- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Success Stories Hear first-hand transformation stories
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Products & Solutions
- Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your OT and IoT Provide zero trust connectivity for OT and IoT devices and secure remote access to OT systems.
- Products Transform your organization with 100% cloud-native services
- Solutions Propel your business with zero trust solutions that secure and connect your resources
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possibleGet StartedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow DeploymentGet StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Platform
- Platform Overview Unified platform for transformation
- Capabilities Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformationLearn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant LeaderRead ReportZscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE) New Positioned Highest in the Ability to Execute
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Security Assessment Toolkit Analyze your environment to see where you could be exposed
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
- Ransomware ROI Calculator Assess the ROI of ransomware risk reduction
- Training and Certifications Engaging learning experiences, live training, and certifications
- Customer Success Center Quickly connect to resources to accelerate your transformation
- Customer Success Stories Hear first-hand transformation stories
![Customer success center]( "Customer success center")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
- Events Upcoming opportunities to meet with Zscaler
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, photos, logos, and other brand assets
- News and Press Zscaler in the news
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
-
Zscaler Cloud Platform
Five ways to make Office 365 the catalyst for network transformation
(This article originally appeared last month in Forbes.)
Office 365 doesn’t work well in a traditional hub-and-spoke corporate network. There. I said it. If enterprises don’t transform legacy networks to accommodate Office 365, their end users will force them to.
Gartner predicts cloud software revenues to grow more than 17% in 2019. Driving that market surge is end-user demand for SaaS applications, a market category that, according to Gartner, will reach $85 billion in revenues this year. At Zscaler, we have seen Office 365 traffic grow from 2% to over 20% of overall internet bandwidth consumption in enterprises. The previous champion of bandwidth consumption, YouTube, now accounts for nearly 12% of internet usage. The internet is becoming the new corporate network for running mission-critical business applications.
Traditional hub-and-spoke corporate networks were never designed for mobile and cloud-first enterprises. These architectures rely on centralized gateways to connect the internal “trusted” network with the external “untrusted” network (the internet). This worked well when users were on the internal network and applications were hosted within the enterprise. Branch offices were connected to headquarters over expensive MPLS backhaul links. Network security was deployed at the HQ gateway in the form of security appliances like firewalls and proxies that inspected traffic moving between the trusted and untrusted network boundary.
Fast-forward to today. Workforces are mobile and applications are moving to SaaS or cloud. Imagine employees sitting in a Los Angeles branch office for a business headquartered in New York. There is a traditional hub-and-spoke network with an internet gateway at HQ. The business has adopted Office 365. Instead of getting the fast, nimble experience that modern SaaS applications like Office 365 promise, branch-office users get latency and slow performance, as transactions get routed coast to coast to access the internet via New York. Internet-bound traffic volume explodes and so do MPLS costs. SaaS application providers implement agile changes, and IT struggles to keep up with managed gateways and must upgrade appliances running out of juice due to increased traffic.
The fundamental problem here is that a modern SaaS application, designed to be located as close to the user as possible, is bottlenecked by a traditional network that isn’t.
A better network architecture alternative is to give branch offices and remote employees access to the internet and SaaS directly and not via convoluted paths. It's a common-sense approach, but it leads to tough questions: How do you protect it? How do you secure a network you don’t control or manage anymore? How can branch offices and remote employees get the same level of security everywhere while enjoying the benefits of local access?
In this new world, you need to rethink security. You need an approach that is network, device, and cloud agnostic. In the same way Office 365 delivers applications as a service, security should be delivered as a cloud service. In this new architecture, users connect securely to applications using the best possible network. The center of gravity of the application and the security stack that sits between the user and destinations moves to the user. Protecting users and delivering awesome user experience become the primary objectives for IT instead of trying to protect the network and inconveniencing users with a castle and moat at HQ.
So how do you transform your network to a direct-to-cloud model? Here are five steps:
- Revisit MPLS and WAN strategy: Office 365 traffic should travel the shortest path. Is your MPLS forcing unnecessary traffic-backhauling that causes network latency and jitter? That results in degraded performance, especially for latency-sensitive applications like Skype or bandwidth-heavy functions like file-sharing. How many internet egress locations do you have? Microsoft offers dozens of “front-door” locations worldwide. Are your global users able to access all of them?
- Consider SD-WAN: Software-defined WAN simplifies remote connectivity and efficiently connects your branches to the internet and HQ. Businesses that move to a direct-to-cloud network can cut WAN costs. This can result in millions of dollars in annual savings for a large distributed enterprise. Significant capital expenses can be eliminated by not having to frequently upgrade gateway appliances to deal with increasing traffic. Operational costs associated with managing those on-premise appliances are also drastically reduced.
- Simplify proxies and firewalls: SaaS applications constantly update their service IPs, URLs, and port requirements. Office 365 in a traditional hub-and-spoke network environment requires IT to continuously react and update firewall and proxy configurations. That’s costly, error-prone and tedious. Consider automating and simplifying firewall and proxy settings across your organization. A good cloud security gateway can automatically manage this with one-click policies that securely connect a user to a desired application. In addition, it can provide centralized visibility and controls to who accesses what applications.
- Use identity as your perimeter: The internet is your new corporate network. Identity should be your new perimeter. Consider moving to a modern single-sign-on (SSO) identity management system. Leveraging standards such as SAML will allow you to integrate business-critical SaaS applications with your corporate directory. Modern identity providers also support sophisticated conditional-access-based authentication that can enable user access based on device, location, security posture and other attributes.
- Decouple applications from the network: Internal IT applications generally require users to be on the corporate network. Conversely, modern SaaS applications are network agnostic. Consider software-defined perimeter-based modern access systems that securely connect users to internal applications based on policy. Decoupling internal applications from the network they run on vastly simplifies network complexity and reduces your attack surface. It will also make your internal applications agile, giving you the flexibility to lift and shift them from on-premises to cloud.
If you're planning on transforming your network to a direct-to-cloud model, Office 365 can be the catalyst to make that change happen.
More: Learn how Zscaler can accelerate the success of your Office 365 deployment: Zscaler for Office 365
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Amit Sinha is the CTO and Executive Vice President of Engineering and Cloud Operations at Zscaler
Get the latest Zscaler blog updates in your inbox
Subscription confirmed. More of the latest from Zscaler, coming your way soon!
By submitting the form, you are agreeing to our privacy policy.