Government Regulator Adopts Zero Trust, Saving Millions While Boosting Cyber Resilience and Efficiency

A centralized, legacy security architecture was impeding efficiency for a government regulator that has an unwavering commitment to the timely administration of justice. The independent organization sets the nation’s standards and mediates disputes which has the ability to impact millions of residents daily.

The regulator’s legacy on-premises architecture, including a web proxy and VPN, was not fully compatible with its hybrid cloud environment. Backhauling branch office traffic created bottlenecks and a single point of failure, while VPNs introduced even more latency for remote workers. Productivity suffered as users fell behind with their work and sensitive data about disputes and upcoming hearings was at risk.

To address these challenges, the regulator made a decision to modernize its network and security architecture with the cloud native Zscaler Zero Trust Exchange platform. 

“We transitioned to Zscaler with clear goals in mind: to provide our employees with faster, more secure access to web and SaaS apps from anywhere, improve visibility and controls to protect vital data and meet compliance requirements, reduce security spend, and enhance our overall cybersecurity resilience,” said the Senior Technical Engineer. “Following a rigorous competitive evaluation of several vendors, Zscaler surpassed our expectations for every use case and fully addressed all national data compliance requirements.” 

The regulator’s on-premises web proxy became a burden in its hybrid cloud environment. Despite the previous vendor’s high-availability promises of the newer secure web gateway (SWG), the appliance was unable to provide timely and reliable user access to critical business apps and the internet. 

“Our previous environment lacked the flexibility, scalability, and real-time visibility capabilities needed for modern and effective cybersecurity,” related the Infrastructure and Security Consultant. 

To make matters worse, the web proxy offered the IT team limited visibility into network activity, making troubleshooting time-consuming and security controls more difficult to maintain. 

“How do you stop a threat if it’s identified 24 hours later?” asked the Senior Technical Engineer. “We simply did not have the visibility we needed to block threats. We realized that only a zero trust approach could provide us with a comprehensive view into our environment.”

A proof-of-concept (POC) with Zscaler enabled the regulator to replace its proxy solution and build out its long-term zero trust strategy.

The regulator launched its zero trust journey by deploying Zscaler Internet Access (ZIA) to provide users with direct connectivity to the internet and SaaS apps based on identity, role, and context-aware policies. Fine-grained access controls prevent attackers from moving freely to high-value targets. By making apps invisible to the public internet and unauthorized users, ZIA also minimizes the attack surface. Additionally, always-on full SSL/TLS traffic inspection detects and blocks hidden malware and prevents exfiltration of sensitive data while AI-powered advanced protection stops phishing attacks, zero-day threats, and ransomware. 

The regulator’s Infrastructure and Security Consultant explained how Zscaler has enhanced the regulator’s security posture: “The zero trust approach ensures that all users and devices are authenticated on a per-session basis before accessing the internet or SaaS apps, reducing the risk of unauthorized access.”

With ZIA, users now have seamless, secure access to authorized resources wherever they work. “With Zscaler, connections to Microsoft 365 and other business-critical SaaS apps are faster and more responsive than ever before. Frustrating connection failures and sustained outages are things of the past,” noted the Senior Technical Engineer. “This has boosted both productivity and user satisfaction across our entire organization.”

The regulator’s on-premises web proxy and WAN links consumed excessive bandwidth and slowed web app performance and internet connectivity, forcing staff to perform workarounds like turning off video during meetings. Moreover, the legacy architecture amplified the attack surface and enabled potential lateral threat movement, potentially leading to disruptive outages. VPN was used by remote workers for access to the internet and SaaS apps, adding even more latency. As a result, it often took as long as a week for employees to catch up on dispute resolution or backlogs. This increased user stress and drove up business costs.

“Our previous environment lacked the flexibility, scalability, and real-time visibility capabilities needed for modern, effective cybersecurity,” pointed out the Infrastructure and Security Consultant.

The regulator’s IT team replaced these legacy systems at regional branch offices with Zscaler Zero Trust Branch and then expanded the deployment to mission-critical sites at large urban centers. 

The regulator’s 20-plus branch offices are now securely connected to the Zero Trust Exchange platform, where AI-powered cyberthreat and data protection policies are enforced. By segmenting each site and each device, the regulator is preventing lateral movement of threats. And users benefit from a consistent, secure, and reliable café-like experience, regardless of where they work.

After receiving comprehensive training on the Zscaler platform, the IT support staff can manage and optimize the new environment effectively, ensuring continuous connectivity to branches and preventing potential disruption to business operations.

“We implemented Zscaler in just four months. In fact, we finished every milestone ahead of time, which built confidence among our IT team,” said the Infrastructure and Security Consultant. “Zero Trust Branch supports secure hybrid work at all our branches. Zscaler has improved our user experience, simplified our network architecture, and strengthened our security posture.” 

Zscaler integrated easily with the regulator’s broader ecosystem, including the Microsoft Entra ID cloud identity and access management (formerly Microsoft Azure Active Directory) and Microsoft Defender for Endpoint detection and response software, enabling threat detection and prevention in real time.

The IT team also integrated Zscaler with SentinelOne, the organization’s monitoring and management tool. Now, instead of the 24-hour delays it had experienced previously with web proxy logs, the team has real-time visibility and controls, enabling security teams to quickly identify and prioritize threats in order to prevent breaches and potential data loss. This supports business continuity and regulatory compliance. 

Looking ahead, the regulator is exploring Zscaler Private Access (ZPA) to provide workers with fast, secure access to its private apps, including its core award management app. ZPA will eliminate the need for a remote access VPN for staff who work outside of headquarters or branch offices. 

Next on the zero trust expansion agenda is deploying Zscaler Digital Experience (ZDX) to proactively monitor devices, apps, and the network. With end-to-end visibility into the regulator’s environment across every region, the IT team will ensure consistent and reliable app performance. AI-powered insights and accurate metrics, will empower IT to proactively and rapidly isolate and troubleshoot issues, pinpointing root causes and resolving them to ensure a streamlined, uninterrupted user experience. 

“ZDX will not only significantly boost productivity, it will decrease the number of help-desk tickets, freeing up the IT team for strategic projects and other business-critical initiatives,” noted the Senior Technical Engineer. 

Zscaler has helped the regulator transform IT and strengthen security controls to provide employees with a better digital experience wherever they work, protect business operations against cyberthreats, modernize its infrastructure to deliver substantial savings, and improve visibility and controls to meet stringent national compliance requirements. 

“Zscaler has significantly enhanced our security posture,” said the Infrastructure and Security Consultant. “The zero trust approach ensures that all users and devices are authenticated before accessing our network, reducing the risk of unauthorized access. In fact, over a three-month period, Zscaler prevented 396,432 policy violations.”

The Senior Technical Engineer added that Zscaler delivered measurable benefits to regulator employees as well: “Zscaler has improved our user experience by up to 30% for both remote and on-premises employees by reducing latency and improving bandwidth usage,” said Senior Technical Engineer. 

Moreover, migrating to a zero trust architecture has provided significant cost savings and operational efficiencies. 

“The transition to Zscaler has resulted in millions in cost savings and avoidance over five years by enabling us to eliminate expensive on-premises hardware and retire the Azure ExpressRoute cloud connector,” said the Senior Technical Engineer. “Improved efficiency and reduced downtime translate into additional benefits for our staff and the people and businesses across our nation.”

Thanks to Zscaler, the regulator has achieved its modernization goals: real-time visibility into user activity, security incidents, and performance issues across all locations, users, and devices to proactively protect the organization and maintain compliance controls. By streamlining and simplifying security and IT operations, zero trust contributes to the organization’s overall efficiency and agility, enabling it to better serve its constituency.

“The simplicity of configuration, comprehensive reporting, and minimal overhead of the zero trust architecture enable the regulator to focus on its mission to serve businesses and the population,” said the Infrastructure and Security Consultant.