When I was a customer, I had one of those old-school proxies complete with Nedry the hacker from Jurassic Park wagging his finger if a user visited a website they shouldn't. I had a DLP platform in place, I (of course) had a sleek layer 7 firewall that promised me app aware firewalling, I had some basic antivirus software on my end users’ machines, and life was good.
This probably sounds familiar to you, but what also sounds familiar is having to keep these software appliances or physical appliances up to date and you have to update agents on the end user side. I was always spending cycles keeping things up to date and hopefully one of them didn't have a day zero vulnerability that threw my whole maintenance window off. It cost my organization a lot of money in both hours spent doing the upgrade along with support renewals.
I longed for a day when I could have either more help or easier products to manage both could be even more costly expenses. What I really needed was the ability to condense all of these point solutions to save myself a lot of time. Well, that day is here. Zscaler Internet Access (ZIA) takes all of those pesky appliances/software agents and consolidates them down to a single cloud-first platform.
The Zscaler Zero Trust Exchange provides outbound web filtering, NGFW, DLP, and cloud app control, along with other capabilities. So how does it all work? Well, in today's age of everything being https—including Zscaler Evangelist Brian Deitch's blog—you need to be able to inspect that traffic. When Zscaler inspects that traffic, we can see what is being sent where so we can take action. We have the ability to do SSL inspection at scale with 150 data centers all over the world. You have freedom to decide what you let Zscaler inspect and what you don't.
Example: as a healthcare organization, I wouldn't want Zscaler scanning things in the health category, such as insurance provider websites. Your hospital may, however, want to ensure your users don't upload PHI to their personal Google Drive account. Zscaler can allow users to surf YouTube but not allow them to post comments or upload a video.
While we are talking about DLP, the latest in healthcare ransomware attacks is threat actors encrypting files and exfiltrating them. Through the Zscaler partnership with Rubrik, we can gather what is sensitive data within a backup and feed our IDM engine. This way, Rubrik can protect your backup and Zscaler can ensure your data never leaves your trusted locations. Learn more about the Rubrik partnership here.
You need to ensure clinicians are safe when they go to a web page thinking it's a scholarly article—especially if it turns out to be a malicious PDF they accidentally downloaded. Zscaler can scan that PDF via our malware protection and use our cloud sandbox protection to isolate that file. Let us ensure it's safe before it gets to your network!
How do we enforce these policies? We have our Zscaler Client Connector, a lightweight, tamper-resistant client that sends traffic for all ports and protocols to our cloud. This way, even your remote users get secured. Maybe you can't install Client Connector or have a lot of IoMT devices in your hospitals—we also support GRE tunnels for unauthenticated users and devices.
What about latency? My doctors don't want to wait for a slow webpage!
The way Zscaler handles this is we don't inspect a packet via an engine and then send it to another inspection engine, then another, so on and so forth, until we are satisfied that it's safe. Instead, we inspect the packet all at once to avoid any latency. We are so confident in our technology that we actually have latency SLAs. Read more: Zscaler SLA Agreements.
You must have twenty consoles that I need a whole team of experts to manage!
Nope. We have our core ZIA admin console that allows you to set and enforce policy, then we have a Client Connector admin console so you can ensure things, like posture compliance, across the entire platform and across multiple OSes. We can help you do more with far less.
This probably takes years to set up!
Still have those legacy hardware appliances sitting on your data center floor from three years ago when you were sold them? Don't think you have the staff to set this up? No worries! At Zscaler, we don't do a traditional POC; we do what we call a POV. We want to show you how easy it is to prove value with our product, so during the process an SE is going to walk you through all of the great things you get out of the box with minimal configuration. You may have some custom things, and that's fine because our PS team is there to assist in those instances. The Cerebral Palsy Alliance stated it took them four weeks to implement Zscaler Internet Access as an example. You can read their case study here.
Reporting also comes up often when we talk to hospitals. A CISO may want top threats over a period of a month, a network team may need bandwidth metrics, etc. We have plenty of out-of-the-box reports, along with the ability to create custom reports. You can schedule these reports to be sent out automatically because, with less staff, you may not have the time.
Zscaler understands that in today's macroeconomic climate, while many healthcare providers are dealing with negative margins, we need to enable our customers to do more with less. We can help you save costs on cyber insurance, ensure HIPAA compliance, protect against ransomware, and let your users securely do their job without disrupting workflow.
This blog is the second in our series on securing healthcare with a zero trust architecture to do more with less. Read the other blog here:
Empowering your healthcare organization to do more with less: Zero Trust Architecture
We look forward to exploring how Zscaler can help you do more with less, as we have for hundreds of other customers in the healthcare sector. You can also find more information on Zscaler for healthcare here.