Several years back, my security team and I noticed that the four walls of legacy perimeter-based security were eroding. As a respected leader in the electronic manufacturing services (EMS) market, we wanted Sanmina employees to be as efficient, productive, and secure as possible, no matter where they work. When we started moving to the cloud and adopted advanced Industry 4.0 manufacturing practices, it soon became apparent that, in order to minimize cybersecurity risk and reduce complexity, we needed to re-architect our traditional infrastructure and implement zero trust.

Headquartered in San Jose, California, and with locations across six continents, Sanmina is a Fortune 500 company and one of the world’s largest manufacturers of circuit boards and backplanes. Our customers span a broad spectrum of industries, such as medical, automotive, communications, and defense and aerospace. We are committed to exceeding customer expectations by delivering excellence in performance, flexibility, and technology.

The rationale for transitioning from a legacy architecture to Zscaler zero trust

When I joined Sanmina in 1999 as a technical support person, security measures were sorely lacking. After rising through the ranks, I was asked to take on the mission of establishing the security department, implementing more robust solutions, and training employees on cybersecurity practices. I witnessed the evolution of technology in the manufacturing sector and the emergence of zero trust practices and solutions — and there was no doubt in my mind that implementing zero trust was essential to our continued success and future growth. Enabling our distributed global workforce with rapid yet secure access to business-critical applications would be key to that success.

On the internet access side, we had physical servers with a Squid caching proxy installed at each of our 60-plus plants to provide web filtering. Keeping these up to date was a massive problem, so we immediately jumped on board with the Zscaler Zero Trust Exchange™ platform and deployed Zscaler Internet Access™ (ZIA™), enabling us to phase out those SWG servers across the globe.

Our next challenge involved how we were providing remote access via VPNs. Before Zscaler, our employees, vendors, suppliers, and customers had their own accounts in our identity management system. They were each provided with the same VPN access that Sanmina employees were provided. This was an untenable solution. We worried about potential threats embedded in encrypted traffic, and performance was slow because traffic had to be routed through firewalls to the data center before users could access the resources they needed.

The VPN concentrators also had many other issues. We had multiple physical appliances spread across the globe, and each required its own configurations, rules, patches, updates, and maintenance contracts. Any changes that we wanted to implement had to be applied manually to each appliance at every location. We realized we simply couldn’t implement a zero trust architecture using traditional VPN technology. We needed an access solution that was appropriate for a modern, perimeter-less infrastructure.

After evaluating multiple options, we selected Zscaler Private Access™ (ZPA™). ZPA was the most resilient remote access choice available in the market, and we’d already had a great experience with deploying ZIA. It was an obvious choice because Zscaler’s 150+ global data centers enable users to take the shortest path to the applications they need to do their jobs as well as their internet destinations. We are proud to say that we have completely eliminated legacy VPNs and fully embraced ZPA for secure remote access to private applications.

For those of you starting your Zscaler zero trust journey, here are six things I’ve learned that will streamline the transition from your legacy architecture:

1. Communicate what you’re doing with employees

When we embarked on our journey with Zscaler, we knew we had to make it clear to our users that zero trust was an organizational solution, not just an IT solution. Beyond that, we needed to instill in them the notion that security is everyone’s responsibility.

Communication and education needs to be initiated upfront. Employees need to know in advance what’s coming and why it’s going to make things better. Some companies just push new software on employees without explaining what it is, what it does, why they’re doing it, and how it will impact them. But explaining these changes to employees in advance makes the process go much more smoothly. When our employees realized that they would only have to re-authenticate every seven days instead of every 23 hours, they were thrilled and became much more open to accepting the change.

I tell my peers at security events I attend, that my team was previously perceived as the department of “no,” and how we flipped that around and became the department of “know.”

2. Recognize the mental hurdle

Because Zscaler operates so differently from the way we did things in the past, it took a certain degree of faith in the technology to have a successful implementation. This required departments within IT to recognize that previously established processes were no longer viable and new processes had to be implemented. Due to the ease of management within Zscaler, these new processes were more efficient, productive, and streamlined.

3. Use Zscaler for faster mergers and acquisitions (M&As) integration

M&As are an important aspect of Sanmina’s expansion strategy and profitability goals. Before ZPA, our M&A process was painfully slow. The lengthy first step was always getting the acquired company’s computers running our image and getting the proper network connections in place with our firewalls. Then, because we were reliant on VPN, we had to connect the new users directly to our corporate network, giving them unrestricted application access without knowing whether their security solutions were updated or robust enough to meet our specifications. As you can imagine, this presented huge risks.
Now, with the Zscaler platform, we can have the new company become functionally operational on the first day and allow new employees to only access authorized applications rather than the entire network — and this substantially strengthens our M&A security posture.

4. Take advantage of ZPA’s granular policies

We enabled ZPA’s built-in posture checking early in the deployment process. We also implemented geolocation policies. For example, when employees leave China, we have their settings changed to automatically get routed to a different node. Then, when they’re back in China, they get rerouted back through China’s node. ZPA makes it easy to deploy such granular policies. As a result, we can maintain continued productivity and maximize the long-term benefits of our investment, regardless of where employees work.

5. Let Security Operations handle the day-to-day administration

One of the greatest benefits of the Zscaler platform is that we can turn the day-to-day administration over to our Security Operations teams. This is possible because of the platform’s user-friendly, intuitive interface. This allows our highly skilled security professionals to focus more on strategic goals than on tactical tasks. It’s a huge value to the company to be able to free up those resources for higher value projects.

6. Keep executives in the loop

Another key component of the communication piece is informing executives about our risk posture. When we were introduced to Zscaler Risk360™, we immediately put it to work. Risk360 enables us to visualize risk across our entire environment and drill down into risk factors and even financial exposure details. The framework makes it easy for us to prepare reports for the board and management team so they can get insights into how we prioritize security issues and apply mitigation actions.
The benefits of the Zscaler platform have been phenomenal. It has provided us with tremendous benefits that enable us to:

Secure our workforce instantaneously across our over 60 global locations
Leverage a scalable, expandable platform that operates seamlessly in today’s perimeter-less world
Apply security updates in just minutes instead of days
Achieve business goals rapidly with smoother and faster M&A processes
Empower users with high-performance application access and better digital experiences

All of the above helps us accomplish our overall goal of mitigating risk across the enterprise so we can better serve our partners and customers.

Continuing the Zscaler journey while realizing ROI

We’re excited about deepening our exploration of Zscaler’s capabilities. The recent integration of the AI-powered Avalor Data Fabric for Security with Risk360 will help us improve risk management by identifying vulnerabilities and proactively mitigating them before they become a problem. By aggregating data across our entire environment, the data fabric will provide rich context so that we gain an in-depth understanding of the actual risks presented by the vulnerabilities Risk360 discovers. As a manufacturing company, we are also interested in extending zero trust segmentation to our operational technology (OT) environment. Zscaler’s Airgap technology will help us protect east-west traffic in all the manufacturing plants within our critical OT infrastructure.

Our return on investment with Zscaler has been multifaceted. The Zero Trust Exchange platform has increased our agility, improved our security posture, enhanced our employees’ productivity, reduced costs of operations across our global footprint, decreased complexity, and given us better visibility and control. Our journey with Zscaler has been completely positive from day one. All in all, it’s a win-win for our entire enterprise.

Learn more about Sanmina’s journey to zero trust by reading the case study.