Enterprise organisations are embracing the cloud as the preferred delivery model for new applications and services, moving from traditional on-premises applications to software as a service (SaaS). Increasingly, though, whilst organisations recoup many of the benefits of moving to a cloud model, there are often unforeseen consequences when it comes to the network’s ability to cope with new requirements imposed by this transformation.
As a specific example, Microsoft Office 365 has taken the market by storm, seeing massive growth in deployments over the last 12 months. Indeed, we are seeing 525 TB of Office 365 traffic traverse the Zscaler cloud platform per month. Based on our experience, an Office 365 deployment results in an average increase of network traffic by 40 per cent, which can lead to higher latency for users and therefore a desire for higher capacity, as well as difficulty in configuring consistent policies. After all, businesses are used to accessing Office programs over a dedicated WAN, but now these apps have moved into cloud data centres that could be thousands of miles away.
Organisations need to ensure that they can prioritise business-critical apps like Office 365 from a bandwidth perspective over less important, bandwidth-hungry services, such as YouTube. We have seen instances where the contention for bandwidth increased due to capacity limitations brought about by the implementation of Office 365. The resulting network congestion has an adverse effect on end-user satisfaction and even the acceptance of cloud-based applications.
Legacy networking technologies like MPLS are ill-suited to this new environment of digital transformation, with many of them too slow (due to the high latency imposed by tromboning traffic through central locations) and too expensive. Our customers who have deployed Office 365 find they can reduce MPLS costs and provide a much better user experience by going through local Internet breakout points where the traffic is secured via the Zscaler Internet Security Platform. Such an approach obviates the traditional hub-and-spoke network setup for securing application traffic via appliances at a headquarters office.
The need for a local breakout point, or hybrid WAN, model is particularly relevant for multinational companies. Often, these organisations are running operations with a high number of subsidiaries around the globe, which are subsequently reliant on highly centralized company IT infrastructure. The growing adoption of cloud solutions is contributing to increases in overall WAN traffic, whilst much of it is Internet-bound. Consequently, this leads to congestion on the WAN infrastructure, with all traffic backhauled to a single regional Internet gateway (e.g., for EMEA, the Americas, and APAC). Such a setup has serious capacity constraints and cannot support the Internet bandwidth necessary for Office 365 implementation.
The solution to the challenge is available via a secure, hybrid network model, which can improve performance while guaranteeing a safe Internet experience, without the need for adding security appliances. Zscaler’s cloud-based Internet Security Platform provides a streamlined migration path towards a hybrid WAN/Internet network model, while adding security functionality at a reduced total cost. With such a topology, the company’s Internet traffic no longer has to be backhauled to regional data center hubs for appliance-based security scanning, and is therefore saving considerable MPLS traffic. This rationalization effect combined with Zscaler’s bandwidth control capability lays the foundation for a successful Office 365 implementation, as it guarantees the necessary speed of access for a positive user experience.
Zscaler customer examples show the importance of predetermining how well a network can cope with an Office 365 implementation, and taking a proactive rather than reactive approach. Furthermore, because Zscaler provides the ability to implement a consistent centralised policy model, it simplifies security policy. Take for example the number of firewall rules that need to be managed in a typical setup, when firewalls need to be manually administered in branch offices. The number of rules can quickly amount in the hundreds in order to provide the coverage necessary to support all of the destination hosts. That change-control headache and administrative burden belong in the past and a cloud-based security solution can put them (and keep them) there.
View the webcast, Office 365 is all the rage – but is your network ready?
Read the Office 365 white paper