Why branch transformation starts with comprehensive cloud security
A transformation is, by definition, a major change. Incremental steps, like adding the latest appliance to the stack or moving certain capabilities to VMs, can no longer meet your organization’s needs in a cloud-first world. That’s why you’re embarking on a new approach, a transformation, from the old world in which you backhauled branch traffic through centralized security controls, to a new world in which you can provide fast, secure, local access to all your branches.
Whether your organization has thousands, hundreds, or dozens of branch locations, there are five critical elements of cloud security that will help you to efficiently transform your branches and secure all your direct-to-internet traffic. They include: comprehensive security platform, proxy-based architecture, global cloud, visibility and management, and elastic scalability. In this blog, I’ll describe a comprehensive security platform and what it can do for you.
Comprehensive means complete. Unlike the standalone devices of the old world, comprehensive security describes a unified platform with all the technologies and features you need to robustly secure your branch internet breakouts.
It’s not about a checklist of capabilities. At heart, it’s about resolving a major security policy problem: How do you ensure that all the security controls you need are uniformly applied to all users in all branches—even if it’s a site with one person?
What the cloud replaces is the legacy approach of using stacks of security appliances at each internet access point. Sometimes the appliances have been physical boxes, sometimes virtualized, or perhaps a mixture. The costs of deployment, management and updates, and constant refreshing of old gear sometimes meant juggling policy priorities versus available resources. Configuration polices often varied between different gear at branches, which complicated enterprise enforcement. Maybe smaller branches got a budget haircut—and less security as a result.
Gambling on security policy is a huge risk! We are in the era of zero-trust networking. Since the internet has effectively become the new transport network for every organization, the policy should be to secure every user with equally robust controls.
All of this is possible with a simpler, more cost-effective, and more secure approach built on a global, multi-tenant 100% cloud architecture. That architecture represents the foundation for transformation.
The technical process used by Zscaler’s cloud approach is to inspect 100 percent of internet and cloud-bound traffic, including all ports and protocols. Everything includes protocols like DNS, HTTP, HTTPS, video, and SSL/TLS-encrypted traffic. Pervasive port scanning is necessary, because apps like WebEx, Box, and Dropbox use ports beyond the usual 80 and 443. Comprehensive visibility is essential for identifying threats and enforcing policy.
Security is fully integrated with internet access services and includes cloud-delivered firewall, sandboxing, IPS, and advanced threat protection. Comprehensive protection like this made available for all users and branches is only possible with the cloud.
You may be thinking, “Sounds great, and I know it’s important to inspect encrypted traffic, but even our virtualized firewall appliances throttle performance under that load. Users would rebel at that experience!” And this perception would be accurate with legacy box approaches.
With the comprehensive cloud-based approach by Zscaler, the dilemma of security vs. performance disappears. With Zscaler, there is no performance hit for inspecting all traffic. But there’s definitely stronger security for everyone.
To learn more about transforming your branch connectivity and security with Zscaler, check out our white paper, The Definitive Guide to Branch Transformation. In the coming weeks, we’ll continue this discussion of the critical elements of branch transformation.
Jen Toscano is Sr. Product Marketing Manager at Zscaler.