thejusticier: what if the employee uses a different web browser that may not have been configured? or would the configuration apply to any web browser that runs on your laptop or phone?
XMFBreakerTinker: The employee will not be on the corporate network nor will Zscaler allow access to a non Zscaler equipped browser. Thereby the employee cannot by pass security as they can and often do out of convenience using traditional systems. It is yet another security improvement that Zscaler provides.
Let me attempt some clarifications. First, the ZScaler mobile app does indeed cover all access from that phone/tablet, like a VPN would. Not for laptop/desktop, though. But, more importantly, the application itself is configured to only connect to ZScaler directly. This is necessary to reject any external hacker requests. Remember, ZScaler acts as a middle-man between request and requestor. ZScaler will reject any non-authorized user and the app will reject any request that doesn’t come from ZScaler. Exceptions can be made, such as allowing an inside the corporate network application to respond directly to an inside the corporate network user, but that hinders some of the security that ZScaler can provide so I suspect most companies don’t do that.
I don’t know what Tinker means by “by pass security as they can and often do out of convenience using traditional systems.” Typically, internal applications are on the corporate network and literally not accessible except from the corporate network. Remote employees must use VPN to get on the corporate network, which requires them to log in. That’s secure and not bypassable, albeit inconvenient.
What ZScaler adds is protection from hackers getting viruses and such onto employee computers and having those viruses, once the employee is on the network, from doing damage to ZScaler protected applications. The virus would go through ZScaler’s server software, which scans it and only sends it to the app if it’s clean. Of course, ZScaler itself may have a bug or may not recognize certain viruses and let something through that it shouldn’t, but that’s not much different than any other security solution today.