SlideShare a Scribd company logo

The secure, direct to-internet branch

Zscaler, profile picture
Zscaler

The document discusses how digital transformation is driving the need for cloud-based security solutions and modernized network architectures. It describes Zscaler's cloud security platform as enabling organizations to securely access applications in the cloud while simplifying their networks. The presentation outlines how Zscaler has helped one large global organization transition to the cloud by providing a consistent security posture across its network.

Internet
1 of 34
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
1 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Transform your branch and security architecture for the cloud The secure, direct-to-internet branch Zeus Kerravala | Principal Analyst | ZK Research Bill Lapp | Vice President of Customer Success | Zscaler
2 To ask a question • Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2018 Zscaler, Inc. All rights reserved. Ask your question here…
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING About ZK Research Founded by 30+ year veteran industry analyst Zeus Kerravala Exclusive focus on network and communications technology that are in market transitions Background on Kerravala •10+ years as a Yankee Group Analyst •15+ years in corporate IT and consulting •Holds many technical certifications •Regular contributor on Network World, NoJitter, Tech Target, CSO Online and more 3
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING The Digital Era Has Arrived • Agility is everything in the digital era • Businesses need to adapt to market shifts faster than the competition • Digital building blocks are network centric • DX has raised the value of the network 4
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Digital Is Happening… 5 84% 13% 3% Does your organization have a digital transformation initiative underway? Yes No Unsure ... But uncertainty remains • 51% of CxOs do not know what their industry will look like in 2020 • 48% fear their company could be obsolete within 5 years • 71% of businesses have seen new competitors emerge in past 5 years
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING IT Needs A New Operating Model • Legacy IT is manually intensive • A digital business requires an agile, modernized infrastructure • DevOps and agile development require IT to move with speed • Migrating to a cloud architecture is requisite for the shift to digital • The cloud is a core digital enabler 6 IT Needs A New Operating Model
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Public Clouds Are Rising • Cloud will grow at 18% CAGR from ’15- ’21 • Rest of IT ~ 3% • 80% of Global 2000 has at least 20% of IT running in the cloud today • Workloads in clouds will outpace legacy workloads by 2019 36.9 46 55.3 67.7 75.8 86.5 97.2 10.5 13.6 15.9 18.6 22.1 26.9 31.2 10.1 12 14.9 17.6 19.9 22.5 26.4 0 20 40 60 80 100 120 140 160 180 2015 2016 2017 2018 2019 2020 2021 SaaS PaaS IaaS The cloud is the right compute model for the digital era
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING The Challenges With Legacy Networks • Designed for client server and best effort traffic • Not optimized for cloud first businesses • Security was placed at a single point • Internet traffic is backhauled across the WAN – twice! • Inefficient use of bandwidth and poor performance 8
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING WAN Modernization Is Mandatory • Businesses have spent billions increasing the level of app and compute agility • A lack of network agility is holding organizations back • SDNs have modernized data center networks • WANs need to be modernized 9
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Introducing SD-WANs • Separation of control and data plane puts innovation in SW • “Active-active” architectures • Cloud optimized • Makes direct to cloud access from branches possible • High resiliency • Optimizes application performance 10
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Poll question 1: • What is the status of SD-WAN within your organization? • No interest • Currently researching • Partially deployed • Fully deployed 11
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Security Challenges With SD-WAN • Perimeter security is no longer sufficient • ACLs are complex and time consuming to set up • Perimeter is continually changing • Local Interent breakout creates new security risks • VPNs are spotty and frustrates users 12
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING The Complexity Of Today’s WANs 13 WANs were orderly but inflexible WANs are agile but chaotic
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Poll question 2: • What best describes your opinion of local Internet breakout in branch offices? • No interest in it • We like the idea but securing it is too complex • We like the idea and are planning to deploy it • We are currently using local internet breakout but struggle with the security • We are currently using local internet breakout and have the security problem under control 14
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING A Better Solution: Secure Cloud Access 15 Secure cloud access provider Home office Branch office Other workers Other cloud
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Understanding Secure Cloud Access • Users connect to a secure cloud access provider • Cloud provider has secure connections to cloud services • Apps are segmented without having to implement network segmentation • Internet can be used for transport without the security risks • Users only access what they are permitted to by business policy 16
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Benefits Of Secure Cloud Access • Faster, higher quality experience for users • Reduced attack surface • Granular application access control • Easier to manage than ACLs and VLANs • Improved performance • Obviates the needs for VPNs • Increased visibility into apps and activity 17
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING What To Look For In A Solution Provider • Global visibility for users and apps • Secure, private access • Integrated security • Single pane of glass • Micro-segmentation capabilities • Health monitoring • Customer provided keys 18
© 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Summary • Digital transformation is changing the business landscape faster than ever • The cloud is a key enabler of digital transformation • Cloud drives significantly different traffic patterns than client server computing • SD-WANs can transform the WANs • A different security model is needed today • Secure cloud access is the answer 19
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION20 ©2018 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. A Transformation Journey Powered by Zscaler
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION21 Zscaler enables secure IT transformation to the cloud Internet and VPN Gateway Ext. FW / IPS URL Filtering Antivirus DLP SSL Sandbox Global LB DDoS Ext FW/IPS RAS (VPN) Internal FW Internal LB SaaSOpen Internet External APPS Data CenterIaaS Internal Internal (cloud or data center) Connect a user to an authorized private app (not network) Fast and secure policy-based access to apps and services over the Internet Any device, any location, on-net or off-net External (open Internet or SaaS) Nothing bad comes in, nothing good leaks out Zscaler Internet Access Zscaler Private Access HQMOBILE BRANCHIOT
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION22 The Complex Infrastructure of a Large Global Organization Open internet MPLS MPLS MPLS MPLS • 9 Data Centers • 8 internet egress points managed by 6 different teams • 8 email systems managed by 6 different teams 900 locations across 22 countries 10,000 Users 3,000 Remote Users on 5 VPN solutions 17 MPLS providers with various configurations Unreliable | Difficult to Manage | Lack of Visibility Poor End-User Experience | Significant CAPEX and OPEX Fail-Over EMEA DC Fail-Over NA DC
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION23 Cloud Transformation Journey – Phase 1 Four initiatives – 9 months 1. WAN vendor consolidation 2. SD WAN at 870 branches 3. Embrace Office 365 and phase- out local email servers 4. Local internet breakouts with appliances 30 Country & Regional HQs 870 Branch Locations MPLS WAN Vendor 9 Data Centers Open Internet IPSEC-to-MPLS architecture (No MPLS at braches) Branch office users were still complaining their internet experience was poor. MPLS WAN Vendor SaaS Benefits • Cost savings • Better internet experience at country and regional HQs • Simplified IT by standardizing email/SharePoint and reducing MPLS vendors from 17 to 1 1 4 MPLS WAN Vendor 2 3
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION24 Cloud Transformation Journey – Phase 2 One initiative – 9 months 1. Implement local internet breakouts in all branches 30 Country & Regional HQs 870 Branch Locations 9 Data Centers MPLS WAN Vendor Open Internet Option 1: Deploy branch firewalls in 870 locations. Option 2: Implement Zscaler Cloud Security Platform. XX Office 365 required more than just traditional proxy ports. Visibility provided by Zscaler led to courageous conversations on OSI Models Layers 8,9,10. SaaS Benefits • Reduction in branch user internet complaints (less pushback) • Avoided the cost and overhead of deploying 870 security appliances • 60% reduction in Data Center bandwidth requirements • Enhanced Security Posture – SSL inspection, cloud sandbox, DLP, and SIEM integration
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION25 Cloud Transformation Journey – Phase 3 Three initiatives 1. Implement Zscaler Cloud Firewall and Bandwidth Control for O365 2. Reduce security appliance requirements at country / regional HQs 3. Protect mobile users 30 Country & Regional HQs 870 Branch Locations 9 Data Centers MPLS WAN Vendor Open Internet Delivered a consistent end-user experience to IaaS and SaaS applications at all branch and HQ locations, but the mobile user was still struggling SaaS Benefits • Eliminated security appliances in country & regional HQs • Better Office 365 user experiences in all locations • Reduced risk by providing identical security controls to mobile workers
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION26 9 Data Centers MPLS WAN Vendor Open Internet SaaS IaaS 5 Data Centers Cloud Transformation Journey – Phase 4 Three initiatives – 12 months 1. Migrate apps to IaaS – re- platform critical apps to be browser accessible 2. Deploy virtual NGFWs and load balancers to eliminate traffic tromboning 3. Consolidate data centers 30 Country & Regional HQs 870 Branch Locations VM Virtual NGFWs and load balancers were expensive, didn’t scale, and micro-segmentation challenges. User confusion on when to use VPN and when they could use a browser. Benefits • Reduced data center costs • Reference Architecture to provide users better access re-platformed apps (No VPN)
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION27 MPLS WAN Vendor Open Internet SaaS 5 Data Centers IaaS VM Cloud Transformation Journey – Phase 5 Two initiatives – 6 months 1. Seamless End-User Experience - Implement Zscaler Private Access 2. Reference Architecture for a Zero-Trust Network Model 30 Country & Regional HQs 870 Branch Locations Future-proof app delivery strategy with positive end-user experience. Benefits • Simplified access to all applications • Eliminated the cost and complexity of virtual firewalls and load balancers in IaaS • Enhanced security posture – app microsegmentation, reduced inbound attack surface, enablement of zero-trust network model
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION28 Transformation Journey – Summary Cost Savings 8% of Overall IT Spend (Optimized Network/Security Arch, DC Consolidation, O365, etc.) Cost Avoidance $2.7M in appliance sprawl Network transformation – SDWAN at 870 locations and deployment of 30 local breakouts with appliances Network transformation – ZIA deployed to support local internet breakouts in 870 branch offices Global collaboration tools – Successfully deployed Office 365 with Cloud FW and Bandwidth Control Data center transformation – Moved apps to Azure/AWS and consolidated data centers Application access transformation –Eliminated VPN, zero-trust network model, positive end-user experience 1 2 3 4 5 Benefits Agile IT environment Consistent end-user experience Reduced business risk
©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION29 Zscaler: The market leader in cloud security Most Discerning Enterprise Customers 2,700 CUSTOMERS Over 80 of the Fortune 500 54% International Global Partners 100 Data centers 35B Daily requests 185 Countries served Largest Cloud Security Platform in the World Mature Global Cloud Operations Experienced Team with Pioneers in Cloud Security Unparalleled Cloud Scale
©2018 Zscaler, Inc. All rights reserved.30 Let Zscaler empower your next IT project Corporate deployment of Office 365 Securing SD-WAN transformation VPN Replacement or Securing App Access in AWS or Azure Enhancing Security or Replacing Traditional Proxies Next Steps Technical Workshop Proof of Concept Executive Briefing in San Jose, CA
©2018 Zscaler, Inc. All rights reserved. June 25-27, 2018 The Cosmopolitan, Las Vegas Register today at zenithlive.zscaler.com Join the conversation at community.zscaler.com
©2018 Zscaler, Inc. All rights reserved. Visit zscaler.com/transform to learn more Thank You! Questions and Next Steps Zeus Kerravala Principal Analyst, ZK Research zeus@zkresearch.com Twitter @zkerravala Bill Lapp Vice President, Customer Success, Zscaler blapp@zscaler.com Twitter @robilium
©2018 Zscaler, Inc. All rights reserved. June 25-27, 2018 The Cosmopolitan, Las Vegas Register today at zenithlive.zscaler.com Join the conversation at community.zscaler.com
©2018 Zscaler, Inc. All rights reserved. ©2018 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.

More Related Content

PPTX
SD-WAN plus cloud security
Zscaler
 
PPTX
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
PPTX
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
PDF
An Introduction to VMware NSX
Scott Lowe
 
PDF
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
PPTX
EDR(End Point Detection And Response).pptx
SMIT PAREKH
 
PPTX
Transform your enterprise branch with secure sd-wan
DATA SECURITY SOLUTIONS
 
PPT
Palo alto networks next generation firewalls
Castleforce
 
SD-WAN plus cloud security
Zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
An Introduction to VMware NSX
Scott Lowe
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
EDR(End Point Detection And Response).pptx
SMIT PAREKH
 
Transform your enterprise branch with secure sd-wan
DATA SECURITY SOLUTIONS
 
Palo alto networks next generation firewalls
Castleforce
 

What's hot (20)

PDF
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
PDF
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
PDF
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
 
PPTX
Ise 1 2-bdm-v4
Danny Liu
 
PPTX
CASB: Securing your cloud applications
Forcepoint LLC
 
PDF
What is SASE
Adi Ruppin
 
PDF
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
 
PDF
Endpoint Detection & Response - FireEye
Prime Infoserv
 
PPTX
SC-900 Capabilities of Microsoft Compliance Solutions
FredBrandonAuthorMCP
 
PDF
Microsoft Zero Trust
David J Rosenthal
 
PDF
Cloud migration strategies
SogetiLabs
 
PDF
Understanding SASE
Haris Chughtai
 
PDF
Netskope Overview
Netskope
 
PDF
PaloAlto Enterprise Security Solution
Prime Infoserv
 
PDF
An introduction to Defender for Business
Robert Crane
 
PDF
VMware Tanzu Introduction
VMware Tanzu
 
PDF
Introduction to Microsoft 365 Enterprise
Robert Crane
 
PDF
Infrastructure as Code
Robert Greiner
 
PDF
Modern Devices Management
Atanas Gergiminov
 
PDF
Azure cloud migration simplified
Girlo
 
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
 
Ise 1 2-bdm-v4
Danny Liu
 
CASB: Securing your cloud applications
Forcepoint LLC
 
What is SASE
Adi Ruppin
 
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
 
Endpoint Detection & Response - FireEye
Prime Infoserv
 
SC-900 Capabilities of Microsoft Compliance Solutions
FredBrandonAuthorMCP
 
Microsoft Zero Trust
David J Rosenthal
 
Cloud migration strategies
SogetiLabs
 
Understanding SASE
Haris Chughtai
 
Netskope Overview
Netskope
 
PaloAlto Enterprise Security Solution
Prime Infoserv
 
An introduction to Defender for Business
Robert Crane
 
VMware Tanzu Introduction
VMware Tanzu
 
Introduction to Microsoft 365 Enterprise
Robert Crane
 
Infrastructure as Code
Robert Greiner
 
Modern Devices Management
Atanas Gergiminov
 
Azure cloud migration simplified
Girlo
 
Ad

Similar to The secure, direct to-internet branch (20)

PDF
Three Key Steps for Moving Your Branches to the Cloud
Zscaler
 
PPTX
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PROIDEA
 
PPTX
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
PDF
Digital Businesses Need to Rethink Their Network Strategies
Abhishek Sood
 
PPTX
The evolution of IT in a cloud world
Zscaler
 
PPTX
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
 
PPTX
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
PPTX
The evolving CIO|CISO relationship
Zscaler
 
PPTX
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Zscaler
 
PPTX
Ma story then_now_webcast_10_17_18
Zscaler
 
PPTX
Migration to microsoft_azure_with_zscaler
Zscaler
 
PPTX
Alpha & Omega's Managed Security
Darryl Santa
 
PPTX
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
PPTX
Moving from appliances to cloud security with phoenix children's hospital
Zscaler
 
PPTX
Top 5 predictions webinar
Zscaler
 
PDF
ztna-2-0-report.pdf
Anto664537
 
PPTX
What Comes After VPN?
Zscaler
 
PPTX
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.
 
PDF
zscaler-aws-zero-trust.pdf
MuhammadSajidAbdulga
 
PPTX
The greatest SDWAN sales slidedeck ever created
Ronald Bartels
 
Three Key Steps for Moving Your Branches to the Cloud
Zscaler
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PROIDEA
 
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
Digital Businesses Need to Rethink Their Network Strategies
Abhishek Sood
 
The evolution of IT in a cloud world
Zscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
 
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
The evolving CIO|CISO relationship
Zscaler
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Zscaler
 
Ma story then_now_webcast_10_17_18
Zscaler
 
Migration to microsoft_azure_with_zscaler
Zscaler
 
Alpha & Omega's Managed Security
Darryl Santa
 
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
Moving from appliances to cloud security with phoenix children's hospital
Zscaler
 
Top 5 predictions webinar
Zscaler
 
ztna-2-0-report.pdf
Anto664537
 
What Comes After VPN?
Zscaler
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.
 
zscaler-aws-zero-trust.pdf
MuhammadSajidAbdulga
 
The greatest SDWAN sales slidedeck ever created
Ronald Bartels
 
Ad

More from Zscaler (19)

PPTX
Zscaler mondi webinar
Zscaler
 
PPTX
3 reasons-sdp-is-replacing-vpn-in-2019
Zscaler
 
PPTX
Three ways-zero-trust-security-redefines-partner-access-ch
Zscaler
 
PPTX
Office 365 kelly services
Zscaler
 
PPTX
Get an office 365 expereience your users will love v8.1
Zscaler
 
PPTX
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 
PPTX
Schneider electric powers security transformation with one simple app copy
Zscaler
 
PDF
Top 5 mistakes deploying o365
Zscaler
 
PPTX
How sdp delivers_zero_trust
Zscaler
 
PDF
Zenith Live - Security Lab - Phantom
Zscaler
 
PPTX
O365 quick with fast user experience
Zscaler
 
PPTX
Office 365 deployment
Zscaler
 
PPTX
Dissecting ssl threats
Zscaler
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
PPTX
Top reasons o365 deployments fail
Zscaler
 
PPT
GDPR - are you ready?
Zscaler
 
PPTX
Secure remote access to AWS your users will love
Zscaler
 
PPTX
Maximize your cloud app control with Microsoft MCAS and Zscaler
Zscaler
 
PPTX
DNS Security, is it enough?
Zscaler
 
Zscaler mondi webinar
Zscaler
 
3 reasons-sdp-is-replacing-vpn-in-2019
Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-ch
Zscaler
 
Office 365 kelly services
Zscaler
 
Get an office 365 expereience your users will love v8.1
Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 
Schneider electric powers security transformation with one simple app copy
Zscaler
 
Top 5 mistakes deploying o365
Zscaler
 
How sdp delivers_zero_trust
Zscaler
 
Zenith Live - Security Lab - Phantom
Zscaler
 
O365 quick with fast user experience
Zscaler
 
Office 365 deployment
Zscaler
 
Dissecting ssl threats
Zscaler
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Top reasons o365 deployments fail
Zscaler
 
GDPR - are you ready?
Zscaler
 
Secure remote access to AWS your users will love
Zscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Zscaler
 
DNS Security, is it enough?
Zscaler
 

Recently uploaded (20)

PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
artificial intelligence overview of it and more
yafotin445
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Funds Management Learning Material for Beg
NKKumar16
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 

The secure, direct to-internet branch

  • 1. 1 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Transform your branch and security architecture for the cloud The secure, direct-to-internet branch Zeus Kerravala | Principal Analyst | ZK Research Bill Lapp | Vice President of Customer Success | Zscaler
  • 2. 2 To ask a question • Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2018 Zscaler, Inc. All rights reserved. Ask your question here…
  • 3. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING About ZK Research Founded by 30+ year veteran industry analyst Zeus Kerravala Exclusive focus on network and communications technology that are in market transitions Background on Kerravala •10+ years as a Yankee Group Analyst •15+ years in corporate IT and consulting •Holds many technical certifications •Regular contributor on Network World, NoJitter, Tech Target, CSO Online and more 3
  • 4. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING The Digital Era Has Arrived • Agility is everything in the digital era • Businesses need to adapt to market shifts faster than the competition • Digital building blocks are network centric • DX has raised the value of the network 4
  • 5. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Digital Is Happening… 5 84% 13% 3% Does your organization have a digital transformation initiative underway? Yes No Unsure ... But uncertainty remains • 51% of CxOs do not know what their industry will look like in 2020 • 48% fear their company could be obsolete within 5 years • 71% of businesses have seen new competitors emerge in past 5 years
  • 6. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING IT Needs A New Operating Model • Legacy IT is manually intensive • A digital business requires an agile, modernized infrastructure • DevOps and agile development require IT to move with speed • Migrating to a cloud architecture is requisite for the shift to digital • The cloud is a core digital enabler 6 IT Needs A New Operating Model
  • 7. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Public Clouds Are Rising • Cloud will grow at 18% CAGR from ’15- ’21 • Rest of IT ~ 3% • 80% of Global 2000 has at least 20% of IT running in the cloud today • Workloads in clouds will outpace legacy workloads by 2019 36.9 46 55.3 67.7 75.8 86.5 97.2 10.5 13.6 15.9 18.6 22.1 26.9 31.2 10.1 12 14.9 17.6 19.9 22.5 26.4 0 20 40 60 80 100 120 140 160 180 2015 2016 2017 2018 2019 2020 2021 SaaS PaaS IaaS The cloud is the right compute model for the digital era
  • 8. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING The Challenges With Legacy Networks • Designed for client server and best effort traffic • Not optimized for cloud first businesses • Security was placed at a single point • Internet traffic is backhauled across the WAN – twice! • Inefficient use of bandwidth and poor performance 8
  • 9. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING WAN Modernization Is Mandatory • Businesses have spent billions increasing the level of app and compute agility • A lack of network agility is holding organizations back • SDNs have modernized data center networks • WANs need to be modernized 9
  • 10. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Introducing SD-WANs • Separation of control and data plane puts innovation in SW • “Active-active” architectures • Cloud optimized • Makes direct to cloud access from branches possible • High resiliency • Optimizes application performance 10
  • 11. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Poll question 1: • What is the status of SD-WAN within your organization? • No interest • Currently researching • Partially deployed • Fully deployed 11
  • 12. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Security Challenges With SD-WAN • Perimeter security is no longer sufficient • ACLs are complex and time consuming to set up • Perimeter is continually changing • Local Interent breakout creates new security risks • VPNs are spotty and frustrates users 12
  • 13. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING The Complexity Of Today’s WANs 13 WANs were orderly but inflexible WANs are agile but chaotic
  • 14. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Poll question 2: • What best describes your opinion of local Internet breakout in branch offices? • No interest in it • We like the idea but securing it is too complex • We like the idea and are planning to deploy it • We are currently using local internet breakout but struggle with the security • We are currently using local internet breakout and have the security problem under control 14
  • 15. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING A Better Solution: Secure Cloud Access 15 Secure cloud access provider Home office Branch office Other workers Other cloud
  • 16. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Understanding Secure Cloud Access • Users connect to a secure cloud access provider • Cloud provider has secure connections to cloud services • Apps are segmented without having to implement network segmentation • Internet can be used for transport without the security risks • Users only access what they are permitted to by business policy 16
  • 17. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Benefits Of Secure Cloud Access • Faster, higher quality experience for users • Reduced attack surface • Granular application access control • Easier to manage than ACLs and VLANs • Improved performance • Obviates the needs for VPNs • Increased visibility into apps and activity 17
  • 18. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING What To Look For In A Solution Provider • Global visibility for users and apps • Secure, private access • Integrated security • Single pane of glass • Micro-segmentation capabilities • Health monitoring • Customer provided keys 18
  • 19. © 2018 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING Summary • Digital transformation is changing the business landscape faster than ever • The cloud is a key enabler of digital transformation • Cloud drives significantly different traffic patterns than client server computing • SD-WANs can transform the WANs • A different security model is needed today • Secure cloud access is the answer 19
  • 20. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION20 ©2018 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. A Transformation Journey Powered by Zscaler
  • 21. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION21 Zscaler enables secure IT transformation to the cloud Internet and VPN Gateway Ext. FW / IPS URL Filtering Antivirus DLP SSL Sandbox Global LB DDoS Ext FW/IPS RAS (VPN) Internal FW Internal LB SaaSOpen Internet External APPS Data CenterIaaS Internal Internal (cloud or data center) Connect a user to an authorized private app (not network) Fast and secure policy-based access to apps and services over the Internet Any device, any location, on-net or off-net External (open Internet or SaaS) Nothing bad comes in, nothing good leaks out Zscaler Internet Access Zscaler Private Access HQMOBILE BRANCHIOT
  • 22. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION22 The Complex Infrastructure of a Large Global Organization Open internet MPLS MPLS MPLS MPLS • 9 Data Centers • 8 internet egress points managed by 6 different teams • 8 email systems managed by 6 different teams 900 locations across 22 countries 10,000 Users 3,000 Remote Users on 5 VPN solutions 17 MPLS providers with various configurations Unreliable | Difficult to Manage | Lack of Visibility Poor End-User Experience | Significant CAPEX and OPEX Fail-Over EMEA DC Fail-Over NA DC
  • 23. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION23 Cloud Transformation Journey – Phase 1 Four initiatives – 9 months 1. WAN vendor consolidation 2. SD WAN at 870 branches 3. Embrace Office 365 and phase- out local email servers 4. Local internet breakouts with appliances 30 Country & Regional HQs 870 Branch Locations MPLS WAN Vendor 9 Data Centers Open Internet IPSEC-to-MPLS architecture (No MPLS at braches) Branch office users were still complaining their internet experience was poor. MPLS WAN Vendor SaaS Benefits • Cost savings • Better internet experience at country and regional HQs • Simplified IT by standardizing email/SharePoint and reducing MPLS vendors from 17 to 1 1 4 MPLS WAN Vendor 2 3
  • 24. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION24 Cloud Transformation Journey – Phase 2 One initiative – 9 months 1. Implement local internet breakouts in all branches 30 Country & Regional HQs 870 Branch Locations 9 Data Centers MPLS WAN Vendor Open Internet Option 1: Deploy branch firewalls in 870 locations. Option 2: Implement Zscaler Cloud Security Platform. XX Office 365 required more than just traditional proxy ports. Visibility provided by Zscaler led to courageous conversations on OSI Models Layers 8,9,10. SaaS Benefits • Reduction in branch user internet complaints (less pushback) • Avoided the cost and overhead of deploying 870 security appliances • 60% reduction in Data Center bandwidth requirements • Enhanced Security Posture – SSL inspection, cloud sandbox, DLP, and SIEM integration
  • 25. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION25 Cloud Transformation Journey – Phase 3 Three initiatives 1. Implement Zscaler Cloud Firewall and Bandwidth Control for O365 2. Reduce security appliance requirements at country / regional HQs 3. Protect mobile users 30 Country & Regional HQs 870 Branch Locations 9 Data Centers MPLS WAN Vendor Open Internet Delivered a consistent end-user experience to IaaS and SaaS applications at all branch and HQ locations, but the mobile user was still struggling SaaS Benefits • Eliminated security appliances in country & regional HQs • Better Office 365 user experiences in all locations • Reduced risk by providing identical security controls to mobile workers
  • 26. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION26 9 Data Centers MPLS WAN Vendor Open Internet SaaS IaaS 5 Data Centers Cloud Transformation Journey – Phase 4 Three initiatives – 12 months 1. Migrate apps to IaaS – re- platform critical apps to be browser accessible 2. Deploy virtual NGFWs and load balancers to eliminate traffic tromboning 3. Consolidate data centers 30 Country & Regional HQs 870 Branch Locations VM Virtual NGFWs and load balancers were expensive, didn’t scale, and micro-segmentation challenges. User confusion on when to use VPN and when they could use a browser. Benefits • Reduced data center costs • Reference Architecture to provide users better access re-platformed apps (No VPN)
  • 27. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION27 MPLS WAN Vendor Open Internet SaaS 5 Data Centers IaaS VM Cloud Transformation Journey – Phase 5 Two initiatives – 6 months 1. Seamless End-User Experience - Implement Zscaler Private Access 2. Reference Architecture for a Zero-Trust Network Model 30 Country & Regional HQs 870 Branch Locations Future-proof app delivery strategy with positive end-user experience. Benefits • Simplified access to all applications • Eliminated the cost and complexity of virtual firewalls and load balancers in IaaS • Enhanced security posture – app microsegmentation, reduced inbound attack surface, enablement of zero-trust network model
  • 28. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION28 Transformation Journey – Summary Cost Savings 8% of Overall IT Spend (Optimized Network/Security Arch, DC Consolidation, O365, etc.) Cost Avoidance $2.7M in appliance sprawl Network transformation – SDWAN at 870 locations and deployment of 30 local breakouts with appliances Network transformation – ZIA deployed to support local internet breakouts in 870 branch offices Global collaboration tools – Successfully deployed Office 365 with Cloud FW and Bandwidth Control Data center transformation – Moved apps to Azure/AWS and consolidated data centers Application access transformation –Eliminated VPN, zero-trust network model, positive end-user experience 1 2 3 4 5 Benefits Agile IT environment Consistent end-user experience Reduced business risk
  • 29. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION29 Zscaler: The market leader in cloud security Most Discerning Enterprise Customers 2,700 CUSTOMERS Over 80 of the Fortune 500 54% International Global Partners 100 Data centers 35B Daily requests 185 Countries served Largest Cloud Security Platform in the World Mature Global Cloud Operations Experienced Team with Pioneers in Cloud Security Unparalleled Cloud Scale
  • 30. ©2018 Zscaler, Inc. All rights reserved.30 Let Zscaler empower your next IT project Corporate deployment of Office 365 Securing SD-WAN transformation VPN Replacement or Securing App Access in AWS or Azure Enhancing Security or Replacing Traditional Proxies Next Steps Technical Workshop Proof of Concept Executive Briefing in San Jose, CA
  • 31. ©2018 Zscaler, Inc. All rights reserved. June 25-27, 2018 The Cosmopolitan, Las Vegas Register today at zenithlive.zscaler.com Join the conversation at community.zscaler.com
  • 32. ©2018 Zscaler, Inc. All rights reserved. Visit zscaler.com/transform to learn more Thank You! Questions and Next Steps Zeus Kerravala Principal Analyst, ZK Research zeus@zkresearch.com Twitter @zkerravala Bill Lapp Vice President, Customer Success, Zscaler blapp@zscaler.com Twitter @robilium
  • 33. ©2018 Zscaler, Inc. All rights reserved. June 25-27, 2018 The Cosmopolitan, Las Vegas Register today at zenithlive.zscaler.com Join the conversation at community.zscaler.com
  • 34. ©2018 Zscaler, Inc. All rights reserved. ©2018 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.