Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

News & Announcements

OneMain Financial: Benefits of Leaving Broadcom for Zscaler


I’m sure you’ve heard us talk a lot about the myriad reasons to dump your Broadcom appliances and move to the Zscaler cloud platform. But, if you think we’re a bit biased on the subject (OK, maybe we are a bit), then maybe you’d like to hear from one of the hundreds of our customers that have made the switch.

We spoke with Daniel Kelly, senior vice president of IT at OneMain Financial, one of the largest lending-exclusive financial companies in the United States. This financial leader has been in existence for more than 100 years and has lent more than $152 billion to customers across 44 states since 2005. The company recently switched from a stack of Broadcom (formerly Blue Coat) appliances to Zscaler Internet Access and Mr. Kelly shared some of the results with us.



Before we look specifically at OneMain Financial, let take a quick look at something that is top of mind of just about every executive—costs. Over just a three-year span, organizations can save millions with a cloud-based security-as-a-service platform over a hardware-based security stack.

As if that wasn’t enough reason to switch, here are some of the specific benefits seen by OneMain Financial after it switched from Broadcom appliances to Zscaler:

  • Improved performance: OneMain reported zero employee complaints after the switch to Zscaler. It also discovered that 95 percent of its traffic in the Zscaler cloud has less than 1 millisecond of latency.
  • SSL inspection: As 96 percent of its traffic was encrypted, OneMain Financial was now able to inspect all of that traffic, which it used to be blind to.
  • Microsoft: With Zscaler, OneMain Financial was able to take advantage of the Microsoft best practice—moving away from the express routes and to Zscaler directly out to the internet.
  • Disaster recovery: The process of disaster recovery planning was made easier. OneMain Financial no longer needed to worry about matching up proxies in each data center with the proxies in the main data center.
  • Cost: The Zscaler platform provides OneMain with predictable costs as there are no capacity limitations and no hardware refreshes needed.
  • Staff: The IT team used to have to reboot their proxy servers at least once a month, sometimes three times a night, to keep the devices healthy and working properly. Now, IT team members can spend their time on strategic initiatives instead of on appliance maintenance.
  • Simplified administration: Policy administration is centralized. With Zscaler, changes only need to be made in one location instead of 10 different places, as was the case before. And since any changes would have to have been done manually at each location, there was always the chance of an error being introduced along the way.
  • Support: Zscaler provided OneMain Financial with a dedicated technical account manager to provide assistance, and OneMain Financial reported that the support with Zscaler has been stronger than with Broadcom. Even before the Broadcom acquisition, OneMain Financial often found it difficult to get support for the Blue Coat appliances it was using.


Lessons learned

Of course, undertaking a task, such as replacing your entire legacy appliance stack, can seem daunting. But Mr. Kelly offered some tips and suggestions that anyone contemplating this type of move cloud use to their advantage.

  • Identify legacy proxy references early. OneMain had several servers that accessed the internet directly, and that number has evolved over time. But it wasn’t well-documented as to which servers those were. So Kelly and team had to spend quite a bit of time tracking down all of that information. OneMain also monitored the traffic from its legacy appliances to see that the volume went down as it shifted to Zscaler. By the time OneMain’s appliances were decommissioned, that number was was nearly zero.
  • Pilot users with special access privileges: Kelly and team focused on providing access to those employees that need special privileges, for example, members of the marketing team that require access to social media sites that are blocked for rest of company. After working through all of the special privileges, converting the rest of the users to Zscaler was easy.
  • Manage partners with allowlisted addresses: Many partners were explicitly allowing OneMain’s IP addresses. It is imperative that organizations reach out to customers to get a complete list of those addresses. (For OneMain Financial, the list of those partners and IP addresses was also not well documented, but they are now, according to Mr. Kelly.) After the shift to Zscaler, partners can either trust the Zscaler IP addresses or rely on ZIA Service Edges (formerly known as VZENs) to anchor OneMain’s IP addresses.
  • Going mobile: Mr. Kelly and the IT team preferred to use Zscaler Client Connector (formerly Z App) for its mobile workforce. However, due to the large number of virtual desktops in use by OneMain Financial, the team developed a hybrid approach for its mobile users. Mr. Kelly recommends working with your end user computing teams to determine the best approach for your organization.


Better in the cloud

Like so many others, OneMain Financial has discovered the benefits of leaving their Broadcom appliances behind and moving to Zscaler. Isn’t time you do as well? Check out this webinar to hear more about OneMain Financial’s journey or visit our website to learn how Zscaler can help you break free from Broadcom.

Steve Grossenbacher is a director of product marketing at Zscaler

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.