Global Beauty Retail Brand Partners with Zscaler to Kick-Start Total Digital Transformation

It all began when a young entrepreneur began distilling botanicals and making all-natural vegetable soaps. In the decades since those first soaps were produced, the resulting company has become a leading international manufacturer and retailer of beauty and wellness products, now representing multiple premium beauty brands across the globe. 

The global beauty retailer recently embarked on a total digital transformation, prioritizing cloud-first technologies to strengthen an omnichannel, customer-centric approach to retail. To ensure readiness for that transformation, company leaders chose to replace existing legacy security infrastructure with a modern zero trust platform.

“An aging infrastructure could not adequately support our evolving cloud-first strategies,” shared the company’s Head of Network and Security Services. “By implementing zero trust security principles, we can continue to innovate the retail experience for customers and better protect our expanding digital ecosystem.”

An outdated MPLS network and legacy security appliances could not support the company's digital transformation goals or mobility needs, so the retailer opted to displace that network with SD-WAN. This pivotal infrastructure refresh presented the perfect opportunity to replace cumbersome legacy security appliances with a comprehensive zero trust platform. 

The company wanted a cloud native, zero trust solution that would seamlessly integrate with its new SD-WAN, securely connecting retail stores and corporate offices. With a range of Microsoft offerings already in use to support cloud-first operations (Microsoft 365, Microsoft Azure, Microsoft Entra ID, and Microsoft Defender for Endpoint), compatibility with Microsoft was also important. Lastly, the global brand wanted a zero trust partner with broad geographical coverage to support the company’s expanding retail presence. 

IT leaders chose the Zscaler Zero Trust Exchange. Zscaler maintains a strong SD-WAN partnership ecosystem, ensuring easy integration between the Zscaler platform and the company’s new SD-WAN approach. Zscaler also offers deep integrations with Microsoft. Most importantly, Zscaler delivers zero trust security from 160+ edge locations spanning six continents—more than meeting the brand’s global reach criteria. 

A phased deployment of the Zero Trust Exchange allowed the company to streamline its security stack, while also ensuring greater protection and consistent performance across users, devices, apps, and locations worldwide. 

“The Zscaler platform is a technically mature, unified zero trust security solution, and deploying the Zero Trust Exchange was a critical step on our larger journey to digital transformation,” said the company’s Head of Network and Security Services.

The global beauty retailer employs a hybrid workforce of 9,000 employees spread across thousands of retail locations and offices. Safely and reliably connecting geographically dispersed employees and store locations to the internet and public SaaS applications was no longer feasible with the existing on-premises proxy and firewalls. “When you need to protect thousands of internet access points, positioning a firewall on each of them is no longer a viable solution,” explained the company’s Head of Network and Security Services. 

The retail brand retired its internet proxy and legacy firewalls, instead deploying Zscaler Internet Access (ZIA). ZIA replaces traditional proxy appliances as a safer way to broker direct-to-internet access. Zscaler delivers security inspection and policy enforcement as close to the end user as possible, eliminating the need to backhaul internet traffic to central data centers for access and security. Multiple point products are no longer required to facilitate security measures because the comprehensive Zero Trust Exchange includes functionality for cloud firewall protection, URL filtering, TLS/SSL traffic inspection, and advanced threat protection. Individual users benefit from secure, reliable, and faster connections to the internet and SaaS applications no matter where they are.

As part of ZIA deployment, Zscaler Client Connector was installed on all end user devices to enable even greater security controls for connectivity with remote employees. Client Connector automatically determines if a user is trying to access the web, a SaaS application, or an internal private application, and then routes traffic to its destination via the Zero Trust Exchange.

“Before Zscaler, our outbound security was a tangle of firewalls positioned around an outdated perimeter. This led to inconsistent connectivity experiences that varied widely across locations,” said the Head of Network and Security Services. “On the Zero Trust Exchange, every user benefits from equally reliable and secure internet connectivity, no matter if they are located in a retail store, a corporate office, or a remote work location.”

Because the company designs, produces, and distributes its products globally, leaders must prepare for security challenges across numerous industry sectors ranging from research to retail. Protecting private resources and proprietary data—including product formulations and customer details—is essential for business continuity. With an increasing number of remote employees, as well as new retail locations, the company wanted an efficient and secure way to connect users to private resources.

Its legacy VPNs did not support the granular private application access policies leadership wanted to implement. Most VPNs operate with an all-or-nothing access approach, lacking the nuance needed for identity-based, least-privileged access. This kind of blanket approach creates a wide attack surface and allows lateral movement across the internal network, increasing the risk of unauthorized access to sensitive information.

The company replaced its VPN appliances with Zscaler Private Access (ZPA). ZPA eliminates the need for VPNs by directly connecting users to only the private applications they are authorized to access, meaning users are never placed on the network. The company’s private applications and data, hosted on Microsoft Azure, are hidden behind the Zero Trust Exchange, making them invisible to threat actors and minimizing the attack surface. Zscaler verifies user identity, device posture, and context on a per-session basis. Full inline traffic inspection and AI-powered microsegmentation eliminate the threat of lateral movement and improve security posture. 

In addition to the critical security gaps inherent with VPN solutions, the user experience is typically poor due to  inconsistent connectivity, latency, and slow application performance, which can frustrate users and increase calls to the IT help desk. Because Zscaler provides secure, direct-to-application connectivity and eliminates backhauling traffic, the daily work experience for employees is fast and seamless. 

“For us, zero trust security is about protecting every resource we have, whether it exists inside or outside of our infrastructure,” said the Head of Network and Security Services. “On the Zscaler platform, we can safeguard all traffic with equally rigorous zero trust processes.”

With outbound and inbound traffic secured through the Zero Trust Exchange, the global brand wants to explore all the powerful features available on the Zscaler platform. “The Zero Trust Exchange isn’t just a collection of solutions, it’s the backbone of our comprehensive digital security ecosystem,” the Head of Network and Security Services said. “We intend to leverage all the capabilities that Zscaler offers.”

Implementing Zscaler Digital Experience (ZDX) will enhance global user experience by providing comprehensive end-to-end visibility, from user to application, simplifying monitoring across diverse devices, networks, and applications. Leveraging AI-driven root cause analysis, ZDX will expedite the IT team’s ability to identify and address performance issues. Additionally, integrated reporting dashboards will offer deeper insights into platform usage across global operations.

Making use of Zscaler Cloud Sandbox will provide greater protection against threats like sophisticated malware and zero-day attacks. The Zscaler sandbox is the world’s first inline, AI-powered malware prevention engine. Zscaler automatically detects, prevents, and intelligently quarantines unknown threats and suspicious files, even threats hiding in encrypted traffic. 

“Bad actors are using AI-powered threats to try and outsmart common security measures,” said the Head of Network and Security Services. “Zscaler technology is keeping our brand safe from those bad actors by using the power of AI to identify and eliminate the most sophisticated cyberthreats.”

The company’s products can be found in 90 countries As the global brand continues on this growth trajectory, Zscaler technology will help simplify and expedite the integration of new entities into the established security infrastructure. Because Zscaler operates the world’s largest inline security cloud, the Zero Trust Exchange can automatically scale to support expanding volumes of traffic and users, regardless of location.

Since deploying the Zscaler platform, company leaders are pleased with the notable improvement in security, speed, and reliability at existing retail locations. Using previous legacy security solutions, a brand store in Spain, for example, would have internet traffic backhauled to a data center in North Europe. With Zscaler, that same Spanish store now has direct internet access protected from a Zscaler edge location in Spain, ensuring faster and more consistent connections. 

The improvement in performance at existing stores illustrates how transformational the Zscaler platform could be during future expansion efforts, whether adding new retail locations or newly acquired brand partners. “As the brand continues to grow, we will be able to better support those efforts using the Zero Trust Exchange,” said the company’s Head of Network and Security Services. “The scalability of the Zscaler platform gives us the flexibility to expand with agility while also maintaining our security edge.”

The global beauty retailer has leveraged Zscaler technology to overhaul its legacy network and security infrastructure, streamlining a heavy tech stack and significantly reducing total cost of ownership (TCO). Using the Zscaler platform with a more modern SD-WAN approach, the company has eliminated its reliance on an expensive legacy MPLS network. For a global brand of this size, an MPLS network could cost in excess of €1 million per year. 

The company has also successfully retired previous legacy security solutions, instead relying on the multitenant Zero Trust Exchange. Eliminating multiple security point products adds to the TCO savings. 

Despite a streamlined technology infrastructure and reduced security spend, the retail brand has actually achieved a more robust security posture since deploying the Zscaler platform. In a recent quarter, Zscaler processed 4.9 billion transactions and 530 TB of traffic for the company, preventing nearly 64 million policy violations and blocking more than 95,000 security threats. Nearly 87,000 of those threats were hidden in encrypted traffic where previous legacy solutions would have struggled to detect them. 

Because Zscaler automates these mitigations, the company’s IT team can spend less time focused on managing security and more time devoted to delivering exceptional customer experiences across the globe. “From day one with Zscaler, I knew we had greater security for users, devices, and apps at every location,” shared the brand’s Head of Network and Security Services. “This confidence allows us to focus more fully on the customer experience because we know we have greatly improved the staff user experience.”

As the global beauty retailer continues to advance its cloud-first goals, leaders anticipate a lasting partnership with Zscaler. “Zscaler has been such an essential partner on our digital transformation journey so far,” shared the company’s Head of Network and Security Services. “I honestly can’t envision any future efforts that don’t include expanding our Zscaler platform.”

Additional Zscaler solutions the company may consider in the near future include Zscaler Data Security to strengthen data loss prevention efforts. Zscaler Data Security could help the retailer identify sensitive information wherever it goes, providing better visibility around data exposure risk across the company’s systems, providing even greater protection for proprietary company information and confidential customer data.

At present, the company continues to focus on navigating digital evolution with the Zero Trust Exchange as its north star. “The progress we’ve made towards our cloud-first digital transformation goals has only been possible because Zscaler is protecting our employees, customers, and data,” concluded the brand’s Head of Network and Security Services.