Delivered with Principle – Contact us now

03330 124 003
The Stanley Building, 7 Pancras Square, London, N1C 4AG
Enterprise

Unifying Access After an Acquisition: How Zscaler Cloud Connector and ZPA Securely Connected AWS Workloads in Hours, Not Weeks

By Neil Camden on 17 December 2025

AWS M&A Integration: Connecting Acquired Company Infrastructure with Zero Trust

A long-term Principle Networks customer recently completed an acquisition and needed to integrate the new company's AWS-hosted applications into their existing network - quickly, securely, and without compromising visibility or compliance.

Specifically, they needed webservers in the acquired company's AWS tenancy to make RESTful API calls to an API Gateway in the parent company's cloud-hosted environment. This needed to be across the public internet (there is no direct IP connectivity between the two), but must also be secure through encryption, authentication and authorisation of each connection made.

Zscaler Private Access (ZPA) was already providing secure access to internal and external users, where the Zscaler client, or Browser Access was being used as an endpoint for connectivity.

The M&A Integration Challenge: Extending Zero Trust to AWS Workloads

The challenge was to extend this same zero-trust connectivity model to the acquired company's AWS infrastructure - enabling servers in AWS to securely reach ZPA-published App Segments in the parent company's environment.

The new company had no direct connectivity (e.g. VPN, ExpressRoute, or Direct Connect) to the parent organisation. Traditional approaches like site-to-site VPNs or peering would have introduced unnecessary complexity, management overhead, and security risks - including weeks to implement.

The requirement was defined as:

"Provide secure, policy-driven access between AWS workloads and ZPA-published applications - without exposing private networks or re-architecting existing connectivity."

The Solution: Zscaler Cloud Connector for Secure AWS to ZPA Connectivity

We decided to deploy Zscaler Cloud Connector in the acquired company's AWS tenancy as a lightweight, policy-based access point between AWS workloads and existing ZPA App Segments.

Zero Trust Architecture Design for Post-Acquisition AWS Integration

- ZPA was already in place, publishing the internal applications the AWS servers needed to access.

- We deployed Zscaler Cloud Connector in the acquired company's AWS tenancy to provide outbound security and connectivity to Zscaler's cloud.

- We configured AWS Route53 rules so that DNS requests for ZPA App Segments were directed via the Cloud Connector.

This approach meant:

- The majority of traffic (internet-bound) from the acquired customer's AWS environment still routed via their current Internet Gateway. This allowed the Cloud Connector to be deployed as a small VM, as it is only required to process traffic destined for the ZPA App Segments.

- No direct network connectivity or peering was required between environments.

- All access was brokered by Zscaler's Zero Trust Exchange.

- Policies are centrally enforced via ZPA and are identity-based, not IP-based.

Zscaler Cloud Connector Deployment Steps in AWS

  1. Deployed ZCC via AWS Marketplace template with HA configuration.
  2. Registered Cloud Connectors in the Zscaler portal and associated them with the correct location.
  3. Configured outbound connectivity to the Zscaler cloud (allowlisting required ports).
  4. Updated AWS route tables and Route53 so that traffic to private applications (App Segments) used the Cloud Connector as the next hop.

M&A Integration Results: Secure AWS Connectivity Deployed in Hours

Within just a few hours, the acquired company's AWS environment was integrated securely into the parent company's zero-trust architecture - with minimal configuration and no downtime.

What would traditionally take weeks of planning, multiple change windows, and extensive coordination was completed in a single afternoon.

The business gained:

- Secure, identity-based access from AWS workloads to ZPA applications.

- Centralised visibility and logging across both environments.

- A scalable template for future M&A integrations.

Key Benefits of Zscaler Cloud Connector for Post-Merger AWS Integration

- Zscaler Cloud Connector dramatically accelerates secure connectivity between cloud environments - turning traditional month-long M&A integrations into same-day deployments.

- ZPA App Segments allow private apps to stay private while enabling access based on user, device, or workload identity.

- Avoiding traditional VPN or peering reduces attack surface, simplifies compliance, and eliminates weeks of network engineering overhead.

This project demonstrates how Zero Trust extends beyond users to AWS workloads. By leveraging Zscaler Cloud Connector and ZPA, we delivered a secure, scalable, and operationally simple solution that united two organisations' infrastructures under a single access model.

 

Need Help with Your AWS M&A or Acquisition Integration?

If you're facing similar post-acquisition integration challenges with AWS or other cloud environments, Principle Networks can help you implement secure, zero-trust connectivity.

Contact us today to discuss how we can accelerate your M&A integration timeline while maintaining security and compliance.

 

 

Enterprise
Neil 2 Neil Camden Senior Solutions Architect

Principle Networks

Scroll