By: Gerry Festa

Feeling safe is good. Being safe is better.

Why it’s time to rethink perimeter security and break from the old guard.

Building a wall, a ginormous wall, around your network may make you feel safe, but the reality is quite different. Organizations are distributed and their users are mobile. And, applications are moving to the cloud – SaaS and AWS are just a couple examples. So if you’re building a wall, where does it begin and end? Where’s the new network perimeter? And how can you be sure your wall is really keeping you safe?

Do you believe that your wall of security appliances offers adequate protection? Ask yourself this: could you email your executive team, directing them to download a malicious file, and be confident that no harm would come to them (or to your job security)? 

The typical answer is no (typically accompanied by expletives) because:  

  • We don’t inspect SSL. It’s complex and there are budgetary tradeoffs. Our current proxies do SSL, but if we turn it on, performance will suffer and we’ll need more boxes. 
  • Our current proxy and antivirus appliances only block what’s already known to be bad – based on domain reputation and signature match. 
  • Our sandbox can’t quarantine files before they land on a user’s device. It only alerts after the payload has been delivered.  
  • Infected files could be downloaded from a coffee shop, bypassing security controls in the data center or even at a branch, which doesn’t have the same security protections as HQ. 

The enterprise landscape has evolved and security controls need to evolve as well. Continuing to invest massive amounts of money in appliances to build walls (in the manner of the hub and spoke architecture) no longer makes sense.  

The business value of moving apps to the cloud has already been proven. So why not move your security to the cloud as well? After all, the Internet is now part of your network.  

Here are five reasons why some of the largest global brands are moving their security to the cloud: 

  1. Better security – the scale and processing power of the cloud allows inline inspection of all bytes, all ports, and all protocols – including SSL – for all users at wire-rate. Branch and mobile users get the same level of security as those sitting in HQ. 
  2. IT simplification –  there is no hardware or software to deploy and manage. Point products are delivered as platform services. Turning on new services like cloud sandboxing can be done in a few mouse clicks. 
  3. Transformational – route Internet traffic locally while maintaining security controls and slashing your MPLS budget. 
  4. Better user experience – eliminate the latency introduced by each box sitting between your users and the Internet. When you’re deploying apps like Office 365, user experience is a key driver for success.
  5. More value – eliminate the cost and complexity of box management, reduce backhaul costs, and turn CAPEX into an elastic subscription fee.

While the old, worn-out path may be comfortable, it may not lead to you to the future, where agility will be the essential competitive advantage.

Additional Resources:

View the Magic Quadrant for Secure Web Gateways report

Zscaler Security Research

Zscaler Security as a Service

Award-winning Web Security

World’s First Next Generation Cloud Firewall

Sandboxing and Behavioral Analysis

Twitter: @zscaler

Learn more about Zscaler.