Cebu Pacific Air
Blocking threats at scale and improving user satisfaction
NOV delivers technology-driven solutions to empower the global energy industry. For more than 150 years, NOV has pioneered innovations that enable its customers to safely produce abundant energy while minimizing environmental impact. Their mantra: NOV powers the industry that powers the world.
Reduces number of cyber events by 35x
Gives employees and contractors direct, policy-based WFA access to 7,500+ apps
Shrinks machine reimaging from malware to effectively zero
Saves millions of dollars by eliminating hardware and simplifying security
Simplifies security administration with policy-based controls
Establishes identity-driven zero trust security foundation
A large enterprise with a hybrid network requires modern technology to secure it. Zscaler’s zero trust architecture for building a security service edge (SSE) ecosystem is second to none.
VentureBeat: Zscaler bets on generative AI as future of zero trustRead the Media Article
The critical zero trust component you may be missingRead the Blog
NOV’s transformation to cloud and zero trust, extended cut
Looking past the old world of IT to help your company thrive
Cutting endpoint reimaging to near zero with Zscaler
As a supplier to the global energy industry, NOV’s revenue is inexorably tied to fluctuating global commodities markets. A long period of depressed oil prices forced NOV Chief Information Officer, Alex Philips, and his team to begin a digital transformation journey. This was the only way to reduce the burden of legacy technical debt and historically high costs while simultaneously providing greater agility and more robust security for their global organization.
“Like many enterprises, our legacy IT environment with a castle-and-moat security model was expensive and not flexible enough for our increasingly mobile and dynamic business,” said Philips. “We needed to reduce cost, improve security, and make life easier for both our users and IT administrators without disrupting the business.”
“The old network perimeter model doesn’t work in a hybrid world,” concurred Chief Information Security Officer John McLeod. “So, we began to look at migrating key security technologies to the cloud and ultimately moving to an identity-driven security perimeter.”
Rather than “cloud first,” NOV takes a “cloud smart” approach, moving to the cloud where and when it makes sense, on the company’s terms. The first step was to transition its workforce to Microsoft 365 (M365) and implement the cloud native Zscaler Zero Trust Exchange and its Zscaler Internet Access (ZIA) service for safe, fast access to M365 as well as other SaaS applications and the internet.
ZIA helped accelerate NOV’s M365 rollout and, since Zscaler peers with Microsoft globally, improved users’ experience dramatically. It also provided critical security stack functionality, such as comprehensive inspection of incoming and outgoing TLS/SSL-encrypted data, URL filtering, sandboxing, and data loss prevention. With this extra protection, NOV experienced 35 times fewer security events.
The ability to inspect encrypted traffic in a manner approved by NOV’s Legal department was especially important. “With our previous secure web gateway, we hadn’t been able to obtain approval from Legal for SSL decryption,” said McLeod. “But when we returned to Legal with ZIA and showed that its SSL decryption doesn’t allow access to the data, they approved it within the first five minutes of our conversation.”
NOV is also selectively deploying Zscaler Browser Isolation to provide additional protection from threats. As web traffic traverses the Zero Trust Exchange, Browser Isolation isolates it in real time, transforming web content into a safe flow of pixels streamed to the user. One of the main use cases is to isolate traffic to and from personal email sites. Employees can then access personal email without exposing the company to any phishing threats embedded in their email.
The functionality can also be used to give immediate internet access to employees in newly acquired companies or to web pages that are neither known malicious nor approved. “I’m a big fan of (Cloud) Browser Isolation,” said McLeod. “I want to deploy for all categories that present a risk to NOV.”
The hardware savings were massive for us… ‘appliance hell’ is gone.
To reduce data center traffic and secure remote access to internal applications, NOV began rolling out Zscaler Private Access (ZPA) to give users fast, direct, policy-based access to applications without having to place them on the internet.
That rollout proved fortuitous when the COVID-19 pandemic hit. “I was able to go to my leadership team and say that if all 27,500 of our users needed to work remotely, they can do it,” recalled Philips. “They were absolutely stunned. … Zscaler was able to adapt quickly and increase capacity to more than satisfy our needs.”
ZPA worked so well, and users preferred it so much over other legacy VPNs, that NOV ultimately consolidated most of the VPNs across its global enterprise to provide easier yet more secure access to thousands of legacy, custom, and COTS applications.
By this time, NOV had saved millions of dollars in security equipment hardware. “The savings were massive for us,” confirmed Philips. “There is no end-of-life. No upgrading and patching. Zscaler handles it for us. The team can now focus on other transformation projects… ‘appliance hell’ is gone.”
By utilizing the Zscaler Zero Trust Exchange, NOV was able to move its 500+ facilities away from a legacy hub-and-spoke MPLS network to direct internet connections secured by ZIA. “On average, we increased speed by 10x-20x, reduced latency to critical SaaS apps, and slashed cost by over 4x. This is truly a win, win, win situation,” said Philips. Annualized savings from just the network circuit changes have already achieved over $4.5m and the transition is only 75% complete.
NOV also saves in other ways. For instance, the company once had to reimage an average of 100 machines each month due to malware infections that slipped past our legacy defenses—a huge waste of resources. Now, the company effectively performs zero reimages in a typical month. Policy-based controls also simplify security administration and systems management.
Our secure digital transformation has made NOV’s business a lot more agile, saved millions of dollars, and reduced our cyber risk.
By implementing the Zero Trust Exchange with ZIA and ZPA, NOV’s IT team bolstered security, empowered employees and third-party contractors to work from anywhere, and helped propel NOV’s digital transformation to the next level: zero trust.
“We decided to go ‘all in’ with Zscaler and zero trust,” noted McLeod. “A large enterprise with a hybrid network requires modern technology to secure it. Zscaler’s zero trust architecture for building a security service edge [SSE] ecosystem is second to none.”
Since no single vendor can meet all zero trust needs, seamless integrations are paramount. For NOV, integration with Okta and SentinelOne was especially important. “Zscaler, Okta, and SentinelOne are all key components in our security stack that help us advance our overall security posture and zero trust strategy,” said McLeod.
NOV integrated the Zero Trust Exchange with Okta to authenticate users and is planning to use the Zscaler Identity Proxy and Okta for conditional access to NOV resources. The conditional access policy engine is a key component on the zero trust journey.
The company deployed the Zero Trust Exchange with SentinelOne DataSet log management and analytics for additional visibility and threat hunting across network and endpoint activity. NOV also plans to have ZPA check for the presence of the Singularity XDR agent when it assesses device posture.
We’re extremely excited about all we’ve accomplished and what the future holds for our zero trust journey. Zscaler will play a critical role...
After the success of ZIA and ZPA, NOV decided to take advantage of additional services available on the Zero Trust Exchange. With just a click of a button, the company activated the Zscaler Digital Experience (ZDX) service to proactively detect and accelerate resolution of user access issues. With ZDX, an NOV support person can immediately see, for instance, whether a user’s connectivity issue is caused by a local WiFi connection, regional ISP trouble, or a problem with the application itself, so they resolve the issue quickly.
Thanks to ZDX, NOV was able to quickly pinpoint performance issues for some of its key SaaS applications. The data provided by ZDX even helped the company hold the SaaS vendors more accountable to their SLAs.
The company also deployed Zscaler for Workloads, which comprises Posture Control and Zscaler Workload Communications for cloud security posture management (CSPM), secure app-to-app access across clouds, and identity-based microsegmentation. “Zscaler for Workloads gives us visibility into our multicloud environments,” said McLeod. “It discovers vulnerabilities and makes recommendations that help us prioritize remediation activities.”
“Our secure digital transformation has made NOV’s business a lot more agile, saved millions of dollars, and reduced our cyber risk,” said Philips. “I can proudly say we are overachieving on our zero trust goals.”
NOV is continuing to push forward into new phases of its zero trust transformation, including using the Zero Trust Exchange to “go dark” with additional applications and deploying Zscaler Branch Connectivity, which extends the direct-to-application zero trust access of ZPA from individual users to entire offices.
“We’re extremely excited about all we’ve accomplished and what the future holds for our zero trust journey,” concluded McLeod. “Zscaler plays a critical role in that transformation.”