Our business has come a long way since its humble beginnings in a tent and bingo hall in 1985. Today, Cache Creek Casino Resort is a premier Northern California casino-resort destination with world-class gaming, a highly rated hotel, nine restaurants, a 700-seat entertainment venue, and championship golf course. But to stay in business and thrive, we still need to keep improving and modernizing our business processes and customer offerings.
Modernizing cybersecurity and business go hand in hand. For us, the COVID-19 pandemic and a cyberattack that shut down operations catapulted security to the top of our modernization priority list. Overhauling remote access became especially critical as employees working off-site had to use extremely cumbersome, hardened laptops that crippled productivity.
To transform secure remote access, we wanted to leapfrog VPN technology, which opens the whole network to employees and has its own useability and administrative challenges. So, we turned instead to the Zscaler Zero Trust Exchange platform, including Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA). By implementing the Zero Trust Exchange, we modernized key aspects of security and fast-tracked business modernization.
Below are a few lessons we learned along the way as we went from searching for a better remote access solution to embarking on a zero trust transformation.
1. Large enterprises and security teams aren’t the only ones who benefit from zero trust
Cache Creek Casino Resort has less than 800 employees, but the move toward a zero trust approach made sense even for a company of our size. The cloud and work-from-anywhere mobility have become requisites we need to embrace; the traditional security model is simply no longer adequate.
As at larger companies, protecting our organization from breaches and malicious cyberattacks is at the core of everything my group does. Taking a zero trust approach improves our ability to protect our data, applications, and employees. With ZPA, for instance, our users now connect directly to applications—versus the network—shrinking our attack surface exponentially and preventing lateral movement.
With the Zero Trust Exchange, we bolstered our security posture significantly, (see our case study), while reducing infrastructure costs and simplifying operations. But security isn’t the only area in which we’ve benefited. Other positive business and workplace outcomes include:
2. Zero trust access helps you hire the right talent
To keep improving our business, we need to hire the right people. Since the resort is off the beaten track, employees have traditionally hailed from a 60-mile radius, much of which is unpopulated. These are terrific, loyal people whose tenure at the company averages 15 years, but we knew we could use an infusion of new and different ideas. We also needed to build out previously understaffed groups, such as IT and marketing.
With the Zero Trust Exchange, we now have the confidence that we can provide a secure on-prem experience to employees no matter where they are located. This capability has empowered us to offer hybrid and work-from-anywhere (WFA) positions, and, as a result, we have dramatically expanded our talent pool.
Consequently, IT and marketing are now on their way to growing 60%. Recently, we hired a critical IT position that will be based in another state. We simply couldn’t have done that before. The ability to work with modern technologies such as the Zscaler platform also helps attract a higher caliber of IT and cybersecurity candidates.
3. As with any technology, ease of deployment and integrations matter
We’ve got a small IT-cybersecurity team, so efficiency is especially critical for us, but every security team can benefit from doing more with less. The more we can consolidate and simplify our overall architecture, the better. That means looking for solutions that play nice with existing tools, don’t require a lot of customization, are easy to deploy and use, and make it easy to add functionality later.
When evaluating zero trust solutions, take the time to understand exactly what’s involved to integrate with your existing tools, such as multi-factor authentication and IdP. One reason we went with the Zscaler Zero Trust Exchange is because the platform includes pre-built integrations with a wide range of our tools, including our MFA, single sign-on, and CrowdStrike. With any other product, we would have to do a lot more work, up front as well as in the future.
With the runner-up vendor, for instance, a ton of customization would have been required out of the gate. Besides the additional hassle and expense, we were concerned that any new future product releases would require customized updates that would force us to delay upgrades or concede features or functionality.
Ease of deployment also led us to the Zero Trust Exchange. In one day, we rolled out both Zscaler Private Access for ZTNA and Zscaler Internet Access as a secure Internet onramp for our users. We continue to tweak access policy, since finding the right balance between leniency and restriction takes time, but deployment of the common agent for both solutions was fast and straightforward.
4. Establish a zero trust foundation that lets you grow easily at your pace
You’re not going to modernize security or complete a digital transformation overnight. If you’re at all like us, you can’t just move off-prem cold turkey. You need to start with a few specific use cases and add others gradually. So, it makes sense to go with a vendor that has a holistic approach to zero trust, one that makes it easier to add functionality when you are ready.
As we move more of our on-prem services to the cloud and use more SaaS apps, our next addition to the Zero Trust Exchange will most likely be its CASB solution. When ready, we can enhance our security service edge (SSE) functionality by expanding the Zero Trust Exchange platform. The Zcaler platform lets us maintain a consistent security posture across both on-prem and cloud and expand our cloud security at a speed that makes sense for us.
5. Assess the vendor’s level of engagement
Zero trust is a completely different security paradigm, so it’s important to select a vendor that can help your organization make the transition smoothly. You want a partner that will be there for you when needed and help you strategize and plan your security roadmap. Look for a vendor that treats you like a Fortune 500 company regardless of the size of your organization.
From day one, the Zscaler team was far more engaged than the other companies we talked to, and they continued to stay highly invested in us throughout the sales and POV process and beyond. The whole deployment process was seamless, including the transition from the sales team to the implementation team, and we’ve been extremely pleased with the support we’ve received since then.
6. Modernizing security helps modernize and grow business
In a few short months, we were able to securely modernize key aspects of our security infrastructure as well as kick-start our workplace modernization, transforming daily the way we work. Since implementing the Zscaler Zero Trust Exchange, we are more productive, efficient, and secure than we have ever been.
We’ve also begun hiring hybrid and full-time remote workers, something that’s not common in our industry. Furthermore, a more robust security posture and a trusted, extensible cloud security platform give us more confidence to push forward with our business modernization goals, such as offering our customers more digital services—like mobile check-in and food and beverage ordering—and expanding our use of the cloud and SaaS applications to further enhance productivity and efficiency.
Years ago, we gladly left behind the bingo hall and tent as we envisioned a bigger, better future. Now we’ve begun the journey to leave behind our traditional security architecture in favor of a better, more secure one based on zero trust.
To learn more, I encourage you to read the accompanying case study about how our zero trust journey and partnership with Zscaler is helping us fast-track modernization for both security and our business.