Protecting Internet-Facing Assets with Zero’s External Access Portal
Published February 13, 2025
Arik Diamant Product Marketing Manager
Let’s face it: external access solutions are broken. In this post we’ll explain what’s so flawed about VPN and VDI when it comes to connecting external users to organizational networks, and conclude by proposing a safer, more convenient way to connect.
The External Access Dilemma
Existing solutions for external access are far from ideal. Organizations typically face two problematic options:
Directly exposing applications to the internet creates a massive security vulnerability—essentially rolling out the red carpet for potential attackers.
Meanwhile, traditional VPN and VDI solutions, while somewhat more secure, bring their own operational headaches and are still an attack surface on their own. Let’s dive into these solutions to understand why they fall short:
Connecting external users with VPN: The administrator’s nightmare
VPN clients require installation and regular maintenance, creating adoption barriers and ongoing management overhead. When dealing with external users who use BYODs –(Bring your own devices) – VPN client installation can take weeks or even months and entails painfully expensive maintenance, making this solution a poor fit for connecting external users.
Connecting external users with VDI: Latency Galore
Although Desktop Virtualization solutions (VDI’s) require no client installation and work well from a browser- the user experience is heavily impaired. Relaying desktop bitmaps over the internet introduces high latency and leads to a notoriously fragmented user experience.
On the organization side- supporting VDI access requires a dedicated infrastructure: VDI servers and load balancers, as well as servers for maintaining images of user desktops. If using cloud based VDI solutions, those come at a high $ cost. While VDI solutions present themselves as an easy patch- they end up costing organizations heavily in time and resources.
Is it really that safe? Security Concerns related to VPN/VDI
While VPNs and VDIs provide some security, they also introduce a vulnerability: Both VDI and VPN connections typically provide users with broader access than actually required, opening the door to potential exploitation. Moreover, these VPN or VDI are exposed to the internet and are an infiltration point by themselves, as has been seen on many occasions with various vulnerabilities on both VPN providers and VDI providers.
Introducing Zero’s External Access Portal
Zero Network’s External Access Portal grants external users restricted, just-in-time MFA-based access to the applications and services they need without exposing network assets to the internet- and without the need for VPN or VDI.
Here’s how it works:
Internet facing assets and applications are segmented at the network level using Zero Networks, effectively blocking network access to them completely. Setting up this segmentation takes less than an hour:
Next, the administrator defines which users or group can access what service and applications:
When a user tries to connect to a segmented service or application they are forced to go through an MFA process on their mobile device.
Once the MFA process is completed successfully – the service or application is dynamically opened only to that user’s machine and the user is automatically routed to that service or application.
The access these users are granted is as granular as required- providing them a gateway only to the services they require and nothing more, with the access window remaining open for the duration defined in the access policy (default- 12h).
Because Zero Networks segments the internet-facing servers at the network level- anyone else on the Internet will not be able to access these services, even if they have a valid username and password.
How Zero Networks External Access Portal compares to Legacy Solutions
The external access portal was designed to outperform legacy solutions for external access, providing admins peace of mind without the performance penalty or the maintenance overhead:
| Zero External Access Portal | VPN | VDI | |
|---|---|---|---|
| Solution Setup | 1 server installatoin | Server installation + thousands of client installations | Multiple servers for the VDI virtualization backend + VDI orchestration infrastructure + load balancers |
| Setup Time | 1 hour | Weeks to months | Weeks to months |
| Solution Maintenance | No maintenance | Require software updates on thousands of unmanaged devices | Requires maintenance of Virtualization Infrastructure as well as VDI Images |
| VM- compatibility | Works from either physical or virtual machines with no changes | If you run several VM’s on your device- you need to install the VPN client on each of them | Works from either physical or virtual machines with no changes |
| Performance & user experience | The Fastest connection possible with no performance impact | Fast but slightly slower than the direct connection over SSL | VDI client experience is slow due to the load on the virtualization infra and latency of relaying of screen bitmap |
Use Case Examples for Zero Networks External Access Portal
Connecting external vendors to company services without exposing servers to the internet
Zero Networks External Access Portal enables organizations to safely integrate these external vendors to your apps and services they need access to while making sure no one else on the internet even sees them let alone try to hack them (MFA first and open ports later).
Connecting Students to Faculty Services without exposing Servers to the Internet
Universities face the complex challenge of providing thousands of students with secure access to various faculty services on an ever-changing, semester-by-semester basis. Zero Networks’ External Access Portal simplifies this process, enabling easy management of diverse access requirements while maintaining robust security.
Conclusion
As organizations increasingly rely on external talent and remote access, traditional VPN/VDI solutions no longer provide adequate security or usability. Zero Network's External Access Portal delivers a modern approach to external access management, combining enterprise-grade security with seamless user experience. By implementing zero trust principles through a browser-based solution, organizations can confidently expand their external collaboration while maintaining robust security controls.