https://www.zscaler.fr/ Blog Zscaler — Nouveautés et points de vue du principal acteur de la sécurité cloud. fr https://www.zscaler.fr/blogs/customer-stories/cushman-wakefield-s-roadmap-consolidating-and-simplifying-security-zscaler Cushman & Wakefield’s Roadmap for Consolidating and Simplifying Security with Zscaler As a CISO leading the cybersecurity program at Cushman & Wakefield, one of the world's largest commercial real estate services firms, I can attest that it has been a truly transformative journey. When I joined the company over five years ago, I had clear priorities: improve SaaS application performance for our distributed, mostly mobile workforce, now more than 52,000 employees, simplify network architecture, and accelerate integration of mergers and acquisitions (M&As). My vision was to evolve Cushman & Wakefield’s security approach from a legacy on-premises infrastructure to cloud-based security as a service. As we set our sights on a cloud-first and partner-first model, we aimed to shrink the size and number of our data centers. Our intent was to streamline our infrastructure and build a coordinated security ecosystem with an eye toward gaining operational efficiencies. Equally important was providing our globally dispersed users with faster, more secure access to the more than 200 SaaS applications they rely on every day. To achieve these goals, we turned to the Zscaler Zero Trust Exchange—and it has proven to be the perfect fit for our strategic vision. Zscaler has been at the core of our success and continues to be at the center of our ongoing security transformation journey. A phased approach to our Zscaler implementation In 2019, we made a strategic decision to adopt SD-WAN to improve SaaS connectivity across our more than 400 branch offices. That’s when we adopted Zscaler. We selected Zscaler Internet Access (ZIA), part of the Zero Trust Exchange, as our security solution because it interoperates seamlessly with the SD-WAN and enables secure local internet breakouts without the high costs and complexity of on-premises firewall appliances. The joint solution provided consistent protection and significantly better performance for our users on any device anywhere. Additionally, our security team had complete visibility over what was happening on the network and who was using which applications. This allowed us to manage bandwidth and prioritize traffic to business-critical applications and limit the impact of streaming and social media traffic. We’re continuing to modernize our branch offices but are moving to a café model, where users can securely connect to corporate resources without VPN or SD-WAN. Zscaler is making this change possible. Looking ahead, we also plan to implement Zscaler Private Access more broadly to provide secure access to private applications as we establish offices in new regions. Following the user during the pandemic and beyond At every stage of our implementation, we found that Zscaler delivered value in new ways. Even before the COVID-19 pandemic, a significant portion of our workforce was operating remotely. When the pandemic struck, we were well prepared. Zscaler Client Connector had already been deployed on all devices, so we maintained business continuity. When a leader asked me what my plan was for security at the time, I just shrugged my shoulders and informed him that we already had all our bases covered with Zscaler and Crowdstrike being the primary components. Zscaler integrations for a coordinated security ecosystem After the positive experience we had with the Zscaler integration, we are impressed with how easy and seamless it is to integrate other tools in our security stack with Zscaler. Recently, we integrated Zscaler with CrowdStrike for an added layer of protection: Zscaler only allows devices that meet CrowdStrike’s Zero Trust Assessment (ZTA) score threshold to access sensitive applications. By sharing real-time threat intelligence, data alerts, and device health information, the Zscaler-CrowdStrike integration has reduced the number of security events. As we move forward with building out our zero trust architecture and creating a unified security ecosystem, we plan to leverage Zscaler’s open API more fully to maximize our other security investments. We’re looking at ways to broaden threat intelligence sharing, gain more visibility, and engage automation to a greater degree. At the top of my to-do list are integrating with CrowdStrike Falcon LogScale, its next-generation SIEM and log management tool, and with Mimecast, the cloud-based email security and management system used by all our employees.. Future focus: expanding Zscaler capabilities Risk management I also look forward to evaluating the new AI-powered capabilities like Zscaler Risk360 to gain visibility into risk in all areas of our environment. Once it’s in place, Zscaler Risk360’s visualization framework will generate risk posture profiles using real data in our environment combined with global security research from Zscaler ThreatLabz. The ability to quickly identify and respond to critical vulnerabilities will enhance our proactive protection, enable us to communicate security priorities in a quantifiable way, and help us build a data-driven case as we advocate for additional resources. M&A integration Over the years, most of our growth has been fueled by M&As. We plan on leveraging Zscaler to integrate acquired companies and enable these new users to have access to business-critical applications in days rather than months. Combating data loss and insider threats We are also on a mission to curb data loss overall and to combat insider threats, whether due to negligence or malicious motives. These challenging tasks are made easier with the multi-pronged defense made possible by the zero trust architecture we have in place and continue to build on. By ensuring least privilege access and preventing lateral movement, we are limiting potential damage from abuse of insider access. The Zscaler’s Zero Trust Exchange plays a critical role in keeping these threats at bay by minimizing the attack surface—users connect only to a single application, not to the network. As we continue on our zero trust journey, enhancing data protection in this age of generative AI engines like ChatGPT is a top priority. Zscaler’s inline TLS/SSL traffic inspection will be essential for preventing the leakage of sensitive data by identifying and blocking attempted unauthorized uploads to AI tools and across all our cloud apps. Gaining deeper visibility into user activity is another focus area. While most of our employees are trusted, honest professionals, mistakes happen. By implementing deception tools such as honeypots and lures, our security team will receive alerts to help them detect anomalous insider behavior faster. This significantly reduces dwell time for any potential incidents. A partnership for the long haul As CISO, my aim is to continue delivering seamless access and robust security for our global staff as we grow our business and expand our presence and offer new services. The flexible, scalable Zero Trust Exchange aligns with this goal. Our partnership with Zscaler has been integral to Cushman & Wakefield’s cloud-first journey. Together, we’ve shifted from legacy networks to a unified, user-centric security model that enables productivity and protection anywhere. I am confident that our journey toward a more secure and efficient future will continue successfully with Zscaler as our trusted partner. The results we have achieved thus far speak for themselves. To learn more, read the case study. Thu, 15 Fév 2024 08:37:55 -0800 Erik Hart https://www.zscaler.fr/blogs/customer-stories/cushman-wakefield-s-roadmap-consolidating-and-simplifying-security-zscaler https://www.zscaler.fr/blogs/customer-stories/how-zscaler-s-powerful-integrations-help-state-oklahoma-efficiently-do-more How Zscaler’s Powerful Integrations Help the State of Oklahoma Efficiently Do More with Less On any given day, our team of security professionals who comprise the OMES Oklahoma Cyber Command stay on top of up to 17 million potential threats ranging from phishing and credential compromise to ransomware and data breaches. Dedicated to securing the digital assets of the State of Oklahoma government, these members are also stewards of massive amounts of sensitive personal and healthcare data—from our more than 30,000 employees and the nearly 4 million state residents served by our more than 180 agencies. Thanks to the Zscaler Zero Trust Exchange platform, we are successfully managing this high volume of threats and safeguarding the vital data we have been entrusted with. One of the Zscaler superpowers we have come to rely on is its integration capabilities. By working in sync with other components of our security stack, Zscaler has taken us to the next level of our security maturity and zero trust transformation. Keep pace by unifying security We know that the spiraling volume of threats will always be a challenge, especially now that cybercriminals are beginning to leverage AI for malicious purposes. When new security challenges emerge, we need to be able to respond at lightning speed. Amid all the change and complexity in the security and technology landscape, I’m finding that the solution is to simplify and unify our security infrastructure. One of the ways we have done that is by taking full advantage of Zscaler’s powerful integration capabilities. When you work with a single unified platform, it almost forces efficiency, and it certainly aids in the ongoing battle most state governments face of having to do more with less. Integrations provide a holistic view One of the things that differentiates Zscaler from other solutions is its open application programming interface (API), which has made it easy to integrate with our existing security solutions. In our environment, we’ve found that Zscaler plays well with other core tools we rely on—namely CrowdStrike and Splunk—in how it shares threat intelligence data and coordinates protection and incident response. The ability to tie these security tools together increases telemetry and gives us the opportunity to stop lateral threats before they become bigger problems that could potentially affect our users and our citizens. Zscaler-CrowdStrike integration curbs lateral threat movement By sharing telemetry and threat intelligence data between the CrowdStrike platform and the Zscaler Zero Trust Exchange, access policies can automatically be adapted according to changing user context, device health, and newly detected threats, making investigation and response faster and more effective. For example, let’s say we know there’s an attack occurring—maybe the next SolarWinds or a user just installed a new, unauthorized app that has weakened the endpoint posture. With the Zscaler-CrowdStrike integration, CrowdStrike can detect the change and recalculate the Falcon Zero Trust Assessment (ZTA) score and share it with Zscaler. Based on the updated ZTA score, Zscaler policy control can automatically adapt to a stricter threshold to only allow access via a browser isolation session or even block the connection to protect against access to selected mission-critical applications. Furthermore, the sharing of telemetry and threat intelligence is key to expanded visibility of the threat landscape, from endpoint to applications. After all, it wouldn’t be efficient if one security system knows something is critically important and doesn’t share this with another security domain! As an inline security cloud, Zscaler can intercept any unknown zero-day payloads before they reach an endpoint and share the telemetry with CrowdStrike. This helps us quickly assess the existence of any such zero-day payload in the entire endpoint environment and provides the basis for automated cross-platform response workflow. This helps stop threats from moving laterally into critical systems, such as a database server housing financial information. Zscaler-Splunk integration provides a centralized view The Zscaler-Splunk integration gives us extensive analytics for in-depth visibility into usage, access, and the overall environment. The analytics correlate data, helping us perform proactive threat hunting and investigations by enabling us to identify abnormal patterns. Zscaler’s data logs correspond to the same schema as Splunk, so it makes correlation searches easy. Zscaler logs are sent via a secure HTTPS push and delivered to Splunk’s HTTP Event Collector reliably and securely. Once in Splunk, the logs are normalized, which allows correlation across all data sources, providing end-to-end visibility. Splunk’s robust analytics include risk-based alerting (RBA) and user and entity behavior analytics (UEBA). The tight integration simplifies security operations by reducing the need for our team to constantly swivel from one security console to another to get the information they need. The Splunk analytics dashboard serves as the hub of this wheel of zero trust protection. It shows activity across the enterprise in real time, regardless of user location. As a result of the Zscaler-Splunk integration, our security operations team has experienced significant gains in speed and efficiency. In the past, I would have needed three to five different solutions to accomplish what Zscaler and its integrations can do on their own. We would not be as far along our path to zero trust as we are now without a platform like the Zscaler Zero Trust Exchange to help us out. It has exponentially improved our cybersecurity, and I’m proud to be a part of the amazing things that my team does every day to protect our employees and our citizens. Read the case study to learn more about the State of Oklahoma’s Zscaler Zero Trust Exchange deployment. Thu, 08 Fév 2024 16:11:39 -0800 Michael Toland https://www.zscaler.fr/blogs/customer-stories/how-zscaler-s-powerful-integrations-help-state-oklahoma-efficiently-do-more https://www.zscaler.fr/blogs/customer-stories/must-haves-augment-your-zero-trust-architecture Must-Haves to Augment Your Zero Trust Architecture With all the fluctuations in interest rates lately, working in the mortgage industry sometimes feels like a wild roller coaster ride. At Guaranteed Rate, we are navigating market volatility by constantly evolving and growing our business with new joint ventures, mergers and acquisitions, and additional financial service offerings beyond mortgage lending. With the expansion of our business, our IT environment has also changed, shifting from a traditional on-premises infrastructure with most employees working on-site to a cloud-first, remote work model. Operating a large business in general is getting increasingly complex. There are more people, more applications, and multiple clouds to manage. We currently operate 13 different companies and 500 offices across all 50 states, which means there is a great deal to protect. Like other financial sector organizations, we’re hyper-vigilant about safeguarding sensitive data and meeting tough compliance requirements. And we’re well aware that the financial sector is increasingly targeted by threat actors whose methods of attack grow increasingly more sophisticated by the day. Bad actors are using AI for phishing emails, engaging in ransomware-as-a-service schemes, and divvying up and optimizing different parts of the attack chain to collaborate with each another. As CISO at Guaranteed Rate, I’m responsible for managing information security, technology governance, risk and compliance, and business continuity. It’s a lot to handle, and one of the ways I have found success in my role is to reduce complexity wherever possible. That’s why I have adopted a zero trust strategy for Guaranteed Rate and focus on implementing platforms over point solutions. I also partner with market-leading companies that are innovators in their space. We rely on vendors with proven technology to ensure we don’t fall behind in our digital transformation—especially in the critical area of cybersecurity. When it came time to make the shift to zero trust, we chose Zscaler as our trusted partner. The cloud-native, scalable Zscaler Zero Trust Exchange checked all the boxes: reduced security risk, a vastly improved user experience, lower costs, and far less complexity. With Zscaler, I can manage the policy I set across the entire enterprise from a single dashboard. I’m no longer dealing with multiple technologies from different vendors. This simplifies the environment from both an architectural and management standpoint and provides our company with consistent security across all users, devices, and locations. We’ve been really pleased with Zscaler and are in the process of expanding our implementation with products that I consider must-haves: As part of our plan to strengthen our zero trust defenses, we’re leveraging Zscaler Digital Experience (ZDX) and Zscaler Risk360 which are part of the AI-powered Zscaler ​​Business Analytics portfolio. Zscaler Digital Experience We use ZDX to monitor user experience, identify connectivity and application issues, and resolve support tickets faster. ZDX gives us real-time, high-level insight into the performance of network connections and applications on user devices. When our people inform us that their connections are slow, the help desk can pull objective data from ZDX to pinpoint the problem. Often, it’s the connection to their internet service provider. ZDX helps us provide awareness and feedback to our users as to what they might be experiencing and why. It has also helped us to be more proactive from a support standpoint. For instance, if we’re getting an unusually high support call volume from a certain area of the country where users are having trouble accessing certain applications, ZDX helps us to identify the problem by seeing the patterns Zscaler Risk360 Zscaler Risk360, a risk quantification and visualization framework, is an invaluable risk management tool. With the lean team we have, Risk360 helps us to prioritize our workload. Not all security challenges and their associated risks are equal. With Risk360, we can be more targeted in terms of where we spend our time so that we address the most important risks first. Risk360 also helps create more transparency by giving us better awareness of where we might have potential blind spots. Through Zscaler Generative AI technology, Risk360 provides cybersecurity maturity assessments that leverage data from third parties to identify additional risk signals. Zscaler Business Insights Another part of the Zscaler Business Analytics offering we plan to implement is the Zscaler Business Insights dashboard. This tool ingests SaaS licensing data and user activity from the Zero Trust Exchange to report on SaaS inventory, usage, and spend across a broad footprint of offices, users, and applications. With our work environment changing dramatically in recent years from primarily onsite to mostly remote, this tool will enable us to visualize actual application usage at all our locations, including when the applications are being used by date and time, whether they are over capacity or under capacity, and opportunities for consolidation and cost savings. The data in these dashboard visualization tools is also useful for reporting and compliance. There’s also a new financial risk model feature in Business Analytics that ties security risk to financial risk. This helps a company like ours be more efficient in how we allocate our resources to reduce risk. Zscaler Deception We are really impressed with Zscaler Deception after testing it out and are planning to fully deploy it in 2024. Deception technology proactively lures sophisticated threat actors with fake or decoy passwords, cookies, applications, servers, and users to divert them away from sensitive resources. When an attacker uses one of the deceptive assets, they are identified and intercepted. We want to put more “canary objects” out there as bait for attackers to see what they might catch. I see this as a great way to add an extra layer of security against the most sophisticated threats without adding any operational overhead. Our team only gets notified if there are confirmed threats and breaches. We can also set up our zero trust access policies to dynamically cut off access to sensitive areas in real time if or when the canaries are used. The bottom line is that, with Zscaler, our lean team can do more with less because the platform allows us to run our security program more efficiently. Zscaler requires only a fraction of a full-time resource to manage, and that’s a huge win. In my opinion, Zscaler is the one security technology stack to rule them all. Read the case study to learn more about the Guaranteed Rate Zscaler deployment. Tue, 16 Jan 2024 07:01:02 -0800 Darin Hurd https://www.zscaler.fr/blogs/customer-stories/must-haves-augment-your-zero-trust-architecture https://www.zscaler.fr/blogs/customer-stories/how-zscaler-zero-trust-exchange-makes-divestiture-seamless-easy-and-secure When thinking about logistics and the trucking industry in particular, technology probably isn’t the first association that comes to mind. While trucking has been around since shortly after the advent of the Model T in 1905, it hasn’t had the level of technological disruption and innovation that we’ve seen in other industries. But that’s changing rapidly. Digital transformation in the logistics industry Logistics and freight transportation is essentially a network business. I compare it to Uber because Uber is a network business, too. It matches customers who want to go to a particular destination with drivers. Just as technology has transformed passenger transportation, it is also transforming freight transportation by increasing freight network efficiency through the use of artificial intelligence and other advanced tools. Even so, the industry isn’t yet fully digitized. For example, much of sales and customer operations work is done—for lack of better words—in an old-school way. We still have customer service representatives across Asia, South America, and Europe who make and receive phone calls as they manage pickup and delivery schedules, routing, dispatching, and billing. Here at XPO, we’re working to optimize and support these customer service representatives with technology designed for a distributed world. Digital transformation is happening, and we are on a fast track to becoming a 100% cloud company. In fact, our CEO was previously our CIO. That should tell you about the direction we are headed as a company and where we see the industry going in the not-too-distant future. XPO is investing heavily in technology. By the end of next year, we plan to completely shut down our data centers and become a 100% cloud company. As part of that cloud transformation, XPO deployed the Zscaler Zero Trust Exchange to meet our need for a security service edge (SSE). Zscaler not only satisfied our intended use cases, but also provided a number of unforeseen benefits. Divestitures made simpler In the relatively recent past, XPO was a big conglomerate with close to $30 billion in revenue and over 100,000 employees in 30 countries. In 2022, XPO sold its intermodal division, which provided rail brokerage and drayage services to 48 locations, to STG Logistics. Since then, STG has divested into a number of smaller companies, two of which went public almost immediately after the divestitures: RXO Logistics and GXO Logistics. It was clear to us prior to deployment how a cloud native zero trust platform would be used to onboard and federate an acquired company by providing immediate and secure availability and access to the company’s applications instead of requiring cumbersome network integrations. What was less obvious to us was how this platform would make the process of divestiture easier as well. But it certainly did. Here are the benefits we experienced from having Zscaler in place throughout the divestitures at XPO: No transition pains Zscaler Internet Access enabled segmentation of public SaaS applications based on user identity. We were able to simply deploy Zscaler policies and segment the users from there. We went from more than 100,000 people to 38,000 people with zero friction. No change in security posture You can imagine that, when divestitures are on the horizon, there are a lot of distractions. As a result, things could fall through the cracks in terms of security. But with Zscaler, we maintained comprehensive security against cyberattacks and data loss, so our security and risk posture did not suffer one bit throughout the divestiture process. No dip in productivity Business continuity was another benefit of having Zscaler in place during divestitures. In similar situations in the past, I’ve had to hire a dedicated security team to handle the activities of segmenting the environments. This time, I didn’t have to hire anyone. It was a seamless transition, with no impact on productivity. No interruptions in availability To provide perspective, XPO moves between 50,000 and 60,000 pieces of freight every day. We use off-the-shelf SaaS applications for things like finance and HR, but the core system we use for operations is proprietary technology that uses machine learning to optimize routes, onboard customers, and make real-time rate adjustments. As you can imagine, availability is everything in our business. If we were to be down for even a single day, the problems would multiply exponentially, so the ability to access our systems is critical. Before Zscaler, outages were all too frequent and user productivity was impacted by VPN and network disruptions in various locations. With Zscaler, we never have to worry about the network edge anymore, and this is something I can’t even begin to put a value on. The power of the platform Looking back, the only thing I would have done differently is deployed more of the capabilities of the Zero Trust Exchange up front to really leverage its power. For instance, I wish that we’d had Zscaler Private Access (ZPA) during the divestitures because it would have made it easier to segment the networks of internal apps versus external apps. With that said, deploying ZPA is at the top of our to-do list now. Given the complexity of the typical divestiture process and all the things that could have gone wrong that didn’t, I feel that having Zscaler in place was a huge part of that success story. Read the case study to learn more about how XPO is benefitting from the Zscaler zero trust platform. Fri, 12 Jan 2024 08:15:01 -0800 Peeyush Patel https://www.zscaler.fr/blogs/customer-stories/how-zscaler-zero-trust-exchange-makes-divestiture-seamless-easy-and-secure https://www.zscaler.fr/blogs/customer-stories/immortalizing-heroic-journeys-zscaler-customer-advocates Look! Up in the sky! Is it a bird? Is it a plane? It’s our Zscaler IT Heroes—a series of colorful illustrated stories celebrating our customers as the “heroes” of their organizations’ digital transformation. An initiative of our Customer Advocacy program, these comic strip-style illustrations tell a story about each customer’s zero trust security journey in just three frames. Shared via Zscaler’s social media channels, each comic links to its respective case study that captures the organization’s evolution to the cloud, powered by Zscaler. Written case studies are a standard element of many marketing programs, but I saw an opportunity to try something new by creating a uniquely rewarding experience for our customers. We wanted to breathe life into our existing case studies with a fun and unique way to honor our customers, and offer their peers potential solutions, while showcasing their successes. These comics bring the customers’ voices to life, giving them the much deserved spotlight and demonstrating one of our core company values: customer obsession. In addition to the thrill of seeing their illustrative narratives spread like wildfire across social media, each customer receives a digital file of their comic strip and physical framed version for their desks. This reinvents the traditional lucite desk award that people typically receive with a more meaningful recognition. Who could resist being the star in their own comic? Talk about a great conversation starter with your cube mate! Even better, recipients have told me that their kids are beyond impressed with the award—and we all know kids are the biggest critics of all. "To make customer advocacy as effective as possible, we need a multi-pronged approach, from detailed success stories and engaging videos, to eye-catching creative campaigns like Zscaler’s IT Heroes series,” my manager Pavel Radda, VP, Global Communications, shared with me. “These vividly illustrated stories weave together the threads of imagination and zero trust innovation, capturing the essence of each customers’ secure digital transformation journey." A Journey Well Traveled Like many new ideas, the IT Heroes journey had many stops and starts from inception to finished product. It was such a unique concept, I had to make sure everyone was inspired enough by the vision to take a leap of faith and believe it would succeed. I thought through the plan and discussed it with various internal stakeholders to gauge their reaction– a litmus test, if you will. I also connected with our customer champions to get their perspectives on the award. Customers not only loved the comic strip idea, many shared that they would be honored to be recognized in this way. Taking the time to involve the right people and bring in the right subject matter experts who made tweaks along the way made the final product so much better. It changed the trajectory and outcome entirely. By partnering with my brilliant peers at Zscaler, we created something really special. The Gift That Keeps On Giving Once the initial IT Heroes program launched, the team and I were pleasantly surprised by the response. “The IT Hero comics are some of the most creative pieces of social content we produce, easily in the top three for total engagement over the past six months,” said Jeff Anaya, Sr. Social Media Manager, Zscaler. “It's great, it's interesting, and it works.” “Such an awesome project! I actually had someone randomly reach out on LinkedIn (before I shared it) saying how cool it is,” said Kristi Myllenbeck, Copywriter, Zscaler. Customers who were featured in the IT Heroes series not only felt the love, but shared it back: “Thanks for this. We are indeed honored to have been selected as a recipient of this new award and to be recognised as a leading customer advocate.” – John Armenakas, Director, Partner Development & Success, Colt Technology Services “It has been great to work with you and the team and it is an honor to receive the award.” – Peeyush Patel, CISO, Careem “What a nice surprise! I have seen the post and the attention it already got. Thanks again.” – Armin Auth, Head of Enterprise Architecture, Hydro From Comic Strip to Comic Series One year and 12 comics later, the team is taking it up a notch by launching the new “Z Cloud Collective,” a digital comic book that encompasses all the customer IT Heroes triumphs to date, with many more to come. This project is the first of its kind on Zscaler.com, and I hope it opens the door for many more interactive elements across the web in the future. Calling All IT Heroes We are looking forward to recognizing so many more customer advocates in the future. If you've harnessed the power of the Zscaler Zero Trust Exchange platform to accelerate your organization’s zero trust journey, or you know someone else who has, submit your nomination today! Thu, 21 Déc 2023 10:02:17 -0800 Josselyn Graham https://www.zscaler.fr/blogs/customer-stories/immortalizing-heroic-journeys-zscaler-customer-advocates https://www.zscaler.fr/blogs/customer-stories/how-four-pillars-zscaler-lead-successful-customer-outcomes Our customers have heard this mantra time and again: “Secure digital transformation requires a true zero trust architecture.” But what exactly does that mean for them on a practical level? Those that have made the decision to adopt zero trust know that it has come a long way. It’s no longer an aspiration based on the concept “never trust, always verify.” Instead, zero trust has evolved into a solid technology framework that enables proactive defense and digital transformation as organizations embrace the cloud and hybrid work models. As the zero trust platform provider of choice for 30% of the Fortune 2000, Zscaler has gained recognition as the leader in zero trust and, by extension, cloud security. Our cloud-native platform stands on four pillars supporting a comprehensive platform that secures, simplifies, and transforms businesses. In my role as Director, Global Customer Advocacy, I am gratified to hear the success stories of Zscaler customers. It makes my day, and I’m happy to report that the positive outcomes keep on coming. Let’s look at these pillars through the eyes of our customers and discover why more than 7,700 organizations rely on Zscaler to strengthen their security posture and accelerate their digital transformation. Pillar 1: Cyberthreat Protection At the core of the first pillar is the assumption that traditional cybersecurity approaches are obsolete in today’s cloud-first world. The attack surface now extends to home offices, cloud applications, and public clouds, and there is an ever-increasing risk of lateral threat movement within highly interconnected hub-and-spoke networks protected by castle-and-moat security models. The Zscaler Zero Trust Exchange provides a holistic approach to securing users, workloads, IoT/OT devices, and B2B partners. Its advanced zero trust architecture minimizes the attack surface by hiding applications behind the Zscaler security cloud. This prevents lateral threat movement with direct-to-application connectivity that keeps entities off the network and stops attacks and breaches via full inline inspection of all traffic, including encrypted traffic, at scale. When I met with John Pratezina, Senior Network Operations Administrator at Commonwealth Superannuation Corporation (CSC)—the organization that provides financial planning services for Australian Government employees and their families—he shared with me that his goal was to replace VPNs and firewalls with zero trust access. As a seasoned technology leader, he recognized that the old network perimeter model doesn’t work in a hybrid world and the traditional VPNs and firewalls were giving users terrible application performance. He and his team decided to adopt a zero trust architecture. They investigated multiple solutions, and ultimately chose the Zscaler Zero Trust Exchange. “Zscaler provided the foundation for a holistic SSE ecosystem that included solutions for users, devices, and workloads,” says Pratezina. The agency first deployed Zscaler Internet Access (ZIA) for fast, direct, and secure connectivity to the internet and SaaS applications, followed by Zscaler Private Access (ZPA), which securely connects users to critical private business applications residing in CSC’s hybrid IT environment. This is enabling Pratezina and his team to tighten security in numerous ways. “We’ve come across malicious websites that our old proxies were not only allowing, but also had not flagged,” remarks Pratezina. “Today, with Zscaler, we’re preventing an average of 7 million policy violations per month, including types our legacy solutions allowed through.” Pillar Two: Data Protection It only takes a few clicks for sensitive data to fall into the wrong hands—that’s why protecting data in the cloud requires a modern approach. Zscaler protects all users and devices wherever they are with fully integrated data protection across all channels, including unsanctioned applications, authorized applications, and devices. With AI-powered discovery and classification, Zscaler continuously scans data in motion and at rest, including data residing in SaaS and private applications. Zscaler also discovers shadow IT and risky, unapproved third-party applications users have connected to, as well as any misconfigurations or compliance violations in sanctioned applications. I had a fascinating conversation with Mike Towers, Chief Digital Trust officer at Takeda, a Tokyo-based pharmaceutical company with more than 60 office and research locations in 110 countries around the world. In an industry built on research, the company—the oldest pharmaceutical company in the world—must protect its proprietary technologies, applications, and intellectual property. After struggling with a lot of “niche point solutions,” Towers turned to the Zero Trust Exchange and its Zscaler Private Access (ZPA) service. The company now leverages the Cloud Access Security Broker (CASB) capabilities to make better security decisions based on data. Towers observes, “Zscaler’s comprehensive and unified approach to protecting data across all channels helps us transform and evolve our data protection program, ensuring sensitive data remains secure from accidental loss or malicious exfiltration." Pillar Three: Zero Trust Connectivity Traditionally, organizations backhauled traffic destined for cloud applications or the internet to on-premises data centers. Today, most have realized that this approach is inefficient and expensive. It results in loss of productivity due to latency and exposes the network, devices, and users to potential risk. Zscaler, on the other hand, provides zero trust connectivity and security that grant users anywhere in the world direct access to applications—and no more backhauling to a distant data center. This provides a seamless, faster, and more secure user experience. When I sat down for an interview with Anthony Kennedy, Global IT Manager, Trade and Investment Queensland—the Australian government’s global business agency—I learned that he and his team had years ago adopted a cloud-first IT strategy. “The fact that Zscaler is cloud based made it particularly attractive for us,” he shares. With staff and equipment spread across multiple countries and locations, the cloud-first strategy and distributed nature of the agency’s operations created security challenges Kennedy and his team were well aware of. They actively sought out a better way to protect the network and core systems. The agency adopted Zscaler to monitor and manage all internet traffic across the organization. “With all incoming and outgoing traffic routed through Zscaler, getting a clear picture of what is going on is much easier, allowing better reporting for senior management as well as real-time notifications of any threats that are detected,” says Kennedy. Pillar Four: Business Analytics With the world’s largest security cloud processing more than 300 billion transactions per day, Zscaler provides unparalleled business analytics. One example of this analytics capability is digital experience monitoring. Fast, secure, reliable internet connectivity is critical for today’s hybrid workforces. Zscaler Digital Experience (ZDX) provides great visibility from endpoint to application, so internet performance issues can be quickly identified and resolved—often before users even notice them—using trillions of telemetry signals. Ciena is a networking systems, services, and software company that delivers best-in-class networking technology through high-touch consultative relationships. The company is a great example of how Zscaler radically changed the user experience for the better. As Craig Williams, CIO at Ciena, tells me, when the pandemic hit, he made it a point to rethink the entire infrastructure, applications, systems, and support models to empower the growing company. The company was transiting from phone meetings to video conferencing and needed to make some adjustments to the existing infrastructure to support that move. Williams and his team landed on a joint solution consisting of Zscaler Zero Trust Exchange and VMware SD-WAN by VeloCloud. Removing MPLS backhauling reduced latency by 20% and dramatically improved the user experience for the company’s remote employees. Issue resolution was also accelerated by deploying the ZDX service. “Zscaler is the starting point for all user performance issues. We can quickly pinpoint the root cause 95% of the time, up from 25% previously,” he explains. “After we implemented Zscaler, we saw 90%+ adoption of collaboration tools and slashed costs and support tickets by over 50%. Plus, our IT leaders now have a foundation that allows them to be continually focused on reinventing the company,” asserts Williams. “Our partnership with Zscaler has allowed us to start living out IT’s vision of being a competitive advantage for the business.” Access more inspiring stories of organizations that have secured, simplified, and transformed their business with Zscaler: See our customer benefits infographic. Fri, 08 Déc 2023 08:33:14 -0800 Josselyn Graham https://www.zscaler.fr/blogs/customer-stories/how-four-pillars-zscaler-lead-successful-customer-outcomes https://www.zscaler.fr/blogs/customer-stories/cebu-pacific-air-secures-hybrid-work-zero-trust At Cebu Pacific Air, we want to make flying accessible for everyone. We fly to more than 60 locations in the Philippines and overseas, and our flexible bookings, low fares, and global best safety practices have made us the leading airline in our country. We want not only to make flying fun and affordable—we also want Cebu Pacific to be a good place to work. Part of that involves creating a positive and seamless digital experience for our staff, with technology that helps them do their jobs better. We have been on a multi-year cloud journey, and as we modernized our applications, we also wanted to provide staff with a better, more secure way to access their SaaS and private business applications. A better employee experience As at many organizations, our staff previously used a traditional VPN when they traveled or worked from home. But relying on VPN became increasingly frustrating for users. Applications were sluggish, and VPN connections often dropped. Complaints to our service desk were mounting. We recognized that VPNs were a legacy technology that not only got in the way of employee satisfaction, but also lacked sufficient security controls as we accelerated our move to the cloud. VPNs are prone to cyberattacks because of the way they expand the attack surface, fail to stop compromise, and enable lateral threat movement. So, we knew it was time to embrace the principle of least-privileged access and the zero trust concept of “never trust, always verify” to ensure that our staff had easy and secure access to the applications they needed to do their jobs. We set out to find a comprehensive and integrated zero trust platform. Strengthening security with zero trust I’ve been leading IT strategy at Cebu Pacific for nearly eight years, and Glenn Amper, our Director of Information Security, has been spearheading cybersecurity for seven years. We share a philosophy of continuous improvement, and we’re always ready to consider new solutions. We both had previous experience with Zscaler. After evaluating other zero trust solutions, our testing proved that the Zscaler Zero Trust Exchange was the most mature platform and the best fit for our organization. Our executive management supported our business case to adopt Zscaler, with a clear recognition that if our IT environment is not secure and data is exposed, we risk damaging the trust we have earned with our customers. Secure, seamless, and reliable access We moved quickly to roll out the Zero Trust Exchange to provide a more effective and secure remote access and internet experience for our 3,900 staff, reducing risk for our business while enhancing productivity. That decision allowed our workforce to easily pivot to remote work during the pandemic and work seamlessly as we fully adopted a hybrid work model. With Zscaler protecting access to our private and SaaS applications, our workforce never has to be concerned about data breaches or fraud. Sophisticated social engineering attempts fail, and the business is fully protected against insider threats. An adaptable security strategy Our zero trust journey began four years ago when we assessed our cybersecurity maturity as part of our cloud transformation initiative. Zscaler allowed us to close the remote access gap and deliver a better user experience at the same time. Since then, Zscaler has become the key pillar of our zero trust strategy. Integration with CrowdStrike endpoint detection and response (EDR) allows us to continuously assess device health to further mitigate risk. We are looking ahead to integrating Zscaler with data loss prevention and identity and access management solutions as we continue our zero trust journey. Support our sustainability responsibilities Achieving net zero greenhouse gas emissions is a big challenge for any airline, but Cebu Pacific has set a target to decarbonize by 2050. We’re powering more flights with sustainable aviation fuel, and the company will completely transition to the more sustainable Airbus neo aircraft by 2028. IT also positively impacts our company’s sustainability goals. Fortunately, Zscaler’s cloud native, multitenant zero trust platform has helped us reduce our data center footprint by eliminating the need for hardware appliances, rack space, cooling systems, and all of the corresponding energy usage. Check out the full case study to learn more about Cebu’s digital transformation with Zscaler. Tue, 05 Déc 2023 14:46:01 -0800 Laureen Cansana https://www.zscaler.fr/blogs/customer-stories/cebu-pacific-air-secures-hybrid-work-zero-trust https://www.zscaler.fr/blogs/customer-stories/business-agility-and-optimization-face-cyber-threats-and-sec-regulations Amid the many challenges of maintaining agile operations—distributed users and workloads, aging legacy security solutions, sophisticated threats, and rising costs and complexity—Sunbelt Rentals leads the way with peerless digital experience and risk management strategies, all built on the steadfast foundation of a zero trust architecture. In my recent conversation with JP Saini, EVP, Chief Digital & Technology Officer at Sunbelt Rentals, we discussed his team's drivers, approach, and the fantastic results of their partnership with Zscaler. Fri, 03 Nov 2023 11:00:31 -0700 Jay Chaudhry https://www.zscaler.fr/blogs/customer-stories/business-agility-and-optimization-face-cyber-threats-and-sec-regulations https://www.zscaler.fr/blogs/customer-stories/zscaler-helps-cenet-transform-online-learning-australia In the digital age, nothing is more crucial than securing the online learning environment for students. CEnet is a not-for-profit organization that provides shared network and internet connectivity services to schools in 17 Catholic dioceses in Australia, which includes providing a safer online environment for 330,000 students, teachers, and staff to use within their education communities. As part of this service, we are experiencing annual internet consumption growth of 20% to 25%. The rapid growth of demand for online resources presented us with a significant challenge. We knew it was time to enhance our security to more effectively manage an increasingly sophisticated and complex cyberthreat landscape. At the same time, we also needed to expand our solution to encompass all connectivity passing through a school network or used in the delivery of education. Zscaler adapts to an evolving infrastructure We were aware that, despite having filtering mechanisms in place, our level of visibility into potential threats was insufficient. We required a dynamic solution that would not only align with our current needs but also evolve with us, expanding and adapting as we grow. It’s really important for us to leverage a solution that meets us where we are—both in terms of our legacy technology and our evolutionary roadmap for the future. We identified the Zscaler Zero Trust Exchange™ as an ideal fit. The cloud-native, multi-tenant architecture of the platform was a perfect match for our needs when we were a new organization. Now that we continue to transform and modernize our infrastructure, this adaptable solution evolves alongside us. Zscaler’s partner ecosystem amplifies student safety As we got comfortable with zero trust, we learned that no single product can accomplish everything you need. A big advantage of working with Zscaler is its extensive partner ecosystem, which helped us build a more streamlined and coordinated system. The successful integration of Zscaler’s solutions with our existing technologies had an immediate and transformative impact on our operations. One of the standout successes was the integration of Zscaler Nanolog Streaming Service (NSS) with student safety and wellbeing solutions like Saasyan. With NSS, we can establish a real-time alert system that effectively monitors student welfare, flags indicators of potential harm, bullying, or inappropriate online activities. This alert system has been a significant step in ensuring the safety and welfare of students in our member dioceses. This works really well for us. Zscaler does its job—proxying traffic and enforcing policy—while products such as Saasyan can provide student safety and well-being insights for school administration. The findings from the wellbeing solution feed right back into Zscaler, enabling us to determine policy. Harnessing Zscaler’s multi-tenant advantage for shared services The shared services we provide to our members operate in a partnership-based environment. In our setup, we don’t just keep an eye on membership levels; we actively focus on delivering quality services. The cornerstone of this approach is multi-tenancy. Multi-tenant solutions allow role-based access control and administration delegation to various levels of the organization. This is critical for us- as it offers flexibility, enhances security, and aligns with our policy controls. We can’t have excessive permission levels or controls that are misaligned with access levels. Multi-tenancy is key for an organization like ours with a partnership and shared accountability model. Zscaler’s multi-tenant advantage parallels our approach. Zscaler built its secure access service edge (SASE) solution from the ground up to be multi-tenant. Its multi-tenant architecture offers a balance of shared resources and private access and ensures smooth operation, updated security, and seamless communication between various security controls. Building trust and value through collaboration Selecting the right technology solution is one part of the puzzle, but working collaboratively with a vendor based on mutual trust is an entirely different challenge. In Zscaler, we found a partner committed to understanding our mission and working alongside us to achieve our goals. Zscaler’s dedication and expertise were evident throughout the integration process. The Zscaler team worked tirelessly to identify the best architecture for our specific needs and was instrumental in managing our service edge. The technical team definitely nails the details, but the fact that you can trust and rely on them is even more important. This collaborative approach allowed us to maximize our network and deliver outstanding value to our members. Zscaler’s flexible service model has also presented significant economic advantages. It enables us to leverage economies of scale, conserve funds, and redirect our savings back into service delivery—a critical aspect of our not-for-profit operation. Looking forward: The future for CEnet and Zscaler Our journey is far from over. CEnet is already eyeing ways to further harness Zscaler’s capabilities. With an increasing number of users working and learning remotely, we’re considering expanding our use of Zscaler to support our bring-your-own-device (BYOD) implementation. We’re looking to Zscaler Private Access™ (ZPA™) to maintain our security standards and bridge the gap between visibility and security. Where installing software on a personal device may not be feasible, ZPA Browser Access provides agentless zero trust access to private applications based on authentication and authorization. We also plan to utilize Zscaler Digital Experience™ (ZDX™) to gain insights into our service performance and the user experience. We believe this will enable us to further optimize our services, ensuring we continue providing the best possible support for our members. Partnering for progress Zscaler has a knack for meeting customers at their current point of technology maturity and then evolving alongside them—something that’s been instrumental for us. One of its strengths lies in seamless integration, effectively weaving its products into our existing systems. And for us at CEnet, where a multi-tenant environment is the norm, Zscaler’s architecture and capabilities have proven to be an ideal fit. Our partnership with Zscaler has shown us what collaboration can truly accomplish. This isn’t just about fusing technologies or implementing consistent security protocols—it’s about working hand in hand to shape a more secure, digitally integrated future for Australian education. You can read the full case study here to learn more about our deployment. Thu, 31 Août 2023 08:00:02 -0700 David Jenkins https://www.zscaler.fr/blogs/customer-stories/zscaler-helps-cenet-transform-online-learning-australia https://www.zscaler.fr/blogs/customer-stories/exceptional-customer-experiences-begin-home Par Ash Surti, Vice-président exécutif, Technologie et Sécurité, Colt Technology Services En 1992, une nouvelle société de télécommunications londonienne servait fièrement son premier client. Trente ans plus tard, Colt Technology Services s’est engagé sur la voie d’une modernisation continue, en ayant toujours à l’esprit l’expérience client. Aujourd’hui, en tant que leader du secteur de l’infrastructure numérique, avec des bureaux dans le monde entier, notre objectif n’a pas changé, même si l’environnement est devenu plus complexe.  Pour concrétiser notre vision d’entreprise d’infrastructure numérique avec laquelle les plus grandes entreprises du monde choisissent de se connecter, nous devions libérer du temps pour que nos collaborateurs puissent offrir l’excellente expérience client qui a fait notre réputation et se concentrer sur des projets marquants. Or, sur le plan technologique, nous n’étions pas au point. Pour améliorer notre technologie et notre connectivité, notre équipe a entrepris de simplifier et d’automatiser l’accès et d’améliorer l’expérience sans compromettre la sécurité. Nous avons pu mener à bien notre mission, grâce à la plateforme Zscaler Zero Trust Exchange. Évoluer pour répondre aux attentes des employés Les contraintes imposées aux entreprises par la pandémie ont modifié la réalité du travail de chacun et, pour nous, les effets les plus durables sont le travail hybride et une plus grande importance accordée à l’attraction et à la fidélisation des plus grands talents. Il est essentiel pour notre entreprise d’offrir à nos collaborateurs une expérience exceptionnelle, c’est pourquoi tout ce que nous pouvons entreprendre pour atteindre cet objectif figure en tête de notre liste de priorités. La pandémie a également modifié les attentes des collaborateurs. La flexibilité du travail implique que les bureaux sont plus fréquentés les mardis et jeudis et que le télétravail est plus important les lundis et vendredis. Même si certains de nos collaborateurs doivent toujours être sur place, nous avons donné la priorité à la facilité d’accès à tout ce dont nos employés ont besoin, en toute sécurité et rendre l’expérience fluide depuis n’importe où.  Nos deux principales priorités sont, d’une part, de faire en sorte qu’assister à une réunion et accéder à des informations soit aussi fluide à domicile ou à partir d’un site distant qu’au bureau et, d’autre part, de simplifier l’accès de nos collaborateurs aux applications dont ils ont besoin pour travailler. Un exemple récent : nous avons commencé à déplacer l’intranet de notre entreprise d’une plateforme qui n’était disponible qu’au bureau ou via un VPN vers une plateforme basée sur Microsoft SharePoint, à laquelle nos collaborateurs peuvent facilement accéder à distance et qui offre une bien meilleure expérience utilisateur. Même si nous avons pleinement adopté un modèle de travail hybride, nous sommes bien conscients que le télétravail élargit la surface d’attaque, présentant des risques et une complexité pour les équipes informatiques chargées d’offrir une expérience homogène et cohérente à travers leur infrastructure numérique tout en conservant une politique de sécurité solide et cohérente. Offrir une expérience utilisateur exceptionnelle Alors, comment offrir une expérience numérique solide tout en assurant aux clients la même sécurité qu’au bureau ? Pour nous, une stratégie basée sur Zero Trust Exchange résidant dans le cloud permet de trouver le bon équilibre entre sécurité et expérience. C’est là que notre partenariat avec Zscaler s’est avéré particulièrement avantageux.  Travailler avec un leader du marché comme Zscaler nous a permis d’avancer rapidement et d’être plus agile. Lorsque nous avons entamé notre parcours avec Zero Trust Exchange, l’équipe de Zscaler nous a aidés à identifier un ensemble d’objectifs : renforcer la sécurité, améliorer la gouvernance, offrir une meilleure expérience utilisateur et réduire les coûts opérationnels. Chacun de ces objectifs nous aidera à concrétiser notre vision. Le déploiement de Zscaler Internet Access (ZIA) a été une grande victoire pour nous. Désormais, quel que soit le lieu où travaillent nos collaborateurs, l’appareil ou l’application qu’ils utilisent, leur expérience n’est pas interrompue, de sorte qu’ils restent productifs. Notre équipe de sécurité a l’esprit tranquille, car ZIA commence par vérifier l’identité, la posture du dispositif et le contexte. Nos collaborateurs peuvent ensuite se connecter directement à Internet pour effectuer leurs tâches en toute sécurité.  En ce qui concerne l’avenir, nous nous concentrons sur l’amélioration de l’expérience utilisateur, en particulier pour les employés qui travaillent en dehors du bureau. Avec Zscaler Private Access (ZPA), nous pouvons nous affranchir des risques liés aux VPN tout en améliorant notre posture de sécurité. Nous avons des besoins d’accès différents selon les fonctions de l’entreprise, et nous sommes ravis de pouvoir gérer l’accès granulaire aux applications et aux données de manière dynamique, avec des profils qui tiennent compte à la fois du rôle de l’utilisateur et du risque lié à l’appareil. De bonnes pratiques pour un déploiement réussi Avec la réussite du déploiement de ZIA, nous avons fait un grand pas sur la voie de la simplification et de l’automatisation. Désormais, lorsque nous discutons avec nos clients de leur transformation numérique, nous leur proposons des bonnes pratiques basées sur notre expérience pour les guider dans leur démarche. Concevez avec soin : de nombreux défis se présenteront tout au long du processus (règles de conformité, facteurs de coût et expérience utilisateur), veillez donc à concevoir en gardant l’ensemble du processus à l’esprit. Investissez dans la validation du concept : consacrez du temps pour d’abord aplanir les difficultés au cours de la phase pilote, afin de pouvoir être sûr de la configuration.  Effectuez des études minutieuses : la transformation numérique est une transition importante dans un environnement complexe. Assurez-vous de considérer tous les cas d’utilisation possibles au moment d’élaborer votre stratégie.  Une solution Secure Access Service Edge de classe mondiale Nous sommes fiers de nous associer à Zscaler pour continuer à fournir le plus haut niveau de service de transformation numérique à nos clients communs. Les services Zscaler seuls constituent un immense avantage pour toute entreprise actuelle, mais cet avantage est multiplié lorsqu’ils sont intégrés au SD WAN de Colt pour une solution Secure Access Service Edge (SASE) de classe mondiale.  Le SD WAN de Colt est à la pointe de l’innovation sur le marché, reconnu comme Strong Performer par le rapport Forrester Wave. Les avantages de la flexibilité en matière de configuration et d’évolutivité, les portails clients permettant de gérer le service en temps réel et les connexions sécurisées de bout en bout, constituent une façon plus intelligente de construire un réseau étendu (WAN). Zscaler fournit le service de sécurité du cloud le plus fiable, le plus efficace et le mieux noté depuis plus de dix ans. Il s’agit donc de la meilleure option du marché en matière de services de sécurité dans le cadre du modèle SASE. Ensemble, Colt et Zscaler permettent à nos clients de transformer leur entreprise en fournissant des services réseau stables et performants étroitement intégrés à une sécurité Zero Trust complète et intégrée. Pour en savoir plus sur le partenariat entre Zscaler et Colt, consultez le communiqué de presse commun.  Fri, 14 Juil 2023 02:00:01 -0700 Ash Surti https://www.zscaler.fr/blogs/customer-stories/exceptional-customer-experiences-begin-home https://www.zscaler.fr/blogs/customer-stories/how-prepare-successful-zscaler-deployment By David Petroski, Senior Infrastructure Architect, Southwest Gas and Larry Rosenbusch, Network Services Manager, Southwest Gas With pipelines delivering natural gas to over two million customers across Arizona, Nevada, and California, maintaining a safe and secure system is paramount for Southwest Gas Corporation (“Southwest Gas” or “Company”). With the COVID-19 pandemic, the Company supported employees’ desire to work remotely, and quickly took the initiative to optimize security to support a hybrid workplace. A coordinated and integrated approach to security was necessary to support and secure this transitional dynamic, while ensuring ease of management across such a wide service area of remote users. To reduce the technology footprint in the Company data center, a zero trust architecture cloud strategy was adopted, and it continues to play a key role in achieving measures from both a compliance and security perspective. For those leading digital transformation initiatives in their organizations and seeking a smooth transition, we share the following strategies and tips. Communicate the vision to gain user acceptance One of the opportunities we identified was clearly communicating to our users how the transition process to zero trust would result in a new way of accessing cloud resources and administering security. We were provided an account executive at Zscaler who clearly articulated the benefits of transitioning our legacy infrastructure to zero trust. This helped us to address stakeholder questions and elaborate on how the new system would provide a more enhanced and secure user experience. We communicated with stakeholders how Zscaler would replace the client VPN and our security stack to the cloud, minimizing network issues. This garnered support for the project from stakeholders from a productivity standpoint. Document security controls ahead of time To assist in a smooth transition, we documented our security controls in advance—and would recommend this measure to others. For example, by documenting data loss prevention (DLP) policies in advance, during deployment you can expeditiously migrate them to your zero trust architecture. The same methodology would apply to a cloud access security broker (CASB) and application segmentation security controls. Understand your use cases Prior to deployment, we suggest you garner a thorough understanding of all use cases. As our company transitioned to remote work during the pandemic, several “nice-to-have” processes were permuted to required business practice. We recommend performing due diligence for all potential use cases and discerning how many of them your zero trust platform will accommodate. For our project, Zscaler accommodated the majority of our use cases. Take a phased approach to deployment Delineating the steps you’ll take in your deployment process should occur up front, during the “preparation phase” of the deployment. What follows is the “replacement phase,” as processes mirror a one-for-one replacement: setting up DLP rules, firewall, SSL decrypt, and items of similar nature. Our team chose to utilize Zscaler as a client access tool, and, only recently, has started migrating workloads to the cloud. The third phase is the “integration phase” with other applications. We elected to integrate Zscaler with Duo for multi-factor authentication, with Splunk for analytics, and Microsoft Azure AD for identify protection and management. With our integrations set up, we’re in the final “tuning phase” and anticipate deploying some of the additional technologies and features that Zscaler offers including segmentation within our servers, applications, and network layers, as well as deploy a role-based access enabling regulated access to applications and data paths by department. Call on the professional services team when you need extra help During the initial phases of our deployment, we met daily with our professional services team which contributed to a successful implementation. Given our project's expedited time frame of two months, we were pleased with the results achieved utilizing Zscaler and the knowledge base their team provided throughout implementation. To learn more, read the case study. Tue, 13 Juin 2023 14:51:40 -0700 David Petroski https://www.zscaler.fr/blogs/customer-stories/how-prepare-successful-zscaler-deployment https://www.zscaler.fr/blogs/customer-stories/their-own-words-customers-spotlight-zenith-live-23 One of my favorite aspects of Zenith Live, Zscaler’s flagship conference, is customer keynotes. Without fail, they are surprising, illuminating, and frequently humorous. They’re often delivered by executives I’ve previously worked with on IT and security challenges. They always articulate the realities and benefits of zero trust architecture to address daily pain points. Given my position as EVP, Customer Experience and Transformation at Zscaler, I have a deep understanding of how customers make decisions, their concerns, and what drives them to succeed. My job requires –or rather, presents the opportunity for – laser-focus on the barriers between enterprise organizations and their secure digital transformation. Companies are pursuing digital transformation en masse today because massive technological upheavals – from on-prem to cloud mass migrations to the rise of ransomware – have redefined how we work over a relatively short period. Centralized data centers are no longer the beating heart of business IT, and unethical hacking has reached unprecedented proportions. Therefore, enabling digital transformation is itself a form of customer obsession. It is, in essence, enabling customers to respond to shifting IT and security pain points. Zscaler helps accomplish this by facilitating the successful transformation of applications, connectivity, and security through zero trust network architecture. Among solutions providers who have adopted the customer-centric worldview, turning customers into advocates is the holy grail. But more than just saying nice things about our organization, their decision to speak to their esteemed peers about their experiences with our technology is a humbling and vital gesture I do not take for granted. That’s why I am incredibly excited to hear from so many customers at Zenith Live ‘23, including those joining us for the following keynotes. Securing the digital future with Hyatt Hotels I will take the stage with Hyatt Hotels SVP & CISO Benjamin Vaughn to discuss how this family of brands – 1,150 hotels served by 130,000 employees spanning 70 countries across six continents – transformed into a cloud-first organization. Benjamin will cover how Hyatt makes use of security functions like SSL inspection and data loss prevention (DLP) to protect the organization, as well as share his philosophy on topics including cyber insurance, ensuring data security compliance at a global organization, and the hotel chain’s efforts to build a more representative cybersecurity department. A tale of two transformations with Liberty Mutual and S&P Global Liberty Mutual VP & Sr. Director of Technology Digital Workforce Enablement Gary Sherman will be joined by colleague James Colson, BCISO, of global cybersecurity. Together they will speak alongside S&P Global’s EVP & Global CISO Swamy Kocherlakota and Global Head of Networking, Engineering, and Operations Guruprasad Ramamoorthy. These experts will compare and contrast the transformation journeys of their two companies, emphasizing shared learnings and noting obstacles unique to each of their businesses’ circumstances. Our panel will cover highlights and offer advice on the bumps in the road that can accompany any digital transformation. Building better business outcomes, one step at a time, with CarMax Whether you’re kicking off your journey or expanding the benefits you reap from zero trust architecture, this keynote will cover the journey to zero trust maturity at every step. CarMax EVP, Chief Information & Technology Officer Shamim Mohammad will be on stage sharing lessons learned along his company’s journey with Zscaler. Shamim will focus on the importance of not biting off more than you can chew, so you can seize their advice for modularizing the transformation journey where completing each step is a success in its own right. Zenith Live is all about the customer The customer journeys I’ve highlighted above represent a small fraction of the total customer participation we’ve prioritized for Zenith Live ‘23. We will also be pleased to hear from representatives of Aflac, Takeda, Sunbelt Rentals, NOV, Fannie Mae, Charles Schwab, NetJets, and more. Our core focus for the event is gathering users to hear their stories, learn from their experiences, and share our roadmap with them – which should, first and foremost, be a response to their feedback. Customer or not yet a customer, I hope you will register to join us in Las Vegas (12th-15th). Tue, 06 Juin 2023 11:18:42 -0700 Kavitha Mariappan https://www.zscaler.fr/blogs/customer-stories/their-own-words-customers-spotlight-zenith-live-23 https://www.zscaler.fr/blogs/customer-stories/time-saving-tips-and-how-not-frustrate-users-when-deploying-zero-trust As a former site reliability engineer, it’s really important to me to provide a great user experience when deploying new technology. In my opinion, you have only one shot to get it right with a user, and, if you blow it, that will reflect poorly on technical teams when leadership asks them how they like the new changes. That’s not a good look for those of us who manage change, and, honestly, it’s something that can be avoided if done properly. I’d like to share some insights I’ve gleaned during our deployment of Zscaler at Cox Automotive. Realize that zero trust is not turnkey The first thing to realize is that getting to zero trust is a journey—it’s not a turnkey solution. You need to have all the right pieces in place before you start. Think about it as a sequence of operations. You want to have the right building blocks in place. First off, an identity management platform such as Azure ID or Okta is a must. A device management platform such as Microsoft Intune or Apple Jamf is also required. Once you have these building blocks, you can embark on your zero trust journey. I recommend starting small to get your feet wet. Begin with multiple pilots of each technology before you dive into a full-scale deployment. Once you have enough users on your zero trust platform, then you can start getting the security operations center (SOC) team involved. They will start to see how they can start triaging and looking at events that can be operationalized within cybersecurity. Get the events flowing into a security information and event management (SIEM) tool and have the security incident response team do some testing in a sandbox environment. At Cox Automotive, we are deploying in phases. We plan to get a Zscaler Internet Access™ (ZIA™) client installed on everyone’s machines and then move on to a VPN migration project to deploy Zscaler Private Access™ (ZPA™). From there, once the agents are installed on everyone’s devices, it will be easy to integrate other Zscaler capabilities into our architecture. It will be just a matter of flipping the “on” switch. Prioritize communication The last thing you want is to start breaking things or giving users a poor experience. Make sure you continuously monitor to verify that the technology is working optimally. Survey users to ensure the right settings are turned on for everyone. It’s also important to communicate why you’re doing what you’re doing with all the new solutions and integrations. Develop communication plans and roadshows to introduce the technology to users, and explain the value they’ll get. We say to our users: “You’ll get improved connectivity and stability with your connection, plus greater security.” Keep in mind the end goal, which, here at Cox Automotive, is to reach a point where we can say that any user is allowed to connect to our network and we don’t have to worry about what’s on their device or who they are. We’ll figure out what they need based on identity. Create profiles to save yourself time Our organization is actively involved in mergers and acquisitions (M&As), and, as a result, we have many different types of users. Going into an M&A, a lot of upfront discovery and conversations need to happen before we can deploy successfully to new users. When starting a new deployment, it’s important to really know your team members. Analyze their profiles. Figure out what they’re accessing, and narrow down their access to only what is required. Otherwise, you’ll be over-provisioning blanket access and creating a lot of work that will have to be cleaned up later on—not to mention unnecessarily expanding the potential attack surface. For example, we’ve created a special profile for mobile hotspot users. It’s important to ensure you’re deploying a tunnel profile for them to avoid problems. If you have developers, create separate secure sockets layer (SSL) inspection policies for them, because SSL inspection is not for everyone. Come up with a corporate standard that all developers and users have to adhere to around SSL certificates. This will save a lot of time. Document issues and empower people to help themselves Another big time saver is creating an internal wiki to document issues that arise during the rollout. This will cut down on repeated service tickets, because often a user can read the wiki and solve the problem on their own. Along these same lines, I recommend creating a chat channel in Microsoft Teams or Slack where team members can quickly find support from each other if they get stuck. For our development teams, we created a package of do-it-yourself instructions and let them deploy the technology themselves. We also created processes in ServiceNow where users can request applications. Fine-tuning multiple technology integrations is always a work in progress. But, with the right processes in place, it can go a lot smoother. You want to put Zscaler first on the integration timeline because that opens the doors for a lot of access that can move things a lot quicker. Our goal for this year is to get ZIA out to 30,000 US employees. With that many people to onboard, the total number of hours saved by having great documentation and user profiles, two-way communication will be truly significant. I hope these processes help you too! Fri, 14 Avr 2023 11:49:08 -0700 Jon Mahes https://www.zscaler.fr/blogs/customer-stories/time-saving-tips-and-how-not-frustrate-users-when-deploying-zero-trust https://www.zscaler.fr/blogs/customer-stories/6-lessons-learned-businesses-looking-modernize-security-and-business Our business has come a long way since its humble beginnings in a tent and bingo hall in 1985. Today, Cache Creek Casino Resort is a premier Northern California casino-resort destination with world-class gaming, a highly rated hotel, nine restaurants, a 700-seat entertainment venue, and championship golf course. But to stay in business and thrive, we still need to keep improving and modernizing our business processes and customer offerings. Modernizing cybersecurity and business go hand in hand. For us, the COVID-19 pandemic and a cyberattack that shut down operations catapulted security to the top of our modernization priority list. Overhauling remote access became especially critical as employees working off-site had to use extremely cumbersome, hardened laptops that crippled productivity. To transform secure remote access, we wanted to leapfrog VPN technology, which opens the whole network to employees and has its own useability and administrative challenges. So, we turned instead to the Zscaler Zero Trust Exchange platform, including Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA). By implementing the Zero Trust Exchange, we modernized key aspects of security and fast-tracked business modernization. Below are a few lessons we learned along the way as we went from searching for a better remote access solution to embarking on a zero trust transformation. 1. Large enterprises and security teams aren’t the only ones who benefit from zero trust Cache Creek Casino Resort has less than 800 employees, but the move toward a zero trust approach made sense even for a company of our size. The cloud and work-from-anywhere mobility have become requisites we need to embrace; the traditional security model is simply no longer adequate. As at larger companies, protecting our organization from breaches and malicious cyberattacks is at the core of everything my group does. Taking a zero trust approach improves our ability to protect our data, applications, and employees. With ZPA, for instance, our users now connect directly to applications—versus the network—shrinking our attack surface exponentially and preventing lateral movement. With the Zero Trust Exchange, we bolstered our security posture significantly, (see our case study), while reducing infrastructure costs and simplifying operations. But security isn’t the only area in which we’ve benefited. Other positive business and workplace outcomes include: Improved productivity. With a far superior user experience, our employees and contractors save a lot of time and hassle and can collaborate much more easily. They also have consistent, easy access to the applications and resources they need, no matter where they are or whether they use their laptop, tablet, or phone. Peace of mind. With least-privileged access and the added threat protection of the Zscaler Zero Trust Exchange, our business and IT leaders, cybersecurity teams, and end users sleep easier. Accelerated digital transformation. With renewed confidence in our security, we can speed up our business’ digital transformation and be more agile, efficient, and resilient. Better work-life balance. Located on the Yocha Dehe Wintun Nation tribal lands, the resort is 30 minutes from the nearest population center. For the many employees who travel more than an hour each way, working with ease from home frees up more than two hours each day. 2. Zero trust access helps you hire the right talent To keep improving our business, we need to hire the right people. Since the resort is off the beaten track, employees have traditionally hailed from a 60-mile radius, much of which is unpopulated. These are terrific, loyal people whose tenure at the company averages 15 years, but we knew we could use an infusion of new and different ideas. We also needed to build out previously understaffed groups, such as IT and marketing. With the Zero Trust Exchange, we now have the confidence that we can provide a secure on-prem experience to employees no matter where they are located. This capability has empowered us to offer hybrid and work-from-anywhere (WFA) positions, and, as a result, we have dramatically expanded our talent pool. Consequently, IT and marketing are now on their way to growing 60%. Recently, we hired a critical IT position that will be based in another state. We simply couldn’t have done that before. The ability to work with modern technologies such as the Zscaler platform also helps attract a higher caliber of IT and cybersecurity candidates. 3. As with any technology, ease of deployment and integrations matter We’ve got a small IT-cybersecurity team, so efficiency is especially critical for us, but every security team can benefit from doing more with less. The more we can consolidate and simplify our overall architecture, the better. That means looking for solutions that play nice with existing tools, don’t require a lot of customization, are easy to deploy and use, and make it easy to add functionality later. When evaluating zero trust solutions, take the time to understand exactly what’s involved to integrate with your existing tools, such as multi-factor authentication and IdP. One reason we went with the Zscaler Zero Trust Exchange is because the platform includes pre-built integrations with a wide range of our tools, including our MFA, single sign-on, and CrowdStrike. With any other product, we would have to do a lot more work, up front as well as in the future. With the runner-up vendor, for instance, a ton of customization would have been required out of the gate. Besides the additional hassle and expense, we were concerned that any new future product releases would require customized updates that would force us to delay upgrades or concede features or functionality. Ease of deployment also led us to the Zero Trust Exchange. In one day, we rolled out both Zscaler Private Access for ZTNA and Zscaler Internet Access as a secure Internet onramp for our users. We continue to tweak access policy, since finding the right balance between leniency and restriction takes time, but deployment of the common agent for both solutions was fast and straightforward. 4. Establish a zero trust foundation that lets you grow easily at your pace You’re not going to modernize security or complete a digital transformation overnight. If you’re at all like us, you can’t just move off-prem cold turkey. You need to start with a few specific use cases and add others gradually. So, it makes sense to go with a vendor that has a holistic approach to zero trust, one that makes it easier to add functionality when you are ready. As we move more of our on-prem services to the cloud and use more SaaS apps, our next addition to the Zero Trust Exchange will most likely be its CASB solution. When ready, we can enhance our security service edge (SSE) functionality by expanding the Zero Trust Exchange platform. The Zcaler platform lets us maintain a consistent security posture across both on-prem and cloud and expand our cloud security at a speed that makes sense for us. 5. Assess the vendor’s level of engagement Zero trust is a completely different security paradigm, so it’s important to select a vendor that can help your organization make the transition smoothly. You want a partner that will be there for you when needed and help you strategize and plan your security roadmap. Look for a vendor that treats you like a Fortune 500 company regardless of the size of your organization. From day one, the Zscaler team was far more engaged than the other companies we talked to, and they continued to stay highly invested in us throughout the sales and POV process and beyond. The whole deployment process was seamless, including the transition from the sales team to the implementation team, and we’ve been extremely pleased with the support we’ve received since then. 6. Modernizing security helps modernize and grow business In a few short months, we were able to securely modernize key aspects of our security infrastructure as well as kick-start our workplace modernization, transforming daily the way we work. Since implementing the Zscaler Zero Trust Exchange, we are more productive, efficient, and secure than we have ever been. We’ve also begun hiring hybrid and full-time remote workers, something that’s not common in our industry. Furthermore, a more robust security posture and a trusted, extensible cloud security platform give us more confidence to push forward with our business modernization goals, such as offering our customers more digital services—like mobile check-in and food and beverage ordering—and expanding our use of the cloud and SaaS applications to further enhance productivity and efficiency. Years ago, we gladly left behind the bingo hall and tent as we envisioned a bigger, better future. Now we’ve begun the journey to leave behind our traditional security architecture in favor of a better, more secure one based on zero trust. To learn more, I encourage you to read the accompanying case study about how our zero trust journey and partnership with Zscaler is helping us fast-track modernization for both security and our business. Fri, 01 Juil 2022 08:00:01 -0700 Stephen Bailey https://www.zscaler.fr/blogs/customer-stories/6-lessons-learned-businesses-looking-modernize-security-and-business