With private applications moving to cloud and users working remotely, enterprises need a service that can ensure private apps are accessed securely while delivering a frictionless user experience. Even with the buzz around zero trust security some enterprises attempt to use incumbent network-centric architectures, which rely on next-gen firewalls built for access to the network, as a way to now limit user connectivity to applications. These incumbent architectures are a mismatch for today’s needs and were not designed to connect authorized users to specific apps. They force users to be placed on-net and often lead to risk of lateral movement to other apps, and IP addresses exposed to the Internet and DDoS attacks via VPN concentrators that sit at the edge of the network and listen for inbound pings.