Why Guild Mortgage Chose Zscalerfor Its Cloud-Based Security and Data Protection

With an explosion of growth, Guild Mortgage needed to build out a security strategy that would be able to absorb continued expansion. In 2017, a security team was formed to focus on identifying pain points and vulnerabilities while building a strategy for mitigation and prevention. Though the company had some security technologies and practices in place for in-office workers, the team quickly found that users were not as protected when they worked anywhere outside the office.

“Guild grew really fast, and if you compare a 400-person company to a 4,000-person company, there’s a big difference in how you do security,” said Jason Thompson, IT Security Manager for Guild Mortgage.

The team set out to implement a state-of-the-art security program that could support evolving business needs that were driven by their aggressive growth strategy. Thompson and his team started by establishing a framework and a phased approach, starting with visibility, to access control, threat prevention, and data protection

“After researching industry standards, we did a kind of gap analysis and said, ‘What are we missing?’” Thompson said. The security team knew it needed a cloud-based solution that could provide SSL decryption and inspection, an intrusion prevention system (IPS), and data loss prevention (DLP) to enable users to work from anywhere.

After looking at several different security vendors, the team homed in on cloud-delivered Zscaler Internet Access™ (ZIA™) and Zscaler Private Access™ (ZPA™) and added both, at the same time, to the company-wide security framework. They were surprised by the ease of use and varied add-on features.

“We were really excited when we saw the Zscaler demos and use cases and, once we got our hands on it, we were even more excited,” Thompson said. “I’ve never come across a product that makes turning on SSL decryption so easy—it just worked. Zscaler’s solution also brought a ton more features than other solutions we demoed. It not only solved the content filtering part of it, it solved for threat protection, and there were more features we could add down the road. So we definitely loved the product.”

An important goal for the security team was to emphasize the importance of security for their growing organization. To make their case for an expansion of the program, they had to build a business case to demonstrate the importance of their security initiatives and inform the C-suite of business risks. “Zscaler allowed us to gain visibility and present data and real-time evidence of security threats to our leadership team,” Thompson said.

Zscaler has helped Guild Mortgage to identify and block several zero day and ransomware attacks while bringing to light phishing attempts that hadn’t been visible before. “Just within the first month, seeing the sheer amount of phishing content that Zscaler detected was eye-opening,” said Josh Pernot, IT Security Engineer for Guild Mortgage.

“Zscaler gave us that visibility and protection to stop incoming threats,” Thompson said. “Right off the bat, we were getting that value. I don’t think we could’ve done it without the Zscaler stack.”

This, in addition to communicating real-world stories of security incidents and their consequences, was essential for Thompson’s team to influence how the business thought about security and motivated the delivery of proactive, preventive security instead of reactionary.

Guild Mortgage has successfully provided visibility and is now controlling access, providing threat prevention, and focusing on implementing a full data protection program delivered from the cloud.

Classifying which data is sensitive lays the foundation of a data protection program that protects the business without being restrictive as to what users can do. “What a company considers to be sensitive data varies greatly between, sometimes even within, organizations. There is no golden rule,” Pernot said. “Zscaler is providing us with the visibility necessary to determine what we really need to protect and how to mature our data protection program.”

“We are already protecting PCI and PII using Cloud DLP and have fingerprinted some of our loan forms, tracking potential data leakage through Exact Data Match (EDM). By having the visibility of what data is leaving our network, we are able to make a case to move from monitoring and alerting to blocking transactions.”

CASB is another area of focus. “Looking at the latest and greatest stuff on CASB, we really like where Zscaler is going with this, so we’re very interested in continuing down that road to build out our data protection program,” Thompson said.

Overall, the Guild Mortgage security team had a positive experience working with Zscaler and deploying ZIA and ZPA. The process was enhanced by a devoted team that wanted to ensure success for the company.

“Zscaler has been very transparent, as far as what their products can do, what they can’t do, what enhancements they’re bringing,” Pernot said. “That transparency has just been awesome, and our regional sales manager has just been great to work with.”

“Overall, the Zscaler platform enables us to be proactive from a security and data protection perspective and easily adjust to evolving business needs, specifically in today’s environment with applications in the cloud and users accessing them from anywhere.”