The last decade has seen a massive shift in the way organizations—both big and small—have adopted cloud technologies to drive innovation and efficiency. Today, 94% of organizations use cloud services, including some mission-critical services such as user identity, security, and productivity. As the cloud security leader, Zscaler secures the traffic and data for more than 40% of Fortune 500 companies, making Zscaler a critical component of the technology stack.
Organizations risk costly interruptions
The benefits of cloud computing are profound, but they are not without concerns over the resilience of these mission-critical services as evidenced by the recent Interxion data center outages in London or the internet cable cuts in France. In fact, 80% of organizations have experienced some form of cloud outage in the last three years with losses to revenue, productivity, and reputation. These outages could be a result of a variety of different factors, ranging from power cuts and software issues to natural disasters or nation-state attacks. Regardless of what the cause may be, disrupting an organization's operations is unthinkable and calls for stronger cloud resilience to manage blackouts, brownouts, or catastrophic failures.
Introducing Zscaler Resilience
At Zscaler, we strive to delight our customers with innovations that make organizations more agile, efficient, and secure. We also understand how critical Zscaler is to our customers and make the reliability, availability, and serviceability (RAS) of our products a top priority for the company. Zscaler products have a long history of near-perfect uptime and are backed by industry-leading service level agreements (SLAs)—but we don’t want to stop there.
Today, we are excited to announce the availability of Zscaler Resilience.
Zscaler Resilience is a complete set of resilience capabilities that ensures uninterrupted business continuity for customers during blackouts, brownouts, and catastrophic events. It is built on the platform’s advanced architecture and enhanced by operational excellence to offer high availability and serviceability to customers at all times. Zscaler’s customer-controlled disaster recovery capabilities, in combination with a robust set of failover options, support customers’ business continuity planning efforts in all failure scenarios, making Zscaler’s security cloud the industry’s most resilient.
Resilient by design
Hardware systems that are designed from the ground up with over-provisioning of processing capacity and redundancy provide the foundation for high resilience. This, combined with our cloud-native, multi-tenant data center architecture and carrier-neutral connectivity, ensures that the Zscaler cloud stays resilient in the face of network or workload stresses.
In addition to our resilient infrastructure, Zscaler has perfected a set of equally resilient operational processes through our experience operating our inline security cloud—the world’s largest—for over 12 years of service and counting. Agile software development, purpose-built deployment infrastructure, proactive cloud monitoring, and incident management round out a comprehensive set of operational processes to continuously innovate in the cloud.
Ensuring resilience across all failure scenarios
Not all failures originate in the cloud, however, and interconnections leading up to the cloud can sometimes deteriorate and degrade performance for customers. These failures can lead to other failures as simple as disk or data center outages to complete outages of the cloud in which end users have no access to applications.
Fig 1: End-to-end resilience capabilities from Zscaler
Many minor failures are typically invisible to the customers since Zscaler’s robust architecture and operations will autonomously handle them in the background offering uninterrupted continuity for customers.
Zscaler’s resilient infrastructure can dynamically and automatically take several measures when a blackout or brownout is detected. When access to a certain data center is impacted, Zscaler mitigation efforts could be as straightforward as switching to an alternate carrier or data center provider to mitigate network issues or leaning on the over-provisioned capacity of the data center itself to support additional transient load. When using Zscaler Client Connector, automatic failover kicks in and switches traffic to the secondary gateway. An unintentional or unexpected drop in network service quality due to the brownout however can prove costly - both in terms of lost productivity and revenue, if not managed properly. When Zscaler CloudOps discovers that an upstream ISP gives suboptimal routing, we can reroute traffic through a secondary ISP while we work with the primary one to resolve the issue.
In each of these cases, Zscaler’s digital monitoring solution, called Zscaler Digital Experience, has an important role to play. A drop in performance experienced by users is continuously monitored at each and every internet and network hop between the user and the application giving admins a precise idea about the problem. This then helps them intervene appropriately to select the optional routing for the traffic in a particular geo or region to ensure optimal performance for all users.
Fig 2: Zscaler Digital Experience provides detailed views into network performance
New industry-first capabilities enhance Zscaler Resilience
Today, we are announcing three new capabilities that add to the already robust set of capabilities that are intrinsic to the Zscaler platform and make the Zscaler cloud the most resilient security cloud.
Dynamic performance-based service edge selection
Customers can now quickly recover from brownout scenarios that can cause performance degradation between users and applications by continuously probing the gateways for HTTP latency and autonomously establishing tunnels that choose the most optimal path for traffic. An end-to-end HTTP connection calculates the latency by continuously pinging both gateways and then making a determination. This powerful capability is now in beta and is expected to become widely available soon.
Fig 3: Client Connector continuously monitors & automatically switches gateways for optimal performance
Customer-controlled data center exclusion
With this capability, customers have additional control to customize sub-clouds to temporarily exclude data centers that are experiencing connectivity issues and automatically regain services once it is resolved. When a customer experiences capability issues in a data center, such as a SaaS application peering issue in LAX (which could take hours to fix), that data center can be excluded from the subcloud in the admin portal. Zscaler Client Connector then fetches the new primary and secondary gateway and establishes a Z-tunnel to a new data center.
Fig 4: Customers can manually exclude data centers to create custom sub clouds
Disaster recovery (DR)
With DR capabilities, customers can now continue to access critical internet, SaaS, and private apps even during black swan events that may lead to a cloud outage. When operating in DR mode, direct access to the internet can be restricted to only critical business apps with localized content filtering leveraging Client Connector. For private apps, customers can connect to Zscaler Private Service Edge residing in the customers’ local data center or in a public cloud, where the most updated security policies are still applied without disrupting the business
Fig 5: Zscaler DR mode ensures easy switchover and uninterrupted continuity even during catastrophic failures
Upon restoration of the Zscaler Cloud functionality, the product returns back to normal operation and takes full advantage of the Zscaler Zero Trust Exchange to enable the best of zero trust security and connectivity. The flexibility for the customer to determine what applications are accessed in the DR mode, combined with the ease with which the Zscaler platform switches between the DR mode and normal operations, gives the best security and user experience that is bar none in the industry.
Getting started with Zscaler Resilience
Cloud resilience is a topic we discuss with customers consistently, and we care about uninterrupted business continuity for all our customers. Zscaler’s complete list of resilience capabilities including one pair of Private Service Edges is included in Business (and above) Editions of Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler for Users products today, making it easy for most customers to get started now. Additionally, you can work with one of our Technical Account Managers and Customer Success managers to perform a Zscaler Resilience AuditTM of your infrastructure to identify areas for improvement and for closing gaps before unforeseen events can cause disruptions.