Market Overview

Zscaler Becomes the First Cloud Services Provider to Receive FedRAMP Authorization for a Dedicated Zero Trust Remote Access Platform


ZPA-Government, Zscaler Cloud Security Granted Authority to Operate
by FCC

(NASDAQ:ZS), the leader in cloud security, today announced
that Zscaler Private Access-Government (ZPA™-Government), its
application access platform, meets the Federal Risk and Authorization
Management Program (FedRAMP)
Moderate security requirements and was granted Authority to Operate
(ATO) by the Federal Communications Commission (FCC). ZPA-Government is
the first Zero Trust remote access platform that has received FedRAMP
approval. FedRAMP Authorization enables Zscaler to expand its sales
pursuit of Federal market share.

FedRAMP is a federal program which assures a standardized,
government-wide approach to security assessment, authorization, and
continuous monitoring for cloud products and services.

With this milestone, Zscaler can market and sell the company's
ZPA-Government cloud service to government agencies wanting to access
sensitive applications and data from anywhere on any device, while
maintaining the highest levels of security and performance set by
FedRAMP's stringent security compliance standards.

"We've found Zscaler to be a valuable partner as we move to a Zero Trust
architecture to better secure our users as they access the
ever-increasing number of applications delivered on cloud services,"
said Byron Caswell, Senior Advisor for FCC's Information Technology
organization, and core member of the FCC's FedRAMP Authorization
program. "Our decision to sponsor ZPA-Government for a FedRAMP Moderate
Authorization is evidence of the Commission's belief that the cloud
offers a more secure, efficient, and cost-effective way to secure core
Federal missions. With ZPA-Government we're able to connect trusted
users to trusted internal applications over a Zero Trust platform,
eliminating issues associated with traditional Trusted Internet
Connections (TIC)-based VPN solutions that require significant
maintenance and excessive backhauling."

TIC, a mandate from the Office of Management and Budget (OMB), was
issued in 2007 to ensure that all external connections are routed
through a government agency that has been designated as an approved TIC
Access Provider. It is widely considered to cause latency for remote
users accessing modern day cloud and external hosted applications.

ZPA-Government is a cloud-based service that provides seamless and
secure Zero Trust access to internal applications for authorized users.
The service uses a software-defined perimeter, not appliances, to
provide comprehensive security and a fast, seamless user experience.
Access is the same whether agency applications are hosted in the
government data center, in the AWS GovCloud, or in another service.
ZPA-Government replaces legacy VPN technology and provides encrypted
(TLS 1.2) connections to applications. ZPA-Government uses signaling
technology over the internet to create this encrypted connection without
the inherent risks of a VPN, which can expose critical data.
ZPA-Government allows users to create a trust-to-trust connection,
meeting the federal government's encryption guidelines and allowing
traffic to bypass the TIC mandate.

ZPA-Government connects users to applications without placing the users
on the network, not only eliminating the risks introduced by unmanaged
devices but also reducing the threat of lateral access. Inside-out
connectivity ensures that applications are "dark" to unauthorized users
and that they are never exposed to the internet, reducing the
possibility of DDoS or other internet-based attacks. In addition,
ZPA-Government provides visibility into an agency's full internal
application environment, enabling IT to understand user activity and
discover and define access policy for internal applications.

"The rise of the mobile workforce and the increased use of cloud-based
applications have eroded the security perimeter," said Stephen Kovac,
Vice President of Global Government and Compliance, Zscaler. "Agencies
need cloud-based security solutions to securely connect trusted users to
trusted internal applications. ZPA-Government's Zero Trust approach does
just that, without using a VPN, and without the backhaul latency of the
TIC based VPN solutions."

Additional Resources

Follow Zscaler on LinkedIn
and Twitter

For sales and pricing information contact

About FedRAMP

FedRAMP is a government-wide program with input from numerous
departments, agencies, and government groups. The program's primary
decision-making body is the Joint Authorization Board (JAB), comprised
of the CIOs from DOD, DHS, and GSA. In addition to the JAB, other
organizations such as OMB, the Federal CIO Council, NIST, DHS, and the
FedRAMP Program Management Office (PMO) also play key roles in
effectively running FedRAMP.

Using a "do once, use many times" framework, the program ensures
information systems/services used government-wide have adequate
information security; eliminates duplication of effort and reduces risk
management costs; and enables rapid and cost-effective procurement of
information systems/services for federal agencies.

About Zscaler

Zscaler™ enables the world's leading organizations to securely transform
their networks and applications for a mobile and cloud-first world. Its
flagship services, Zscaler Internet Access™ and Zscaler Private Access™,
create fast, secure connections between users and applications,
regardless of device, location, or network. Zscaler services are 100%
cloud delivered and offer the simplicity, enhanced security, and
improved user experience that traditional appliances or hybrid solutions
are unable to match. Used in more than 185 countries, Zscaler operates a
multi-tenant, distributed cloud security platform that protects
thousands of customers from cyberattacks and data loss. Learn more at
or follow us on Twitter @zscaler.

Zscaler, Zscaler Internet Access, and Zscaler Private Access are
registered trademarks of Zscaler, Inc.

View Comments and Join the Discussion!