- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Testimonials Hear first-hand transformation stories
- Case Studies Learn about pioneering Zscaler customers
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Platform
- Platform Overview Unified platform for transformation
- Products Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformation
Learn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
- Technologies Global proxy-based cloud architecture
- Capabilities Integrated services, infinitely scalable
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant Leader
Read the reportZscaler: The Only Leader in the 2020 Gartner Magic Quadrant for Secure Web Gateways
- Solutions
- Modern Workplace Enablement
- Security Transformation
- Infrastructure Modernization
- Industries & Partners
- Modern Workplace Enablement Overview Create fast, secure experiences for users everywhere
- Secure Work-from-anywhere Seamless access for the hybrid workforce
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possible
Get startedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Security Transformation Overview A modern cloud approach
- Prevent Cyberthreats Prevent phishing, ransomware, and other attacks
- Prevent Data Loss Protect data everywhere from exposure or theft
![Zscaler capabilities]( "Zscaler capabilities")
The World’s Most Effective Ransomware Protection
Get StartedRansomware is the biggest threat to digital business. Learn how to take a proactive, zero trust approach to safeguarding your enterprise
- Infrastructure Modernization Overview Enable the new world of cloud and mobility
- Simplify Branch Connectivity Simplify and secure direct-to-cloud connections
- Secure Cloud Connectivity Secure connectivity between clouds and workloads
![Zscaler infrastructure modernization]( "Zscaler infrastructure modernization")
Enable the Agile Branch
Watch NowYour network security is costing more than it’s worth. See how five companies drove simplicity, savings and security
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow Deployment
Get StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Tools Training, demos and more
- CIO Library Essential resources for enterprise leaders
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
![Zscaler resources]( "Zscaler resources")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- The Cloud-First Architect Tools and best practices for the cloud
- CIO Insights Curated resources for technology leaders
- Zenith Community Discuss ideas and issues with peers
- CXO REvolutionaries Events, insights, and resources for CXOs
- Training and Certifications Ongoing programs via Zero Trust Academy
- Cloud Security Alliance Securing the cloud through best practices
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Customers Learn about their transformation journeys
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler Careers
Apply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, and more
- Media Kit Photos, logos, and other brand assets
- News and Press Zscaler in the news
- Events Upcoming opportunities to meet with Zscaler
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler Careers
Apply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler Careers
Apply NowJoin a recognized leader in Zero trust to help organization transform securely
CIO Insights
Business Continuity Planning: Six Things CISOs Must Do Now
The unprecedented events that have pushed organizations to evaluate their business continuity planning brings up memories of my time working for the federal government, and remind me of a story that I'd like to share.
The emails and statements started coming in from the U.S. Department of Health and Human Services (HHS), the Centers for Disease Control and Prevention (CDC), and the Federal Emergency Management Agency (FEMA): A contagious virus threatened to upend the functions of the federal government.
My staff and I would be expected to work remotely for an indeterminate amount of time. Our services wouldn't be impacted that much, I thought, since many of us had laptops, and we all had mobile phones. We supported hundreds of remote sites around the country. Surely, we could operate as a distributed team during this time of crisis. And besides, we serve a technologically advanced, first-world country. How bad could an Ebola outbreak be?
Turns out, bad. And no, we couldn't operate well as a distributed team during that time of crisis. It was 2014, and it was only a drill. The Ebola scenario was a coordinated exercise of civilian and government readiness for operational continuity during a hypothetical viral outbreak. It was a test that we failed.
Not everyone in our department had laptops, let alone "fast enough" access to the internet from home. Cell phones, though prevalent, weren't suitable analogs for office desktop computers. Worse, though half the department was able to log on remotely, traffic overloaded the bottlenecked VPN, causing lag, delaying (or blocking) connectivity, and impacting productivity. (This was especially an issue with outlying hospitals trying to practice telemedicine.) We rationed equipment, shuffled work hours, and prioritized access. And our VPN still couldn't handle the overload.
This is not a drill
It's six years later. The human toll of the coronavirus outbreak cannot be measured, and right now, enterprises must focus on protecting the health of employees and community members. The top priority for all organizations must be to mitigate the risks associated with the spread of COVID-19. With that in mind, organizations now must do what they can to preserve enterprise productivity in a “new normal” of work away from the office.
Business continuity planning (BCP) should be (and ideally, should have been) a key component of your corporate strategy. But even if that's not the case in your organization, you can still do something about it.
The operational challenge: Enabling remote work for everyone
Right now, BCP is (by necessity) about telework. And that seems straightforward. If you can't work in the office, just work from home. Many IT organizations plan corporate network capacity to accommodate remote access for 20 to 30 percent of the workforce. But what happens when that grows to 100 percent? Overnight? IT leaders around the globe are learning that getting everyone online from home isn't a trivial exercise:
- More employees -- many more employees -- will use VPN to access corporate resources. Will your infrastructure be able to handle it? (Spoiler alert: No.)
- For an entire workforce to get online, you'll need an entire workforce with devices to get online. You know this already, but not everyone gets a work laptop, and not everyone has a suitable home machine that will work as a substitute. How many functional outdated laptops does your team have collecting dust in the old server room?
- You no doubt have collaboration tools for conferencing and instant messaging. But do you have enough licenses when everyone needs them?
The dark side of remote access: New threat exposure and employees “going rogue” for speed
There’s another more serious issue than remote-connectivity limitations. If your organization relies on VPN to access internal resources and/or internet egress, extending that access to a broader percentage (say, 100 percent) of your workforce dramatically increases your organization’s potential attack surface. The further distance corporate data has to travel, the more opportunities for compromise.
Compounding that, end users who are accustomed to Netflix-like download speeds at home will be frustrated when they encounter latency introduced by VPN constraints and MPLS backhauling. The risk is that they “go rogue” and bypass security controls in the “interest of getting the job done” faster, further exposing internal systems to outside attack.
Keys to enabling remote work: Prioritization, triage, and local internet breakouts
It’s time to change the way you think about security. This current unprecedented event is accelerating changes in how we access applications and data securely. Remote work must be enabled without compromise to security. But this doesn't mean less security, it means different security.
As a CISO, what can you do to facilitate remote work in the face of such connectivity and security challenges? In this newest “new normal,” you will have to make triage decisions:
- Prioritize work. What tasks are most important? What resources will be needed? What assignments can be postponed (or even cut)?
- Prioritize access. How can you align access with work priorities? What work requires always-on connectivity? What work requires occasional connectivity? You may have to provide “tiered” connectivity for employees based on their work priorities.
- Prioritize devices. Similarly, who gets the laptop? Linda in accounting? Fred in sales? Who has a greater need for that last portable machine?
- Ration collaboration apps. You’re going to need more licenses. In the short term, work with finance to reallocate “on hold” spending (say, business travel or events marketing) to enable remote work operations.
- Stagger work hours. If it comes to it, you may have to switch mission-critical work to graveyard-shift hours to overcome connectivity limitations.
- Deploy local internet breakouts. The cloud (and specifically, secure access service edge computing) offers hope: With employees connecting directly (and securely via inline security proxy) to resources, you reduce your attack surface and alleviate VPN bottleneck contention.
We are going to get through this. But we have to learn. (Back in my government days, we said “never let a crisis go to waste.”) Right now, nothing is more important than ensuring the health of your colleagues and community. And the best thing you can do as a CISO is to facilitate remote work.
Forgive the dispassionate cynicism, but enterprises that weather this storm will have a competitive advantage when it passes. And when your organization comes out the other side, don’t stop planning for business continuity. You’ll be better prepared if—perish the thought—there’s a next time.
Stan Lowe is the Zscaler Global Chief Information Security Officer