(This article originally appeared last month in Forbes.)
Office 365 doesn’t work well in a traditional hub-and-spoke corporate network. There. I said it. If enterprises don’t transform legacy networks to accommodate Office 365, their end users will force them to.
Gartner predicts cloud software revenues to grow more than 17% in 2019. Driving that market surge is end-user demand for SaaS applications, a market category that, according to Gartner, will reach $85 billion in revenues this year. At Zscaler, we have seen Office 365 traffic grow from 2% to over 20% of overall internet bandwidth consumption in enterprises. The previous champion of bandwidth consumption, YouTube, now accounts for nearly 12% of internet usage. The internet is becoming the new corporate network for running mission-critical business applications.
Traditional hub-and-spoke corporate networks were never designed for mobile and cloud-first enterprises. These architectures rely on centralized gateways to connect the internal “trusted” network with the external “untrusted” network (the internet). This worked well when users were on the internal network and applications were hosted within the enterprise. Branch offices were connected to headquarters over expensive MPLS backhaul links. Network security was deployed at the HQ gateway in the form of security appliances like firewalls and proxies that inspected traffic moving between the trusted and untrusted network boundary.
Fast-forward to today. Workforces are mobile and applications are moving to SaaS or cloud. Imagine employees sitting in a Los Angeles branch office for a business headquartered in New York. There is a traditional hub-and-spoke network with an internet gateway at HQ. The business has adopted Office 365. Instead of getting the fast, nimble experience that modern SaaS applications like Office 365 promise, branch-office users get latency and slow performance, as transactions get routed coast to coast to access the internet via New York. Internet-bound traffic volume explodes and so do MPLS costs. SaaS application providers implement agile changes, and IT struggles to keep up with managed gateways and must upgrade appliances running out of juice due to increased traffic.
The fundamental problem here is that a modern SaaS application, designed to be located as close to the user as possible, is bottlenecked by a traditional network that isn’t.
A better network architecture alternative is to give branch offices and remote employees access to the internet and SaaS directly and not via convoluted paths. It's a common-sense approach, but it leads to tough questions: How do you protect it? How do you secure a network you don’t control or manage anymore? How can branch offices and remote employees get the same level of security everywhere while enjoying the benefits of local access?
In this new world, you need to rethink security. You need an approach that is network, device, and cloud agnostic. In the same way Office 365 delivers applications as a service, security should be delivered as a cloud service. In this new architecture, users connect securely to applications using the best possible network. The center of gravity of the application and the security stack that sits between the user and destinations moves to the user. Protecting users and delivering awesome user experience become the primary objectives for IT instead of trying to protect the network and inconveniencing users with a castle and moat at HQ.
So how do you transform your network to a direct-to-cloud model? Here are five steps:
If you're planning on transforming your network to a direct-to-cloud model, Office 365 can be the catalyst to make that change happen.
More: Learn how Zscaler can accelerate the success of your Office 365 deployment: Zscaler for Office 365
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Amit Sinha is the CTO and Executive Vice President of Engineering and Cloud Operations at Zscaler