Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

News & Announcements

Is your corporate network running on fumes?

November 22, 2013 - 6 min read

For years large corporations have spent millions of dollars investing in infrastructure to support connectivity for their employees. Whether connecting to the Internet or to corporate applications the problem of being able to get onto the “Network” has always been an issue for internal IT department to fix.




However, we are experiencing a fundamental shift in how we think about network infrastructure as distributed businesses move to adopt public and hybrid clouds.



It is interesting to review the various links in the evolutionary chain that represent a dramatic shift in capital investment being transitioned into a service model.

  1. WiFi/Wireless networks
  2. Global Internet access
  3. Cloud based applications
  4. The evaporation of the corporate perimeter
  5. Personal compute platforms, BYOD and our multiple personalities

These areas have the potential to provide businesses with what they want and when they want it, delivered in a convenient consumption model that is underpinned by SLAs  to engender trust with business leaders. Of course, there are issues in developing these disparate models into a ubiquitous service, which ultimately means everyone sits on a non-corporately owned network.

So the idea is big:

  • Assume everyone is always on a completely untrusted, non-owned network.

The challenge is huge:

  • Secure an environment, which through definition of your initial assumption is untrusted.

BUT, and it’s a big but, if you can create an environment where you square these two opposing perspectives, then it becomes apparent how the Layer 1, 2 & 3 technologies that litter every corporation could be re-architected as a highly repeatable, standard service.

Considering the ubiquitous nature of 3G/4G networks, why don’t corporations invite telecom providers to install a public hotspot into its organization and have its entire workforce telecommute to the office even when they’re in the office?

The reason of course is easy to articulate: Security.

For years we’ve wrapped our organizations in the security of the corporate perimeter to make sure key assets are safe on the inside. Users are only able to connect to the corporate network if they have the right credentials and certificates. Access to sensitive applications and data is controlled at the network layer with complex sets of rules and access to the Internet was monitored because most of it used to be non-work related.

Unfortunately today the perimeter is so porous it serves little to no purpose. Most of our working life is conducted on the Internet with users spending the majority of their time being either connected directly to the Internet or surfing to content that is connected directly to it.

Even the applications we decided to keep are moving into the cloud and being hosted at Amazon, Azure, Terremark and many more, either as either private or public cloud solutions. In addition, the other applications we historically had are being completely replaced by new cloud based solutions such as, Workplace, NetSuite.

The impact on IT is that users now expect the same experience irrespective of where they are and irrespective of the device they choose to use as their preferred weapon for mounting the assault on the daily grind.

When looking logically at the problem there are two directions we can go:

  1. Deliver a secure perimeter around every individual device and recreate the environment we’ve been operating in for the last 20 years, around every physical access point, i.e. PC, Mac, iPhone, iPad, Android, M2M
  2. Build a multi-tenanted, defensive perimeter around the Internet through which all traffic must past. A dramatic departure from the existing approach, but one that starts to look more like a true utility model.

The similarities between this and the evolution in the power industry are startling.

In the initial years, power was generated locally using generators configured for domestic or business use. When the power companies developed the grid (the power equivalent of the Internet) and looked at producing/distributing power on a massive scale, they did not purchase thousands of small scale generators and host them in a huge warehouse.

Along with an army of people ensuring they were fueled & ready to go, waiting for demand to climb at which point they fire up more generators. Anyone could look at this as a potential solution and see the flaws of approaching the problem in this way.

Instead they developed huge power stations, creating massive amounts of electricity in a very efficient manner and distributed the power in a pay as you use business model.

The catalyst for all this is happening in an IT environment has clearly been the Internet.

Whereas the power grid was driven hand in hand with the rollout of the power station and looked more like unidirectional wave, the Internet has created a ripple effect, which sees the wave spreading out in all directions.

With a fast, robust, reliable and efficient networking infrastructure underpinning global connectivity, it now becomes a viable option to have all our employees and services utilize this as a single, ubiquitous access mechanism for all our IT services.

Now we can worry less about protecting the ‘Network’ and focus on where our attention needs to be placed: users  and application data.

With this comes the second paradigm shift of device management.

As a corporation should we worry about dictating what device an employee uses?

We still offer employees a corporately owned device if needed, but how many now prefer to use their own device for work? Whether it’s an iPhone, iPad, Android or even their laptop.

The corporate world should be able to run in a secure environment within each of these devices and the baby steps currently being walked down the BYOD path will see significant further advances tomorrow.

So as we look forward we start to see an environment where each of our key corporate IT assets are surrounded by traditional secure access technologies, fine tuned for protecting the specific application data, allowing the right people in and the appropriate data out.

Our users however must be protected wherever they are, through the creation of a utility-based model that delivers security in the cloud. Certain organizations will struggle with a VM based delivery model (i.e. moving the generator into a big, virtual, central warehouse) but eventually the true utility model will prevail. Building a secure shim-layer around the Internet itself and ensuring our users are protected in all their interactions is the only real way to proceed.

There is of course the aspect of a corporation alleviating any potential liability as a result of taking this approach and adopting a network as a service. Because it simply becomes an open public network being operated by a well-known 3rd party, with coverage across a corporate location, any risks associated with providing Internet access could be viewed as being passed to the provider also.

So clearly, all of these advancements will be driven through strong business partnerships.

Business should be looking for a service provider who can help you efficiently/securely run your apps, protect your end-user devices, deliver the network to any desktop as a service and provide you with a security and compliance solution that follows the user wherever they go.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.