Mais conteúdo relacionado
Semelhante a Rethinking Cybersecurity for the Digital Transformation Era (20)
Rethinking Cybersecurity for the Digital Transformation Era
- 1. Presentation title here—edit on Slide Master
©2018 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc.
in the United States and/or other countries. All other trademarks are the property of their respective owners.
Rethinking Cybersecurity for the
Digital Transformation Era
Dan Shelton – Director, Product
Management
- 2. ©2018 Zscaler, Inc. All rights reserved.
What is Changing?
The cloud and mobility are creating a megashift for Digital Business
and IT Transformation
Disrupting 30 years of networking and security architectures
Users have moved
off the corporate network and are
connecting from everywhere
Applications have moved
out of the data center and
into the cloud
- 3. ©2018 Zscaler, Inc. All rights reserved.2
Zscaler enables secure IT transformation to the cloud
Fast and secure policy-based access to applications and services over the Internet
Global load balancing
Distributed denial of service protection
External firewall / intrusion prevention
VPN concentrator
Internal firewall
Internal load balancer
Firewall / intrusion prevention
URL filter
Anti-virus
Data loss prevention
Secure sockets layer inspection
Sandbox
Open internetSaaS Public cloud
Private cloud /
On-premise
data center
Any device, any location, on-network or off-network
EXTERNALLY MANAGED INTERNALLY MANAGED
Securely connects users to externally managed
SaaS applications and internet destinations
Zscaler Internet Access
Securely connects authorized users to
internally managed applications
Zscaler Private Access
HQMOBILE BRANCHIOT
- 4. ©2018 Zscaler, Inc. All rights reserved.
The Complex Infrastructure of a Large Global Organization
Open internet
MPLS
MPLS MPLS
MPLS
• 9 Data Centers
• 8 internet egress points
managed by 6 different teams
• 8 email systems managed by 6
different teams
900 locations across
22 countries
10,000 Users
3,000 Remote Users on
5 VPN solutions
17 MPLS providers with
various configurations
Unreliable | Difficult to Manage | Lack of Visibility
Poor End-User Experience | Significant CAPEX and OPEX
Fail-Over
EMEA DC
Fail-Over
NA DC
- 5. ©2018 Zscaler, Inc. All rights reserved.©2017 Zscaler, Inc. All rights reserved.4
Five Phase Journey
Phases 1-3: Network Transformation with Focus on
Consolidation, Enhanced Security Posture, an Architecture
Purpose-Built for Leveraging SaaS, and Cost Savings
- 6. ©2018 Zscaler, Inc. All rights reserved.
Cloud Transformation Journey – Phase 1
Four initiatives – 9 months
1. WAN vendor consolidation
2. SD WAN at 870 branches
3. Embrace Office 365 and phase-
out local email servers
4. Local internet breakouts with
appliances
30 Country &
Regional HQs
870 Branch
Locations
MPLS
WAN Vendor
9 Data Centers
Open Internet
IPSEC-to-MPLS architecture
(No MPLS at braches)
Branch office users were still complaining their internet experience was poor.
MPLS
WAN Vendor
SaaS
Benefits
• Cost savings
• Better internet experience at
country and regional HQs
• Simplified IT by standardizing
email/SharePoint and
reducing MPLS vendors from
17 to 1
1
4
MPLS
WAN Vendor
2
3
- 7. ©2018 Zscaler, Inc. All rights reserved.
Cloud Transformation Journey – Phase 2
One initiative – 9 months
1. Implement local internet
breakouts in all branches
30 Country &
Regional HQs
870 Branch
Locations
9 Data Centers
MPLS
WAN Vendor
Open Internet
Option 1: Deploy branch
firewalls in 870 locations.
Option 2: Implement Zscaler
Cloud Security Platform.
XX
Office 365 required more than just traditional proxy ports.
Visibility provided by Zscaler led to courageous conversations on OSI Models Layers 8,9,10.
SaaS
Benefits
• Reduction in branch user internet
complaints (less pushback)
• Avoided the cost and overhead of
deploying 870 security appliances
• 60% reduction in Data Center
bandwidth requirements
• Enhanced Security Posture – SSL
inspection, cloud sandbox, DLP,
and SIEM integration
- 8. ©2018 Zscaler, Inc. All rights reserved.
Cloud Transformation Journey – Phase 3
Three initiatives
1. Implement Zscaler Cloud Firewall
and Bandwidth Control for O365
2. Reduce security appliance
requirements at country /
regional HQs
3. Protect mobile users
30 Country &
Regional HQs
870 Branch
Locations
9 Data Centers
MPLS
WAN Vendor
Open Internet
Delivered a consistent end-user experience to IaaS and SaaS applications at all branch and HQ locations,
but the mobile user was still struggling
SaaS
Benefits
• Eliminated security appliances in
country & regional HQs
• Better Office 365 user
experiences in all locations
• Reduced risk by providing
identical security controls to
mobile workers
- 9. ©2018 Zscaler, Inc. All rights reserved.©2017 Zscaler, Inc. All rights reserved.8
Five Phase Journey
Phases 4-5: Updated Application Delivery Strategy with Focus on
IaaS, Consolidation, and Consistent End-User Experience
- 10. ©2018 Zscaler, Inc. All rights reserved.
9 Data Centers
MPLS
WAN Vendor
Open Internet
SaaS IaaS
5 Data Centers
Cloud Transformation Journey – Phase 4
Three initiatives – 12 months
1. Migrate apps to IaaS – re-
platform critical apps to be
browser accessible
2. Deploy virtual NGFWs and load
balancers to eliminate traffic
tromboning
3. Consolidate data centers
30 Country &
Regional HQs
870 Branch
Locations
VM
Virtual NGFWs and load balancers were expensive, didn’t scale, and micro-segmentation challenges.
User confusion on when to use VPN and when they could use a browser.
Benefits
• Reduced data center costs
• Reference Architecture to provide
users better access re-platformed
apps (No VPN)
- 11. ©2018 Zscaler, Inc. All rights reserved.
MPLS
WAN Vendor
Open Internet
SaaS
5 Data Centers
IaaS
VM
Cloud Transformation Journey – Phase 5
Two initiatives – 6 months
1. Seamless End-User Experience -
Implement Zscaler Private Access
2. Reference Architecture for a
Zero-Trust Network Model
30 Country &
Regional HQs
870 Branch
Locations
Future-proof app delivery strategy with positive end-user experience.
Benefits
• Simplified access to all
applications
• Eliminated the cost and
complexity of virtual firewalls
and load balancers in IaaS
• Enhanced security posture – app
microsegmentation, reduced
inbound attack surface,
enablement of zero-trust
network model
- 12. ©2018 Zscaler, Inc. All rights reserved.
Transformation Journey – Summary
Cost Savings
8% of Overall IT Spend
(Optimized Network/Security Arch, DC
Consolidation, O365, etc.)
Cost Avoidance
$2.7M in appliance sprawl
Network transformation – SDWAN at 870 locations and deployment of 30 local breakouts with appliances
Network transformation – ZIA deployed to support local internet breakouts in 870 branch offices
Global collaboration tools – Successfully deployed Office 365 with Cloud FW and Bandwidth Control
Data center transformation – Moved apps to Azure/AWS and consolidated data centers
Application access transformation –Eliminated VPN, zero-trust network model, positive end-user experience
1
2
3
4
5
Benefits
Agile IT environment
Consistent end-user experience
Reduced business risk
- 14. ©2018 Zscaler, Inc. All rights reserved.
©2018 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc.
in the United States and/or other countries. All other trademarks are the property of their respective owners.