State Capital Magdeburg
Replacing legacy VPN to enable an efficient, modern hybrid workplace
AMN Healthcare is the leader in total talent solutions for acute-care hospitals, community health clinics, physician practice groups, and many other settings, helping clients optimize their workforce to improve patient outcomes with the most comprehensive network of quality healthcare professionals.
Ensures work-from-anywhere security to support a global workforce
Processes 1.2 Billion transactions monthly through Zscaler
Replaces problematic VPNs, reducing the attack surface and preventing lateral threat movement
Eliminates the cost and complexity of legacy security products for a superior user experience
Improves remote user experience by eliminating traffic backhauls and reducing latency
Accelerates migration of apps to the cloud by integrating security, network, and app transformation
The Zscaler approach is aligned with our overall zero trust philosophy, and the Zero Trust Exchange platform was the embodiment of our vision for a zero trust architecture at AMN Healthcare.
Launching its traveling nurse program nearly 40 years ago, AMN Healthcare has since deployed more than 90,000 clinicians and nurses to healthcare facilities. By implementing innovative workforce management solutions and digital products, AMN has significantly improved the quality of care its clients can provide to patients.
An increase in cyberthreats across the healthcare industry was the catalyst for AMN Healthcare's drive toward a digital-first initiative and adoption of a zero trust security framework. “Hospitals and healthcare providers are vulnerable because of the valuable data they store,” said Mani Masood, Head of Information Security at AMN. “We invest in technical capabilities and cybersecurity so the clients can focus on their patients. In healthcare, the stakes are high, and data is gold. AMN Healthcare's dedication to zero trust means our team members, clinicians, and clients can be unwavering in their devotion to patient well-being.
AMN already had their sights set on a zero trust architecture when the onset of COVID-19 rapidly and radically transformed the global healthcare environment, including an increase in remote work and telemedicine. These industry changes meant that the shortfalls of traditional security models, including legacy VPNs, would need to be addressed.
“Typically, a hospital would have one central ER in a static, physical location,” Masood stated. “During the pandemic, hospitals were running makeshift, overflow ER facilities in parking lots. Suddenly, our clients were staffing, operating, and providing patient care in alternative locations not always suitable for supporting secure IT solutions and applications. The traditional security model was no longer valid.”
Conversations around the advantages of a zero trust architecture had already taken place. This organizational preparedness enabled AMN to pivot quickly mid-pandemic, making their zero trust plan a reality.
What used to take weeks to accomplish with on-premises … can now be achieved in a matter of hours using Zscaler.
AMN had already adopted a cloud enabled and preferred approach. The company was searching for a zero trust partner offering a cloud native security solution that could integrate across multicloud ecosystem. AMN wanted a managed, reliable security as a service (SaaS) platform that could effectively replace decades of legacy systems as well as scale with their zero trust evolution over time.
The Zscaler Zero Trust Exchange™ ticked all those boxes. “The Zscaler approach is aligned with our overall zero trust philosophy, and the Zero Trust Exchange platform was the embodiment of our vision for zero trust architecture at AMN,” said Masood.
With the pressures of a global pandemic also influencing the decision, another important consideration was speed of deployment. “While evaluating Zscaler, we were surprised to learn that the Zero Trust Exchange could be deployed extremely quickly,” Masood recalled. “We could secure our data in the cloud at a speed that would not have been possible using traditional legacy systems.”
Since adopting the Zero Trust Exchange, AMN has deployed a trifecta of powerful Zscaler solutions.
Zscaler Internet Access™ (ZIA™) enables secure and fast internet and SaaS application access for AMN’s 5,000 hybrid employees around the globe. AMN is committed to supporting hybrid work as a permanent way of doing business. Masood explained, “The shift to remote work may have started as a necessity born out of the pandemic, but hybrid working is the new norm.”
Zscaler eliminates the need to backhaul internet traffic through legacy on-premises security appliances. AMN users have direct-to-internet connectivity protected by AI-powered inline traffic inspection, including SSL decryption and threat detection. Because there is no choke point contributing to remote workflow lag, productivity increases. “Zscaler ensures work-from-anywhere security for our globally diverse workforce without compromising performance, individual productivity, or agility,” Masood said.
AMN also helps clients better leverage zero trust to improve security across a variety of healthcare facilities. “We can deploy a secure edge with Zscaler in just about any client environment,” Masood shared. “What used to take weeks to accomplish with on-premises infrastructure and staff support can now be achieved in a matter of hours with Zscaler, without the need to be on-site.”
The [Zscaler] platform is designed to provide end-to-end zero trust security as a pre-integrated, single solution that saves money…
AMN provides thousands of healthcare facilities with innovative digital products. Those clients have geographically dispersed staff networks relying on these solutions to manage sensitive data. That equates to a lot of remote application connection attempts, and any one of them could be a threat.
Traditional VPN appliances don’t support a holistic zero trust architecture because they inherently create backdoor opportunities for threats to enter a network and move laterally therein. “A notification pings in the middle of the night, and I’m staring at a screen wondering if this is a trusted user dispatched to a remote location or a malicious actor trying to gain access to our network,” Masood explained.
As an upgrade from legacy VPN appliances, Zscaler Private Access™ (ZPA™) connects users directly to private AMN apps in the cloud, bypassing corporate networks to keep resources invisible to threats and minimize the attack surface through zero trust network access (ZTNA). The Zscaler solution verifies user identity and contextual factors, such as device security posture, before establishing a connection to internal resources.
Private application traffic is inspected inline to enforce access control policies and actively prevent cyberattacks. In a single three-month period, Zscaler processed 3.8 billion internet transactions for AMN, blocking more than 7 million security threats.
“Zscaler strengthens our security posture by putting AMN applications in stealth mode,” said Masood. “We have a lot of sci-fi fans in our organization, and they have nicknamed the Zero Trust Exchange our cloaking device.”
Providing a seamless user experience for both staff and clients is always top of mind for AMN. Zscaler Digital Experience™ (ZDX™) helps the information security team monitor and optimize the user experience.
Zscaler provides end-to-end visibility from user to application, meaning that Masood’s team can detect and resolve issues quickly—often before an issue can noticeably impact the user. That single end-to-end view also streamlines the monitoring stack, enabling comprehensive visibility across devices, networks, and applications to keep users productive.
Using the same lightweight agent for all Zscaler services simplifies operations and reduces complexity. “Zscaler helps us identify the issues that need to be addressed before they cause disruption to AMN users, so we can ensure a seamless experience from anywhere,” said Masood.
With Zscaler technology, we’ve reached a level of maturity that allows me to plan for tomorrow’s security outcomes…
Masood credits the partnership with Zscaler for making AMN Healthcare’s transition to zero trust straightforward and cost-effective. The multitenant, cloud native Zero Trust Exchange integrates security functions into a single scalable platform, eliminating the need for multiple point solutions. Simplified security operations without legacy infrastructure means that Masood’s team can achieve a greater security posture with less administrative overhead and at a lower cost than traditional alternatives.
“My team no longer has to review logs to manually parse data and determine which events require action,” said Masood. “The Zero Trust Exchange quickly isolates the incidents that need attention, so we can jump straight to the action plan. We are more efficient supported by Zscaler technology.”
About the value of the Zscaler platform, Masood shared, “Balancing outstanding user experience and an affordable cost of security can feel like a fine line to walk. In my experience, most cybersecurity providers are more focused on the technology and less focused on providing that technology in a cost-effective way. Not Zscaler—the platform is designed to provide end-to-end zero trust security as a pre-integrated, single solution that saves money for customers.”
As AMN continues to advance their security maturity with zero trust, Masood envisions a lasting partnership with Zscaler. He has been consistently impressed with the professionalism and expertise of the Zscaler team across every touch point.
“One of the things I’ve noticed in the cybersecurity industry is that, while the technologies can be effective, they’re not necessarily built or deployed with a customer-centric focus. With Zscaler, we not only get an outstanding platform, we get support from the best zero trust professionals in the industry,” Masood shared.
AMN is already planning to deploy Zscaler Data Protection™ to further secure AMN users and mitigate data leakage. With data loss prevention (DLP) and cloud access security broker (CASB) functionality, Zscaler can secure AMN data at rest and in motion across all endpoints, in addition to helping further secure the company’s users, applications, and devices.
Even as Masood expands on the Zero Trust Exchange, adding those additional functionalities, he knows the path to achieve holistic zero trust is clear with Zscaler.
“With the Zero Trust Exchange deployed, I can focus more on the security posture AMN wants to achieve because I worry less about the devices we have on our edge,” Masood shared. “With Zscaler technology, we’ve reached a level of maturity that allows me to plan for tomorrow’s security outcomes because I know today’s details are in hand.”