Reinventing the Wheel: “Hub-and-Spoke” is Costly-and-Broke for the New IT World
When we launched this blog, I discussed how enterprise security is ripe for transformation. The cloud, mobile and social trends that contribute to our concept of the Everywhere Enterprise are dissolving the traditional network perimeter. However, even as organizations strive to embrace cloud and mobility trends, many remain earthbound by an appliance-based enterprise security model. This is an issue of a myopic vision; by focusing only on solving security challenges, we have witnessed a series of productivity challenges left in their wake.
Today, I would like to focus our discussion on the Zscaler Direct-to-Cloud Network (DCN), which enables enterprises to safely conduct business beyond the corporate network by embracing mobility and cloud; an evolution away from the traditional hub-and-spoke enterprise network and security model. To begin our discussion, we must first understand the current enterprise network is predominantly based on a centralized hub (typically the corporate HQ) with many decentralized access nodes (typically branch offices).
The hub-and-spoke model worked to connect distributed users to proprietary applications hosted on corporate data centers using MPLS backbone. It made sense in the old centralized IT world but it serves as a chokepoint as business evolves to the cloud. The global nature of business requires a global presence, but if all of these global users have to communicate with a central hub before connecting to the Internet, then this “hub-and-spoke” model is neither efficient nor scalable. This inefficiency is greatly compounded by the cloud-based services that so many organizations have deployed in the spirit of productivity and cost savings. The irony of this situation is not lost on me.
We can all relate to the inefficiencies of the hub-and-spoke model when we consider air travel. For example, a flight from Boston to Chicago may have a layover in Atlanta because it is a hub for the airline, turning a three hour flight into a six hour ordeal. Now imagine if every single flight in the US had to transfer through this Atlanta hub. Such an inefficient model would be madness.
However, this madness is exactly what the traditional hub-and-spoke model of enterprise network and security represents to its users. Instead of air travel, suppose a user in San Francisco wants to connect to a cloud-based service; his traffic must first travel all the way across the country to his HQ in New York to be scanned, and then returned all the way back to San Francisco…for every single transaction! The MPLS, bandwidth and backhauling costs for this kind of scanning can quickly add up, especially when multiplied across thousands of users and their mobile devices worldwide. The hub-and-spoke model can directly impede the latency of the service, negatively impacting user productivity and resulting in escalating investments in more solutions to solve these productivity challenges.
When we consider the distributed nature of global organizations and the ubiquitous cloud services its users require, the centralized hub-and-spoke network topology is illogical. Organizations need to embrace a distributed network and security architecture that meets its users in the cloud to enable direct access to their cloud services.
This is the foundation of the Zscaler Direct-to-Cloud Network, a globally-distributed secure cloud network with more than 100 data centers. Zscaler DCN acts like a check post between the user and the Internet such that all Internet bound traffic goes through it, hence enabling businesses to embrace mobility and cloud while enforcing their business policy. As more and more business happens outside the corporate nework, DCN becomes an important part of every enterprise.
Ten million Zscaler users securely access their corporate applications and data, generating 10 billion transactions every day with no noticeable latency via the Zscaler Direct to Cloud Network. That is the power of going Direct to Cloud, and it’s something no hub-and-spoke architecture could possibly do.