MCNC Secures Over 1.5 Million Students and Staff Access from Anywhere with the Zscaler Zero Trust Exchange
A software and IT company specializing in data security, Protegrity secures the privacy of more than one billion individuals. With offices in the U.S., Europe, and Asia, the company offers professional services, software, and support to customers in many industries, including some of the world’s largest retailers and credit card companies.
Saves hours daily for security administration
Uplevels security with zero trust access and security service edge (SSE)
Further reduces risk of data leakage with DLP and OCR
Cuts troubleshooting user experience issues from hours to minutes
Our whole mission is to secure our customers’ data, allowing them to focus on their business, not their data … Being at the forefront with higher level security is important to us, which is why we invested in the Zero Trust Exchange.
Six pieces of advice for your transition to zero trustRead the Blog
To succeed at its business of securing data for its customers, Protegrity knew it needed to embark on a digital transformation. The company’s traditional hub-and-spoke network and castle-and-moat security architecture with VPNs also posed a significant security risk since, once connected, users could access almost anything on the network. In addition, the sluggishness of VPN connections and frequent disconnects caused user frustration and hindered productivity. There was also no way to enforce consistent internet security policies across its global enterprise.
“In short, to succeed at our business of securing customers’ data, we needed to transform our own cybersecurity to enable our employees to access the internet, SaaS, and private applications quickly and securely,” said Leo Lovishchuk, Cloud and Network Service Manager at Protegrity.
As Protegrity considered its options, it realized that a security service edge (SSE)—a solution that bundles secure web gateway (SWG), zero trust network access (ZTNA), and cloud access security broker (CASB) technologies—made the most sense. According to Gartner, by 2025, 80% of organizations buying SSE-related security services will purchase a consolidated SSE solution, rather than stand-alone offerings—up from 15% in 2021.
“Moving to an SSE was important to protect both our users and our assets,” said Lovishchuk. “We wanted an SSE that would let us easily scale, set and enforce universal security policies that apply everywhere, and track user behaviors and traffic across channels. We chose Zscaler because it was a leader in the Gartner SSE quadrant, with the highest ability-to-execute score. Also, our head of information security had had an extremely positive experience with the Zscaler Zero Trust Exchange at another company.”
After a proof of concept, Protegrity rolled out Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) as its first Zero Trust Exchange services across its enterprise. ZIA delivers safe, fast internet and SaaS access from anywhere. ZPA provides fast, direct, secure private application access for all users, devices, and locations.
ZIA reduces what I would consider to be a mostly full-time job to something I do only when I need to. It’s nothing but a dream from a security perspective.
With the Zero Trust Exchange, Protegrity now manages internet security for its entire global enterprise via a single portal and dashboard. “It’s easy to set common policies for all users as well as to make highly granular rules and exceptions,” noted Lovishchuk.
“Zscaler Internet Access also gives us an extra set of eyes on all outgoing traffic, including encrypted, and all ports and protocols, plus the Zero Trust Exchange portal makes tracking logs and gaining actionable intelligence easy,” continued Lovishchuk. As an example, he noted how ZIA logs showed users streaming movies and shows, which led to a conversation with those users and the implementation of controls to limit future use of such services. “Instead of taking several hours to find the problem and resolve it, it took me only five to 10 minutes.”
“ZIA reduces what I would consider to be a mostly full-time job [managing internet-bound security] to something I do only when I need to,” added Lovishchuk. “It’s nothing but a dream from a security perspective.”
Improved productivity and security posture
While ZIA boosted security for internet and SaaS application access, ZPA improved user productivity and upleveled security for access to private applications and applications in the public cloud. Protegrity users can access these resources without the friction of sluggish VPNs and without compromising security or visibility, no matter where they are, whether working at home or on premises.
“With ZPA providing zero trust, direct user-to-application access, our company has a much better security posture and our users have easier, faster access to the resources they need,” said Lovishchuk.” Since they no longer have to deal with the hassles of VPNs and connections are routed through one of Zscaler’s 150 data centers worldwide rather than backhauled to a data center in the U.S., Protegrity users have a better user experience and can become productive more quickly.
To provide an extra layer of protection against a data breach, Protegrity also activated Zscaler Data Protection services within the Zero Trust Exchange. One of the first things the security operations team did after implementing DLP was block access to domain controllers and internet file-sharing services for all but the finance team. Then they created DLP policies to prevent sensitive data from being uploaded to the internet via email or other means.
“After a few short weeks of monitoring and optimizing, we received highly valuable actionable alerts,” noted Lovishchuk. “Zscaler Data Protection has been an excellent resource to help us protect sensitive information and let us see where that information resides.”
We reduce our cyber risk dramatically with direct, zero trust, user-to-application access, and our users get easier, faster access to the resources they need.
According to Anderson, the company considered obtaining data loss protection from other vendors but a key feature that attracted them to Zscaler for DLP, aside from “being part of the Zero Trust Exchange ecosystem,” was its optical character recognition (OCR) capability. “If someone tried to smuggle social security numbers through a JPG image or PDF, Zscaler’s OCR functionality would see that and prevent it,” explained Lovishchuk.
Protegrity also takes advantage of the Zscaler data protection’s adult language filter. The filter prevents employees, while on social media at work, from inadvertently or purposefully expressing words or phrases that could lead to bad publicity for the company.
Protegrity’s developers had been using an on-premises private cloud that had reached end of life. After implementing the Zero Trust Exchange, the company migrated all its development workloads to the public cloud. The company currently has approximately 50 AWS accounts and 400 servers running at any given time across these accounts.
Thanks to the Zero Trust Exchange and Zscaler’s 150 points of presence worldwide, including almost every AWS region, Protegrity’s developers can access private applications, workloads, and other resources within the AWS cloud much more easily. “If developers in India need to access AWS apps, instead of going over the internet and the site-to-site VPN, which travels who-knows-what path, they automatically connect to a Zscaler Edge location that’s closest to them,” explained Lovishchuk. “That means they can start working more easily, securely, and much faster—sometimes even twice as fast.”
With the Zero Trust Exchange, Protegrity’s overall security posture is further enhanced by the ability to enforce least-privileged access and to segment applications in the public cloud. In addition, since only one Zscaler Client Connector agent is needed to access all the company’s AWS accounts, it’s simple for security operations to extend access to new AWS users, accounts, and applications.
ZDX cuts the time needed to diagnose the issue from hours to a couple minutes. And with everyone working remotely, the time savings are even greater.
After the success of using ZIA and ZPA services, Protegrity activated the Zscaler Digital Experience (ZDX) service on the Zero Trust Exchange to accelerate troubleshooting when an employee or contractor experiences challenges connecting to applications or resources. Enabling this new service took “just a click of a button.”
“Today, if a user complains about connection issues, we go to the ZDX portal, locate the user, and look at the metrics,” explained Lovishchuk. “We can pinpoint exactly where the issue is—whether it’s with their ISP or something else. ZDX cuts the time needed to diagnose the issue from hours to a couple of minutes. And with everyone working remotely, the time savings are even greater.”
With the Zscaler Zero Trust Exchange, Protegrity can continue to augment its cloud security and adapt it to meet new business and security needs as they arise. Currently, the company is considering adding ZIA for Workloads to help with compliance initiatives as well as future product offerings.
“Our whole mission is to secure our customers’ data, allowing them to focus on their business, not their data, to pursue positive outcomes,” said Lovishchuk. “We want to practice what we preach. … Being at the forefront with higher level security is important to us, which is why we invested in the Zero Trust Exchange.”