Traditional network security made sense when all your applications were hosted in the data center and users were all on the network. But with apps moving to the cloud, and users increasingly mobile, the stacks of appliances sitting in the data center are increasingly irrelevant. This model forces all traffic through the centralized data center for security and access controls—a complex configuration that results in a terrible user experience.
Cloud applications like Office 365 were designed to be accessed directly through local internet breakouts. Zscaler cloud security enables local breakouts with full security controls.
Zscaler delivers the DMZ as a service, with AV inspection, Next-Gen Firewall, Sandbox, Advanced Threat Protection, URL Filters, SSL Inspection, and more —all in a unified platform service. It’s airtight security without the cost and complexity of stacks of appliances, and it delivers a fast, secure user experience, whether users connect from an office, coffee shop, or airport, at home or abroad.
The corporate network that once sat behind a security perimeter is now the internet, and the only way to provide comprehensive protection for users, no matter where they connect, is by moving security and access controls to the cloud.
The Zscaler cloud is always current with the latest security updates to keep you protected from rapidly evolving malware. With tens of thousands of new phishing sites arriving every day, appliances can’t keep up. And Zscaler minimizes costs and eliminates the complexity of patching, updating, and maintaining hardware and software.
Zscaler security controls are built into a unified platform, so they communicate with each other to give you a cohesive picture of all the traffic that’s moving across your network. Through a single interface, you can gain insight into every request — by user, location, and device around the world — in seconds.
The cloud is always reachable from anywhere, any time, from any device.
You can add new features and thousands of users without breaking a sweat.
Security and other services talk to each other so you get full visibility.
The cloud scans every byte coming and going, including SSL and
The cloud learns from every user and connection; any new threat is blocked for all.
Yes and no. Cloud services — like Amazon Web Services or Microsoft Office 365 — are responsible for safeguarding your data within their cloud environments, but not all cloud providers offer the same protections. You need full security and access controls to protect your users from risky applications and prevent data exfiltration. A Cloud Application Security Broker (CASB) provides risk scoring for many cloud applications, which can be used to create access policies. And, CASB can augment a cloud security platform by extending data leakage prevention. But CASB on its own does not provide protection against security breaches, ransomware, or other internet threats.
As organizations increase their use of cloud-based apps, like Salesforce, Box, and Office 365, and move to infrastructures services like Microsoft Azure and Amazon Web Services (AWS), it makes sense to have traffic secured in the cloud as well. For legacy vendors who have been — and largely still are — selling on-premises hardware appliances, this reality poses a problem, because their bottom lines, and their duty to shareholders, involves moving boxes. This is why they’ve begun promoting so-called “hybrid solutions,” with data center security being handled by appliances, and mobile or branch security being handled by similar security stacks housed in cloud environments.
The problem with such a strategy is that it complicates, rather than simplifies, enterprise security, and cloud users and administrators get none of the benefits of a true cloud service — speed, scale, global visibility, and threat intelligence — benefits that can only be provided through a multi-tenant global architecture.Request Demo
Protecting users with consistent and enforceable policies requires much more than simple URL or web filtering. That’s why thousands of organizations have already moved their IT security from appliances to security controls in the cloud. Here are some of the differences between appliance-based security and a cloud-delivered approach.
Requires security stacks at all egress points or backhauling traffic over costly MPLS links from branch offices and remote sites to DMZs. Mobile users go unprotected.
Users get the same protection, whether they’re in the HQ, branch offices, on the road, or at home.
Point appliances from different vendors work in isolation, so there’s no simple way to aggregate their data.
Integrated security controls and cloud services correlate information to give you a complete picture of your entire network.
Every appliance between your users and the internet causes latency. If users have to VPN into the data center, their experience is even worse.
Zscaler provides fast local breakouts, and our single-scan multi-action technology enables our security services to scan simultaneously for faster performance.
Deploying and maintaining appliances from multiple security vendors is expensive and difficult, requiring continuous patching, updates, and hardware upgrades.
Cloud security consolidates point products into an integrated platform; there's no hardware or software to buy or manage.
Point products generally apply a single technique to identify threats and pass the data on to the next appliance. Patches are applied as they become available.
Cloud intelligence means that any time a threat is detected anywhere in the cloud, protection is deployed everywhere. Zscaler applies more than security updates to its cloud every day.
Appliances are expensive to buy and own. And, as threats increase, you are forced to buy more and more of them.
Zscaler moves security from CAPEX to OPEX — for about the price of a cup of coffee per user per month.