Enforcing security policy everywhere with a global cloud
Among the five critical elements of cloud security is a global cloud. A global security cloud has an architecture that’s purpose-built to enforce policies equally on all cloud traffic at all locations and for all users.
It’s a new model for cloud security that is fueled by the ongoing disintegration of the traditional network perimeter. Organizations are rushing to capture the benefits of the cloud, which shifts apps, data, and users from inside the old security perimeter to “out there” in the cloud. And they’re doing it in increasing numbers. A typical enterprise uses about 1,000 cloud services with a workforce that is 40 percent mobile. Globally, there are about 30 billion devices connected to the internet. Billions more IoT devices are poised to swarm into use with 5G.
Two fundamental issues impede the ability to secure a cloud-enabled enterprise with a legacy perimeter approach. Remote users are often outside the visibility and control of an enterprise. Furthermore, branch traffic is forced through backhauled links to central or regional hubs, which stunts performance and results in a poor cloud experience.
Another legacy downside is unpredictable security capabilities—the byproduct of deploying, managing, and upgrading appliances for hundreds or thousands of branches. Often, the smaller sites get fewer controls; for example, they might not be able to scan all encrypted traffic or divert potential risks into a sandbox. As a result, security policies are applied unevenly, and the enterprise risk profile rises with higher potential of a breach.
A global cloud, such as Zscaler’s, eliminates all those variables and provides uniform security for all internet-bound traffic at all locations for all users. The cloud-based controls—a security stack in the cloud—means it’s always available to inspect all traffic, all ports and protocols. There is no difference in policy control for an office of thousands or a branch with just five users.
All users access the internet via Zscaler’s multi-tenant global cloud. In addition to automatic application of the full security stack, Zscaler customers get robust performance from more than 100 global data centers on six continents, often collocated for peering with ISPs and major cloud service providers.
The physical footprint of our global cloud is crucial for ensuring availability, security, and performance at scale. Peering on the internet’s backbone applies security at the first hop. Peering also dramatically reduces the number of network hops required to access and use cloud services.
For example, on a traditional hub-and-spoke network, a simple web request can take up to 28 hops as it traverses filters and load balancers, firewalls, and more. The associated latency is like forcing a commuter to slog through 28 road intersections—an experience both frustrating and counterproductive.
Further complicating matters, attackers are becoming more sophisticated and can exfiltrate sensitive data from enterprises and leverage ransomware attacks against organizations, often with precise targeting. The advantage of a global cloud is the capability to immediately share security intelligence and push protections out to all customers, which enables faster, global response to emerging threats.
I invite you to learn more about what the Zscaler global security cloud can mean for your organization’s cloud-first initiative. You can read it here in our white paper, The Definitive Guide to Branch Transformation.
Read all the blogs in this series on the five key requirements for branch transformation:
Jen Toscano is Sr. Product Marketing Manager at Zscaler.