- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
Breaches galore – why a proven platform for Zero Trust is needed
What is zero trust?
Zero trust is a distinct architecture that provides secure connectivity based on the principle of least-privileged access. It inherently prevents excessive permissions and gives users and entities access only to the specific IT resources they need in order to do their jobs. On top of that, zero trust means analyzing context to assess risk and determine whether or not to grant access, rather than using identity alone to do so. This is all achieved through a cloud platform that delivers zero trust connectivity as a service at the edge—meaning from as close to the end user as possible. In short, think of a zero trust platform as an intelligent switchboard.
Zscaler
Figure 1: Zero trust architecture with Zscaler
What is zero trust not?
Yesterday’s perimeter-based architectures are built on firewalls and VPNs, which connect users to the networks that house resources rather than connecting them directly to the resources themselves. A commonly used name for such an architecture—castle-and-moat—illustrates the way that it is designed to function. That is, establishing a moat (perimeter) around a castle (network) in order to keep bad things out and good things in. However, if a threat makes it past the moat, there’s no second line of defense to prevent the threat from entering the castle and having free rein to move about within it. In security terms, we call this lateral movement—when a threat moves across network resources unrestricted. To read more about lateral threat movement and other shortcomings of perimeter-based architecture, you can read this ebook.
Zscaler
Figure 2: Perimeter-based architecture
Now that we understand zero trust as a distinct, cloud-delivered architecture, let’s return to our original point that organizations need a proven platform for zero trust. Namely, a vendor’s zero trust offering must be proven across the three key areas described below.
Scalability
When all of an organization’s traffic is routed through a zero trust vendor’s cloud for security and connectivity, that cloud platform becomes a mission-critical service that must have the scalability necessary to ramp up with customers’ evolving traffic volumes in real-time. Without it, organizations’ security and connectivity grind to a halt, taking productivity down with them.
Additionally, a lack of scalability means that encrypted traffic typically goes at least partially (and sometimes completely) uninspected. This is because inspecting encrypted traffic is a resource-intensive process that requires a high level of performance. With 95% of web traffic now encrypted—and cybercriminals hiding 86% of their attacks within it—organizations must be able to inspect encrypted traffic at scale if they are to stop threats and data loss.
One may assume that these scalability challenges only arise for larger organizations, but that is untrue. Without a proven zero trust platform that can scale, smaller organizations can also face these challenges, particularly as their businesses grow and their vendors need to ramp up services seamlessly. In other words, organizations of all sizes need a zero trust platform built on a cloud with proven scalability.
Something you may not know about Zscaler is that our name stands for “zenith of scalability.” Since our company was founded, we’ve been committed to delivering unrivaled performance. The Zero Trust Exchange, the name of Zscaler’s zero trust platform, is the world’s largest inline security cloud. It boasts a variety of statistics and proof points that demonstrate its massive capacity for scale:
- 150 data centers worldwide (not merely on-ramps or vPoPs)
- 400 billion requests processed each day
- 500 trillion telemetry signals analyzed daily
- 9 billion incidents and policy violations prevented each day
- 150 million cyber threats blocked daily
- 250,000 unique security updates implemented each day
So, when it comes to choosing a zero trust platform, why settle for anything less than the zenith of scalability?
Zscaler
Figure 3: A snapshot of some of Zscaler’s data centers around the world
Resilience
Business continuity planning for mission-critical services is a board-level priority for IT leaders. As mentioned previously, a zero trust platform’s strategic inline position between users, workloads, apps, and more, makes it a mission-critical service. As such, organizations need to know that unforeseen events won’t disrupt their vendor’s services; otherwise, security, connectivity, and productivity will all suffer.
Zscaler Resilience is a core component of the Zero Trust Exchange. It is a complete set of resilience capabilities that offers high availability and serviceability at all times. Customer-controlled disaster recovery features and other robust failover options ensure uninterrupted business continuity, even during catastrophic events.
Zscaler offers the following capabilities for the following scenarios:
- For minor failures, such as node crashes or software bugs, Zscaler can effectively handle the issues with minimal customer interaction.
- In the event of brownouts or service degradation issues, Zscaler Resilience offers dynamic, performance-based service edge selection, customer-controlled data center exclusion, and other failover mechanisms to maintain seamless experiences for users.
- For blackouts or severe connectivity issues, Zscaler provides failover options to redirect traffic to secondary Zscaler data centers nearby, ensuring that users can continue to access mission-critical applications.
- If there are catastrophic events, Zscaler Resilience provides customer-controlled disaster recovery capabilities, allowing organizations to keep their operations running by routing traffic to private service edges and restricting access to critical applications.
Zscaler
Figure 4: Zscaler Resilience functionality
A history of customer success
In addition to scalability and resilience, zero trust platforms must have demonstrated success with actual customers using their services. Organizations need to see the success stories of customers that are similar to them in terms of size, industry, and their security and connectivity challenges—only then should they trust their vendor of choice. This is particularly true for bigger organizations because they need evidence that a zero trust platform can handle larger volumes of traffic and more rigorous performance requirements.
At Zscaler, we have a litany of customer success stories available on our website in the form of videos, blogs, case studies, and press releases. Our company has demonstrated success with organizations of all sizes and in all geographies—from small, 100-user organizations like the Commonwealth Grants Commission in Australia, to those with hundreds of thousands of users, like Siemens in Germany, and beyond, to the New York City Department of Education and the 1 million users it secures with the Zero Trust Exchange. Here are some more facts and figures that demonstrate our customers’ trust and belief in our platform:
- Nearly 8,000 customers of all sizes, industries, and geographies
- Over 41 million users secured by the Zero Trust Exchange
- A Net Promoter Score of more than 70 (the average SaaS company’s is 30)
- More than 40% of the Fortune 500 are customers
- More than 30% of the Global 2,000 are customers
Where to go from here
If you are still getting your feet wet with zero trust and would like to listen to an entry-level discussion on the subject, register for our monthly webinar, Start Here: An Introduction to Zero Trust. You may also want to read our ebook, 4 Reasons Firewalls and VPNs Are Exposing Organizations to Breaches.
Or, if you would like to learn more about Zscaler Resilience and how the Zero Trust Exchange provides uninterrupted business continuity to customers, read our solution brief.