Omnissa Identity Services, replacing Workspace ONE Access or the former VMware Identity Manager, provides multi-factor authentication, conditional access and single sign-on to SaaS, web and native mobile apps.
N/A
Zscaler Private Access
Score 8.9 out of 10
N/A
Zscaler Private Access™ (ZPA) gives users secure access to private apps and OT devices while enabling zero trust connectivity for workloads.
Workspace ONE Access is a good fit for a variety of corporate scenarios, such as the need for businesses to provide secure access to their data and applications, the need to lower the costs associated with managing multiple user identities, and the need to boost employee productivity by streamlining access to corporate resources. It is less appropriate if you are not using all of its function and just use it for a particular function undermining its capabilities for example in our organization the use case is primarily restricted to giving staff members safe access to company information and applications which debunks its other features such as compliance and product support that it provides.
Zscaler Private Access works really well in environments setup for FQDNs and where you know what users should/shouldn't be accessing on what ports. You can use Zscaler Private Access to figure out these kinds of features but that doesn't always mean you'll be correct. It also provides a consistent experience for users as they can access their materials anywhere. It also makes the user the last line of defense. If a user's account is compromised then the attacker has access to everything they already did. It doesn't work great in OT environments or Server based environments. Flows have to be initiated from the client and not the server for stuff to behave properly.
It provides an "SSO" type experience for access to applications and data. Users sign in to one "portal" and then have access to whatever university systems they need to do their job.
It greatly simplifies securing these types of access. Firewall rulesets can be made much simpler and easier to manage, as well.
Application Segmentation and Listener Configuration - The way applications are defined and listened for is fundamental to ZPA, but can be a source of frustration, especially when dealing with legacy or non-HTTP protocols
The ZCC is the user's primary gateway, but its control over local system network behavior can sometimes clash with enterprise requirements.
The environment feels more secure, and we are seeing that users are adapting to it fast. The fact that we have tools to assist the users with their day-to-day access helps, as we can hand it off to the helpdesk without any escalations to the Network team. It is a work in progress for our agency, but we are seeing the benefits from the solution.
We also examined several other options, particularly Lenovo Unified Workspace. The Lenovo product had some advantages over the VMWare product, particularly in the areas of customization of the look / feel and user experience. However, we have been a longtime VMWare customer, and we have VMWare VDI and other product implementations in place now that paired very well with the VMWare product.
Well ZPA is a good solution, however everyone has their own advantage and disadvantages, with ZPA you can deploy ZTNA model, which will help you better control on access, however Palo Alto, Fortinet they are also market leading firewall solution, and you can not deny if they are not providing the same features.
Better control over organization data and its applications.
The software has frequently allowed us to save money on application security and mobile device management.
It offers a lot of features that may be adjusted to meet the requirements of our particular business demands, which has increased efficiency and security for our organization.
Positive: We have now charged users internally for the service
Negative: Dealing with users who also have the Zscaler Client Connector for their company, can cause confusions
Negative: Enabling the Zscaler Internet Access entitlement has been a major headache for us because Zscaler Private Access users can't autheniticate through ZIA on a non corporate device.
