, SaaS, and private applications from a fully converged platform managed by a single console.

Integrated Data Loss Prevention (DLP) scanning and seamless Remote Browser Isolation (RBI) integration
for robust data protection.

Antimalware scanning and emulation-based sandboxing to prevent malware from being uploaded to private
apps

Provides auto discovery and application access visibility that helps to identify applications accessed by a
user/set of users to provide granularity in the application access.

10
Understanding the
architecture

11
 Private access architecture
Distributed Routing Table

Internet Internet Connector 1

Encrypted Tunnel Encrypted Tunnel

Intranet

Geo1 – PoP1 Geo2 – PoP2

Internet
En

Engg App
cr

Connectivity HR App
yp

hr.acme.com engg.acme.com
te

Options
d
Tu
n ne
l

Internet Connector 2

Encrypted Tunnel Intranet

End User
Device

Geo3 – PoP3

HR App Mfg App

hr.acme.com mfg.acme.com
 Private Access Workflow
Customer IaaS environment

Manage Connectors Marketing App

Connector Group <> Application mkt.skyhigh.com
PA
Connector 1
App List
Device Info K8S Container
TCP, RDP, SSH, HTTPs
Application
Customer Corporate Net – Site 1

HR App
Client-initiated
hr.skyhigh.com
Secure Channel

SWG DLP RBI Malware Private Access

(ZTNA) PA Engineering App
Skyhigh & GTI
Connector 2 eng.skyhigh.com
Client Proxy

Connector-initiated
Secure Channel
Customer Corporate Net – Site 2
hr.skyhigh.com

SCP checks if this is a HR App

PA application hr.skyhigh.com

C1234567890.wgcs.skyhighcloud Connector 2/3 PA Marketing App

Connector 3 mark.skyhigh.com
Skyhigh cloud
configuration for Private
access

14
Ease of Installation: Connector Installation Script

Connector installation
• Download the PoP package
• extract the package to get the
installation script : infra.sh
• Run the script with the
required parameters

15
Getting the provisioning key

16
Status of the deployed connectors

17
Creating an applications for managed and unmanaged devices

18
Creating access policies

19
Smooth SAML integration with all IDPs

20
Web Security ZTNA RBI CASB Network Security UBA Central Management
Enabling Remote
Working

Use case: Access to SSE (Landing Portal)

21
22
Private access analytics

23
Thank You!

www.skyhighsecurity.com