Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Products & Solutions

Pitfalls to avoid while transforming branch office connectivity

image

Does this scenario sound familiar? The board of directors has declared a cloud-first strategy. You like what you hear about direct-to-cloud as being the right way to access apps like Office 365. And you certainly like the idea of migrating apps to public cloud providers like AWS and Azure. Perhaps you can make this cloud vision a welcome reality.

But, similar to any major undertaking, there are dangers waiting to ensnare you as you embark upon your path to branch transformation.

Outlined below are five pitfalls to avoid as you navigate the journey to an internet breakout solution. These will help you address issues around cloud app performance and user experience, while achieving a high level of protection that legacy security solutions cannot match.

1. Relying on regional gateways. Instead of deploying security at every branch, many organizations backhaul traffic to regional hubs or a few data center gateways using Multi-Protocol Label Switching (MPLS). It’s less costly than outfitting each branch with a security gateway, but the downside is a poor user experience from traffic bottlenecks and latency. This model can also complicate privacy and other compliance issues. Instead: use fast, local connections and secure them with a global cloud security service.

2. Believing that virtual appliances equal cloud security. A virtual firewall has the same capacity limits as a physical one, and it will still buckle under the strain of inspecting SSL/TLS-encrypted traffic or added security features. No firewall appliance, physical or virtual, can scale to meet growing traffic demands or the rise in persistent connections of cloud apps like Office 365. Instead: look to a 100% cloud firewall for security that scales.

3. Putting up with security gaps. Your users in branch and regional offices deserve identical security to users at headquarters, with inspection for all ports and protocols, including SSL/TLS, and the full stack of security and access services—sandbox, firewall, advanced threat protection, AV, and the rest. Even so, many branch offices rely solely on UTMs or smaller firewall devices, which are inadequate and leave users, and the entire network, at risk. Instead: protect branch users with comprehensive, cloud-delivered security.

4. Bolting on a proxy. Now that 91 percent of traffic across Google services is encrypted1, SSL/TLS inspection is a must. But most security devices can’t natively inspect SSL/TLS-encrypted traffic. That scenario requires the use of a bolt-on proxy…which means goodbye to any expectation of fast performance. This result is what causes many organizations using appliances to turn off inspection of encrypted traffic—a decision that involves significant risk. Instead: inspect all traffic using security built on a global cloud.

5. Leaving bandwidth to chance. Bandwidth-hungry applications, traffic growth, and the addition of new applications, features, and functions can crush performance and send costs skyrocketing. You must prioritize applications or define traffic limits if you want to keep productivity up. Instead: deploy a bandwidth control solution that lets you prioritize business-critical apps.

You may have noticed that each of these five areas addresses connectivity and security. But in the all-cloud world, the two must go hand in hand. By keeping these issues in mind, your organization’s ability to transform branch office connectivity will be swift and effective: pitfalls successfully avoided.

To learn more about how you can securely route branch traffic direct-to-internet, download our Definitive Guide to Branch Transformation.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.