What We Learned at RSA
With RSA ’17 in the rearview mirror, and our tchotchkes (yeah, I had to look it up) collecting dust, it’s time to reflect on some lessons learned. The Zscaler team sought to take the pulse of RSA visitors to learn what they’re facing in their environments and what’s keeping them up at night. While visitors queued at our t-shirt station, we conducted a short survey that uncovered some tidbits worthy of sharing.
First up, we asked visitors how the great next-generation firewall experiment is going and the state of their remote access capabilities.
As it turns out 61% have NOT deployed NGFW appliances in branches due to cost or complexity. With appliance solutions at every turn in the RSA exhibit hall, it’s no surprise customers are leery of increased appliance sprawl. It adds to cost and complexity, and just isn’t any fun to manage. Many are also aware that deploying only a firewall in the branch will not give them the same protection results as backhauling traffic to a centralized gateway stacked with appliances.
A surprising 43% rely on AV or have no security controls in place for devices that are outside the security perimeter. I should have expected this, but trends like this still get my goat. Come on, people. At the end of the day, security is always about the weakest link. Traffic from these devices goes through stacks of appliances when connecting from the office, but nothing at all when connecting from the outside world. Knowing that these devices will invariably connect again to the corporate network would seem to be inviting trouble.
The answers to these questions about VPNs and about NGFW in the branch underscore what we’re hearing at Zscaler. There’s a need for our cloud security, which is delivered as a service, because it provides airtight protection that’s always there, even when the VPN isn’t. And because it’s in the cloud, there’s no management overhead and complexity.
Next up, we wanted to explore the concept of the “Internet-only” branch. If you’re unfamiliar with the concept, we’ve got a great webcast that you can check out. In short, the idea is to use the Internet as your network in order to cut costs on networking gear and infrastructure.
60% told us appliance cost and lack of security controls are barriers to moving from MPLS to Internet-only branches. This stat isn’t that surprising given the fact that it’s very difficult to replicate your appliance security stack at every branch location.
The feedback was 40% say reducing MPLS cost and network simplification are primary drivers for SD-WAN. We can also see from our survey that slightly more than half of our respondents were not yet familiar with the advantages of SD-WAN for enabling the Internet-only branch. However, the other half is clearly tapped into a fundamental transformation happening within IT. While the potential is there to radically change the way IT delivers services, it’s critical for strong and flexible security controls to come along for the ride.
77% responded that hub-and-spoke architectures will be relevant for a few more years, but better architectures are already available. This response supports what we hear from our customers every day. The way people work has changed. Users are increasingly connecting to applications and data in the cloud. Traditional network architectures are fading fast, and the Internet has become the new network.
The question for IT becomes: How do you control the Internet if you don’t own it? Since the Zscaler security cloud is everywhere, positioned between every user and the Internet, it closes security gaps created by mobility and cloud computing. By virtue of our global scale, we’ve really delivered a true secure Internet gateway that can inspect every byte of traffic coming and going, even if it’s encrypted. Zscaler cloud security delivers all the services you need — firewall, sandboxing, URL filters, SSL inspection, and the rest — in a unified platform built from the ground up for performance and speed.
Which brings us to our last question:
We all know that dealing with security and network performance issues can be stressful. And we know many IT professionals out there have heard from their users: “Why is my home Internet faster than my work Internet?” To gauge the severity of the problem, we asked visitors if there were certain things they would give up in exchange for fast, secure Internet and cloud access. The results speak for themselves.
But Zscaler has good news. You can deliver fast, secure Internet access without giving up a thing. With Zscaler, you can keep and enjoy your coffee, as you add layers of security that protect all users, on the network and off. With local breakout from your offices to our cloud, you can increase network performance, streamline user policy control, and extend threat visibility. Zscaler enables you to easily scale security, applications or services as your needs grow, or phase out aging infrastructure. In short, you’ll add simplicity to what has always been a stunningly complex job. (But for the 10% of you out there, do us a favor and call today. You shouldn’t have to live like that.)