Securing application access for employees and contractors with a great user experience for seamless work from anywhere
In business since 1905, Hydro is one of the world’s largest renewable energy and aluminum companies. Hydro is headquartered in Oslo, Norway, and has 140 locations in 40 countries. The company is committed to a sustainable future and encompasses multiple market segments.
Meet sustainability and profitability goals with a cloud-first IT strategy while reducing risk and improving user experience
Enhances performance and reliability of SaaS apps
Reduces risk by shrinking the attack surface
Provides an improved user experience and fixes issues faster
Extends firewall protection to remote users
Reduces costs and management complexity with a single-vendor approach
Supports sustainability and profitability goals
With Zscaler Private Access, users no longer needed to connect to the network in order to use our private applications. Now, as we continue to evolve our modern workplace, we are moving toward retiring VPN.
In Our Modern Workplace, Security and Sustainability Go Hand in HandLire le blog
Planning for recovery in the wake of ransomware losses
Uniting security and sustainability in a modern workplaceLire le blog
Rethinking security after a devastating ransomware attackLire l’article de presse
Established over a century ago, Hydro has diversified and evolved its business over the years.
As one of the largest producers of hydropower in Norway, Hydro provides its customers with innovative and sustainable energy solutions. The organization is also involved with nearly every aspect of the aluminum value chain—from mining to providing automobile parts and energy-efficient building solutions for architects.
In keeping with its commitment to environmental, social, and governance (ESG) principles, Hydro is focused on reducing emissions in its operations while driving profitability. This effort extends to its IT infrastructure and security strategy.
To increase business agility and strengthen security, Hydro recently launched an initiative to modernize the workplace. The organization is on an accelerated track to roll out its “Journey to the Cloud” program. The goal is to reduce Hydro’s IT CO₂ footprint by using more efficient cloud services and eliminating traditional on-premises data centers and their energy-intensive hardware across the enterprise side of the business. To boost profitability, Hydro’s IT strategy is focused on cost avoidance: strengthening its security so that incidents and their associated costs are minimized.
“The cloud and zero trust are essential for helping us realize our goals of sustainability and profitability. Gradually, we’ve been expanding our Zscaler Zero Trust Exchange portfolio, setting our sights on becoming a 100% cloud company,” said Armin Auth, Head of Enterprise Architecture at Hydro.
Hydro’s first step toward building its Zero Trust Exchange platform began nearly a decade ago. The IT team pursued its cloud-first strategy by adopting Microsoft 365 and other SaaS applications. However, they quickly realized that Hydro’s low-bandwidth MPLS network couldn’t handle the surge of data traffic going to the cloud—latency issues impacted performance, reliability, and user productivity. Even before considering security, the team was first looking into better and more direct internet access to Microsoft 365, and that’s when Zscaler Internet Access came into the picture.
“Not only does Zscaler Internet Access optimize connectivity, it secures access for our SaaS applications, helps us reduce backhauling and the associated costs, and provides a much better user experience. I think we made the right decision because all the competing vendors we originally evaluated have disappeared, while Zscaler withstood the test of time and came out as an enduring leader,” said Daniel Remarc Bognar, Head of Network Architecture at Hydro.
As a result of a significant ransomware attack that locked down thousands of PCs and servers in a single day with encryption malware, Hydro was compelled to further restructure its network security and build out its zero trust architecture. The IT and security teams immediately shut everything down and then began a recovery process, which involved re-imaging nearly 10,000 infected systems. Executives also decided not to pay the ransom and be open and transparent about the incident and recovery plans.
The organization wanted to avoid going through an incident like that again, so it launched a four-year cyber resiliency program driven by the C-suite. As a first step, Hydro expanded its Zero Trust Exchange footprint by deploying Zscaler Private Access to quickly enable thousands of VPN users to securely access internal applications while reducing latency and improving performance.
“With Zscaler Private Access, users no longer need to connect to the network to use our private applications. Now, as we continue to evolve our modern workplace, we are moving toward retiring VPN. We’ve seen that VPN is not only cumbersome, it is a big security risk, as it often serves as the key that opens the door to cyberthreats,” said Armin Auth. “Zscaler Private Access plays a major role in reducing the attack surface by directly connecting users to corporate applications. It also limits lateral movement by monitoring workflows across cloud deployments.”
Remarc Bognar views the Zero Trust Exchange as a safety net because it makes applications, users, and the internal network invisible to malicious actors. “Attackers tend to lose interest because it’s just too much work for them to go further. They typically prefer easier targets,” he said.
With the gradual expansion of Hydro’s cloud deployment, Armin Auth and Remarc Bognar needed a way to gain visibility into cloud traffic, monitor and measure the user experience, and find and fix issues quickly. Zscaler Digital Experience met those requirements. It provides quantifiable metrics that enable the team to evaluate the effectiveness of Hydro’s cyber resiliency program.
“Once you adopt zero trust, you are fundamentally changing the concept of the network. Our legacy monitoring capabilities were designed only for MPLS connectivity, so our administrators needed a way to monitor our cloud deployment. Zscaler Digital Experience was a key addition to our Zero Trust Exchange platform. This cloud native tool provides us with performance metrics for our private and SaaS applications for every single user and helps us troubleshoot issues that our users may be experiencing. Now, we can get to the bottom of incidents and resolve them much faster,” said Armin Auth.
A few, well-chosen security tools that complement each other, like the Zero Trust Exchange portfolio, provide a more coherent approach to layered security than best-of-breeds.
Zscaler Cloud Firewall is another recent extension by Hydro to their implementation of the Zero Trust Exchange to secure and standardize firewall management for the enterprise IT estate. Cloud Firewall replaces legacy on-premises firewall appliances, which are not designed to secure remote workers. Cloud Firewall extends firewall protection to remote users, making it easy to see into internet traffic and apply consistent policies in real time.
Hydro has also added Posture Control by Zscaler to its zero trust architecture, which is currently under implementation. The cloud native application protection platform (CNAPP) surfaces vulnerabilities and application security risks in the multi-cloud environment, including Microsoft Azure, Hydro’s current cloud platform.
“When you get to the point where you’ve migrated nearly everything to the cloud, you need a way to see where your security is lacking, and then address those issues. We have arrived at that level now that our cloud footprint has grown significantly. Posture Control will provide us with full coverage across multiple cloud services and will help us identify, prioritize, and remediate security blind spots, such as misconfigurations, unpatched vulnerabilities in containers and virtual machines (VMs), and excessive entitlements and permissions,” said Armin Auth.
Hydro is closely tracking the progress of its cyber resiliency program both through internal efforts and by engaging large consultancies to ensure the organization is prioritizing the right activities. Zscaler has been instrumental in helping the team achieve some major milestones to accelerate security maturity.
Hydro is realizing the full potential of Zscaler Private Access beyond simply replacing VPN. ZPA Private Service Edge is an essential part of Hydro’s modern workplace initiative, as it functions as a single-tenant broker that resides either onsite or at other locations, such as cloud services. With ZPA Private Service Edge, users enjoy the same experience whether they’re working at the office or remotely. This aligns with Gartner’s concept of universal zero trust network access (ZTNA), which provides secure access to applications, data, and services with defined access control policies.
“Zscaler has already proven its value in so many ways. Thanks to Zscaler, we can now provide a seamless and more secure user experience. We have less administrative overhead because management is simplified with the single-pane-of-glass dashboard, which would not be possible with traditional technology,” said Remarc Bognar. “We’re also discovering new use cases to support our dynamic hybrid environment. Once the cyber resiliency program ends in 2024, we look forward to using Zscaler to further fine-tune our security operations and continue our ongoing risk mitigation efforts.
The cloud and zero trust are essential for helping us realize our goals of sustainability and profitability.
Zscaler has become an important strategic partner for Hydro and is a focal point for the organization’s vendor consolidation effort. In the past, Remarc Bognar points out, Hydro used a best-of-breed approach, acquiring point products to address specific security needs, but that had its drawbacks.
“That approach was costly and resulted in a disparate collection of unintegrated products, which complicated management. By consolidating, we can reduce complexity and simplify management. A few, well-chosen security tools that complement each other, like the Zero Trust Exchange portfolio, provide a more coherent approach to layered security than best-of-breeds. Plus, Zscaler’s single-pane-of-glass management dashboard makes our teams more efficient and helps reduce operational costs,” said Remarc Bognar.
He points out that, as Hydro’s security maturity grows and new initiatives are launched, consolidating via the Zero Trust Exchange will help the organization do more with less, helping it meet its profitability goals. Zscaler not only lowers the total cost of ownership, but also reduces resource and maintenance spend. Plus, stronger security will reduce the number and severity of incidents and associated financial impacts.
Zscaler is completely in step with Hydro’s sustainability aspirations. Zscaler uses 100% renewable energy across all its global offices and the 150 distributed data centers that operate the Zscaler security cloud. In 2022, Zscaler achieved carbon-neutral status and has set its sights on reaching zero emissions by 2025. With Zscaler, Hydro is making progress to reduce its IT footprint while building a more agile people-centric business.
“My vision is to have the enterprise environment fully operational in the cloud. Going forward, any new office locations will need only an internet line, some wireless access points, and a few printers, but nothing that requires an on-premises security infrastructure. We are on a positive track toward achieving that goal, and Zscaler is our ideal partner,” said Armin Auth.
Zscaler’s single-pane-of-glass management dashboard makes our teams more efficient and helps reduce operational costs.
Over the next several years, Armin Auth foresees further expansion of Hydro’s Zero Trust Exchange platform. With Hydro increasingly separating its enterprise and industrial workloads, Zscaler for IoT and OT is a viable way to modernize the factory environment while reducing risk. Security for IoT/OT layers the zero trust approach with traditional defenses to increase factory uptime, provide remote workers with secure access, and safeguard against cyberattacks that target operational technology (OT).
“With a partner that is born in the cloud, like Zscaler, it’s easy to expand our portfolio, and it’s in line with our principle of making the most of what we have rather than shopping around for something else. Zero Trust Exchange is a platform that delivers and has already lifted our profitability and supported our sustainability targets,” said Armin Auth.
Remarc Bognar points out that Zscaler is diligent about ensuring that customers are getting what they need on their transformation journey: “Zscaler is really good at having answers to questions even before we’ve had a chance to articulate them. It always has a jump on market needs and gets there before other vendors do.”