Three Lessons Learned While Upgrading from Legacy Security to Zero Trust

Forging a new path with zero trust 

At Oxfordshire County Council, our existing network and security infrastructure was nearing end-of-life, and we were at a crossroads. Should we stick with the old way of managing security, and just upgrade to newer versions of, essentially, the same legacy solutions? Or should we embark on a zero trust digital transformation?

We chose to completely rethink our IT environment, leveraging the Zscaler Zero Trust Exchange to simplify our infrastructure, support our cloud-first ambitions, and strengthen our security posture. Today, we are a cloud-first organization operating without the burden of wide area networks (WANs), data centers, legacy security appliances, or multiple point solutions. We enjoy greater agility and simplified security administration without compromising our edge.

Letting go of the old ways and embracing zero trust architecture was an invaluable learning experience. Here are three pieces of advice I’d share with any technology professional considering the switch to zero trust.

Going all in on zero trust

When we deployed the Zero Trust Exchange, we migrated 5,900 users across 144 sites in just one night. I wanted us to be all in on the Zscaler platform, not lingering in a hinterland between legacy security architecture and zero trust architecture.

Why did I have the confidence to make such an all-or-nothing move involving thousands of users across Oxfordshire County? For roughly six months prior to our official migration date, my IT Innovation & Digital Service Team prioritized testing every aspect of the planned migration with a control group of test users.

Oxfordshire County Council is supported by five smaller district councils, so we selected Cherwell District Council (one of the five) as a test group. Working with 450 users across seven sites in Cherwell, we managed a smaller version of the larger migration we eventually wanted to achieve county-wide. We took Cherwell off the traditional WAN environment, removed the legacy security appliances like firewalls and VPNs, and deployed the Zscaler platform. 

We intentionally took this methodical approach to allow exploration of any possible user objections or challenges. At the end of the test deployment, we were armed with proof of concept as well as a matrix of potential deployment challenges that we might encounter as we embarked on the long overdue modernization of our infrastructure. We also had documented solutions for the challenges unique to our old ways of managing security.

A realistic test user group will look different across organizations, as will the time frame you are comfortable with. You’ll need to determine what makes sense in your environment, but before you make the switch to zero trust, make testing the process a priority.

Change can be hard, even for those leading it 

One of the most surprising aspects of our zero trust evolution was the inertia I experienced with some of my technical colleagues. 

After fielding more objections to WAN-free architecture than I was prepared for, I realized radical change can be daunting for anyone—even us technical professionals. Change is a certainty in our industry, but we're still human. And humans find comfort in the familiar. It’s easy to get stuck in the old way of doing things because change can make people uncomfortable. That old idiom “better the devil you know than the devil you don’t” comes to mind.

The outliers on my team struggled with the idea of using the internet as our corporate network, along with ditching data centers and IP addresses to connect users to resources. Zscaler training and education services helped the entire IT team visualize and better understand the changes. Additionally, the team was part of our test user group and experienced the power of the Zscaler platform firsthand. Any technical colleagues who were initially unsure quickly reached their “a-ha" moments. 

Don’t be deterred if there are team members who initially object to removing the legacy architecture they’ve gotten accustomed to managing. Take the time to openly discuss concerns with your technical colleagues, and let the Zscaler support team help you educate them about the way forward. 

If you trust your partner, you can trust the process 

The most profound lesson I learned on our zero trust journey is that zero trust doesn’t include an absence of trust in the process or your chosen partner.

Firstly, I had to trust in my own vision for zero trust security architecture in a WAN-free environment at Oxfordshire County Council. I can’t tell you the number of times others said to me, “You won’t be able to do that!” I’m quite strong-willed, so proving that caution wrong kept me motivated to succeed. I created a technology roadmap that would guide us to holistic zero trust, and I didn’t hold back on advocating for that better way forward.

Secondly, I had to trust Zscaler as our partner to help us put our plan into action. From the Zscaler platform down to the individual experts guiding us through deployment and implementation, every aspect of our zero trust transformation with Zscaler has been outstanding. Zscaler collaborates with their customers, establishing a true partnership. Our customer success team helps us make sure we are using the platform optimally, and advises on features we could be using more strategically.

As we continue our zero trust evolution, Zscaler will remain a trusted partner. If you are considering partners to support your zero trust goals, Zscaler has definitely earned my recommendation. If you’ve made the switch to Zscaler already, keep collaborating with your customer care team, even after deployment, to make sure you are fully leveraging the platform.  

Greater confidence with Zscaler 

Since making the switch to zero trust, we haven’t looked back. In fact, the only thing I might change about our experience if given the chance would be to make the switch sooner. In a world with increasing cybersecurity threats, Zscaler has given us greater confidence and a stronger security posture. 

What are you waiting for?

Check out the full case study to learn more about how Zscaler has transformed security architecture at Oxfordshire County Council.