From supply chain issues and inflation challenges to mere competitive pressures from other organizations, the last two years have highlighted the need for businesses to reduce their costs.
These recent times have placed extra financial stress on businesses of all sizes—but particularly so on small- to medium-sized enterprise and commercial organizations that lack the financial bulk of larger corporations like those named among the S&P 500. As such, it is imperative for these organizations to embrace the cloud, digital transformation, and remote work, all of which have proven to be effective for reducing cost and complexity in the enterprise.
However, clinging to legacy, perimeter-based security solutions during such a transition can counteract the desired cost and complexity benefits. If organizations don’t transform their security and instead try to force-fit legacy security approaches in the cloud-first world, cost and complexity will increase, and improper defenses that aren’t designed for modern security needs will lead to poor data and threat protection. This is exacerbated by the current economic situation compelling organizations to reduce their IT budgets, which also impacts their ability to respond to cybersecurity threats (with breaches leading to additional costs detailed further below). These challenges are particularly true under expensive legacy architectures that rely upon appliances with high upfront CAPEX investments.
Fortunately, the adoption of a zero trust architecture guards against the above issues. It stops costly breaches and decreases risk while providing companies with reduced complexity, a better user experience, and other benefits resulting in improved economic value. This means that organizations don’t have to choose between better cybersecurity and lower costs—they can do it all with zero trust.
So, what is the difference between these two architectures?
The legacy, perimeter-oriented approach, also known as castle-and-moat security, was designed for an era when users, apps, and data were on premises. Because the network was where everything happened, efforts were focused on securing access to the corporate network as a whole. Unfortunately, once entities made their way onto the network, there was little to no protection against lateral movement across resources (meaning that the scope of breaches could easily balloon). For users to receive protections, they had to be connected to the network, where security was enforced. Unfortunately, this architecture involved tools like VPNs and firewalls, which could be identified on the web and made to serve as an effective target for malicious actors.
A zero trust architecture, on the other hand, recognizes that users, apps, and data have all left the premises and the network. So, instead of connecting entities to the network as a whole (which would allow them to access all of its connected resources), zero trust security connects entities to specific apps and resources according to the principle of least-privileged access, whereby users can only connect to the resources for which they have authorization, at the moment they need access. This architecture delivers security as a cloud service (avoiding upfront CAPEX costs), from as close to the end user as possible, rather than shackling security to the network, and ensures that resources are hidden behind a zero trust platform to eliminate the attack surface.
Below are some examples of how perimeter-based security architectures (along with VPNs, firewalls, and other legacy point products), increase cost and complexity—as well as how zero trust can help.
Armies of appliances
Legacy security architectures require the use of numerous security appliances, which are expensive to purchase, deploy, and maintain—regardless of whether they are physical or virtual appliances. As organizations grow, supporting and protecting growing numbers of users and office locations requires more and/or upgraded appliances, the costs of which quickly add up. These financial drawbacks are further amplified when organizations attempt to embrace secure remote work by purchasing additional VPN appliances, or try to secure cloud applications and workloads by deploying additional virtual firewalls. In general, tying security to the network and attempting to establish a safe (ever-expanding) perimeter with a large (ever-growing) number of appliances is not an ideal strategy.
As described above, a zero trust architecture is one in which security is decoupled from the network and traffic isn’t forced through the stack of perimeter-focused appliances therein. Instead, zero trust vendors deliver security as a service via the cloud. This means that the enterprise has no appliances to purchase, deploy, maintain, or manage. Rather, the zero trust vendor is tasked with ensuring that their services are performant and scalable for their customers. As a result, appliance-based costs are reduced with a zero trust architecture. Additionally, reliance on costly private networks is minimized because traffic is sent to the vendor’s security cloud and doesn’t have to be routed to the network for security.
Performance and productivity
As was alluded to above, traditional security architectures lack the ability to scale quickly with growing global workforces and growing traffic volumes. This is because appliances have static capacities to service fixed numbers of users. As such, organizations with a traditional architecture often have to choose between overprovisioning (which leads to appliances having unused capacity) or accepting a lack of scalability (which entails throttled performance and hampers user productivity when more traffic is funneled through appliances). Both alternatives fail to benefit the business when it comes to cost. This isn’t even to mention the performance and user experience challenges that arise when security is tied to the data center and distant users have traffic backhauled to a stack of appliances before reaching their end destinations on the web; this also leads to foregone productivity and cost.
Relying upon a zero trust security cloud, rather than backhauling traffic to a fleet of rigid appliances (whether physical or virtual), ensures optimal performance, scalability, and user experience, all of which amount to decreased cost. When an enterprise experiences mass hiring, a surge in user traffic, or a shift in where users are geographically located (for example, away from HQ), the vendor’s security cloud has the global scale and scope to handle the changes without any issues (provided their infrastructure is mature enough to do so).
When security is received from a patchwork of legacy point products with separate dashboards and interfaces, it leads to multiple challenges. Duplicating or creating net-new policies across such solutions unnecessarily burdens administrators. Additionally, having to dedicate existing resources or hire and train new team members to deploy, maintain, and manage legacy solutions is costly and cumbersome, and often distracts from more important projects. In other words, a complex tapestry of tools increases the burden on IT and security teams and wastes resources. Ultimately, the negative effects eventually reach the end user, as passing traffic through several solutions results in latency and decreased productivity (which also creates added costs for the enterprise).
In contrast, a complete zero trust platform is designed to deliver comprehensive security across the entire IT ecosystem through one offering with one admin interface. As a result, less upkeep is required, duplicating policies becomes a thing of the past, and administrator time (and the business’ money) is saved. When a zero trust platform can perform multiple policy actions in a single scan, organizations can avoid chaining solutions together, which streamlines the user experience while ensuring solid security.
According to the IBM Cost of a Data Breach 2021 Report, breach costs rose from an average of $3.86 million USD in 2020 to $4.24 million USD in 2021, which marked the highest average total cost in the 17-year history of the report. Costs associated with breaches can take a variety of forms; for example, hours of lost time, resources, and productivity for admins and end users, legal fees, ransoms from malicious actors, brand reputation harm that can reduce sales, and hefty fines from noncompliance with government and commercial security standards.
Unfortunately, as organizations undergo digital transformation, they often fail to undergo the security transformation necessary to stop breaches and their associated costs. Legacy, perimeter-based architectures weren’t designed to follow users and data off premises. They only serve to expand the attack surface and allow lateral movement across resources once users make it onto the network. Additionally, their capabilities cannot address modern use cases like the need to scan data within SaaS applications, identify exploitable misconfigurations in IaaS instances, and more.
With a modern zero trust, cloud-based architecture, you can avoid costly breaches and outcomes like compliance violations. As mentioned previously, they are designed to deliver security anywhere around the globe (not just on the network) and scale to the exact needs of the enterprise. When enterprise applications are secured by a zero trust platform, they are rendered invisible to the public to eliminate the attack surface. Because they securely connect entities to individual resources rather than the network as a whole, lateral threat movement is prevented. In addition to these benefits, zero trust offerings are built to address the modern security use cases that organizations must handle if they are to stop sophisticated hackers and ward off potential breaches. This makes them indispensable for reducing costs in the modern cloud era.
Where do we go from here?
The Zscaler Zero Trust Exchange is an integrated platform of services that acts as an intelligent switchboard to secure user-to-app, app-to-app, and machine-to-machine communications–over any network and any location. It empowers customers to embrace a zero trust architecture. Operating across 150 data centers worldwide, the Zero Trust Exchange helps reduce business risk while enabling organizations to realize the promise of digital transformation; including increased productivity, simplified IT, reduced costs, and an increase in business agility.
In a recent ESG study, it was determined that Zscaler provides enterprise customers an average ROI of 139% over legacy security architectures.
To learn more about the ways that Zscaler can save your organization money, download the full ESG report.