Persistent Boosts Security While Saving $2M in Capex/Opex Costs Year Over Year

Advancing digital innovation for clients and empowering employees with zero trust

As one of the world’s fastest-growing IT engineering and service providers, Persistent is instrumental in shaping its customers’ digital innovation strategies. One of the company’s top priorities is enabling digital innovation for its 23,000 remote workers while protecting its customers’ private data and its own consulting methodologies and other intellectual property. 

With bad actors increasingly targeting VPN vulnerabilities to gain access to corporate networks, defending against ransomware and breaches was a top priority for the cloud-first company. Compromised VPN credentials could potentially result in theft of intellectual property, financial loss, and damaged customer trust. This led Debashis Singh, Chief Information Officer, to look into zero trust as a superior alternative to its legacy architecture.

“We constantly evaluate our security posture against evolving attack vectors,” said Singh. “And we continuously assess risk, proactively test new security solutions, and update our incident response plans. Under our previous architecture, we knew that it wasn’t a matter of ‘if’ we were to suffer a breach or a ransomware attack, but ‘when.’ We also wanted to help our clients better by helping ourselves. Clearly, zero trust was the ideal way to elevate our defenses and modernize our approach to security in line with our digital transformation.” 

From every angle, Zscaler is the right partner for the job

Persistent wanted to ensure that employees had seamless and secure access to their applications and the internet and a more positive user experience. The company’s goals were to replace its VPNs, firewalls, and other network hardware with a zero trust platform to minimize business risk, prevent data loss, and reduce cost and complexity.  

Leadership sought a trusted partner that not only had the technology to support its cloud-first strategy, but also shared its environmental, social, and governance (ESG) corporate values. The Zscaler Zero Trust Exchange™ platform met all the criteria and offered a path for future growth and expansion.

“Our initial focus was supporting our anywhere computing model for our employees spread across the globe, coupled with zero trust architecture that paid dividends along the way,” said Debashis Singh, Chief Information Officer. “Ultimately, we aimed to enhance our cybersecurity infrastructure while minimizing costs, complexity, and environmental impact. With this in mind, we were confident that evolving our strategic partnership with Zscaler was the natural next step in our security and cloud transformation journey.”

Phase 1: Stronger security coupled with high-performance, direct access to the web and SaaS

Persistent initiated its zero trust journey by implementing Zscaler Internet Access™ (ZIA™) to provide cloud native, secure internet and SaaS access for its 23,000 users across 21 countries. 

Previously, users working from major locations connected to the web and SaaS applications such as Microsoft 365 and Salesforce via MPLS. Smaller branch offices used IPsec connections. With ZIA, users no longer connect to the network. Instead, they connect directly to the web and SaaS applications they are authorized to use. Additionally, URL filtering and AI-powered threat protection safeguard against ransomware and other threats while preventing compromise and potential data loss.

"Zscaler has enhanced the company's overall security posture by minimizing the attack surface. With ZIA, employee identities are verified in the context of their requests, and 100% of the traffic is continuously inspected to protect against cyberthreats hidden in encrypted channels,” said Singh.

Phase 2: Four times faster, reliable, more secure access to private apps for a remote workforce

In the second stage of its zero trust journey, Persistent deployed Zscaler Private Access™ (ZPA™). Prior to ZPA, employees accessed private applications via VPN, which connected users to the network. When users logged in to a VPN from their laptops remotely, their requests were routed to jump servers, which then routed them to applications. This backhauling resulted in sluggish performance along with frequent disconnections, frustrating users and impacting their productivity. 

“Before we deployed ZPA, it took over four minutes to establish connectivity to private applications. Now, it takes less than one minute. Employees seamlessly and securely connect to private applications,” asserted Singh. “Connecting to internal systems and databases, whether from the office or from home, offers a consistent user experience, saving teams time and increasing productivity.”

In addition to phasing out risky VPNs, Persistent has eliminated 50 jump servers and multiple firewalls, vastly simplifying the infrastructure and reducing hardware and maintenance costs. Backhauling to the data center for security and access has become a thing of the past. 

“Zscaler has substantially simplified our network architecture and enables users to connect directly to the internet resources they need based on zero trust principles,” said Singh. “As a result, we have seen a big reduction in our capital expenditures for hardware and in our management costs.”

Zscaler has also strengthened the company’s overall security posture. Because users connect to applications directly, and not to the network, the lateral spread of malware is prevented through AI-powered zero trust auto-segmentation. 

Phase 3: Extending zero trust with data loss prevention (DLP), digital experience monitoring (DEM), and deception technology

Persistent leveraged Zero Trust Browser to enable secure, agentless access to the web applications while preventing data loss to the unmanaged devices. Persistent deployed Zscaler Data Protection to fortify protection, including full TLS/SSL traffic inspection, for sensitive client data and its own intellectual property across all channels—web, email, SaaS, private applications, and endpoint devices. The unified DLP solution extends protection to both structured and unstructured data. It also significantly accelerates data visibility across endpoints, networks, and the cloud with instant AI-powered data discovery and classification. 

“Zscaler DLP gives the security team a granular view into shadow generative AI application usage, including user input prompts. If AI app usage does not align with corporate policy, it enforces real-time DLP blocking and application isolation,” pointed out Singh.

To keep its people productive and creative, Persistent implemented Zscaler Digital Experience™ (ZDX™), which minimizes downtime by enabling IT to identify and proactively resolve issues. ZDX provides complete visibility across all devices, networks, and applications, regardless of location, ensuring quicker remediation. To further reduce resolution times, support staff can quickly identify the root cause of performance issues, even with limited IT training, using ZDX AI capabilities.

“By expanding our Zscaler footprint with the addition of advanced DLP and user experience solutions, we have exponentially elevated our resilience and boosted business continuity,” said Singh.

Recently, Persistent deployed Zscaler Deception to detect and block threats that specifically target zero trust environments. With adding operational overhead, Deception proactively detects and intercepts attacks that compromise user identities and gain access to applications. By planting lures and decoys throughout the environment, it intercepts lateral movement of attackers and keeps them from accessing critical resources and sensitive data. 

“Zscaler Deception has detected more than 80 notable attacks over a 90-day period, including 31 high-risk attacks,” said Singh. “It has proven its value in a short time.” 

Next up: A 360-degree view of risk for executives and security pros

Persistent has begun piloting Zscaler Risk360™, a comprehensive quantification and visualization framework that ingests real-time data from the company’s Zscaler environment and external sources to generate insights about potential cyber risks and their estimated financial impact. Risk360 calculates a single risk score across the entire organization that can be tracked and measured against the four stages of a cyberattack: the external attack surface, initial compromise, lateral propagation, and data loss.

“With Risk360, we gain a more comprehensive picture of cyber risks and actionable ways to remediate them,” remarked Singh. “It is an invaluable tool for risk management, providing us with both a broad and deep view into risk exposure and how it could potentially affect the bottom line. We look forward to fully implementing it in the near future and sharing the benefits with our clients.

Integrations streamline security processes and add value to existing tools

Zscaler integrates with multiple solutions in Persistent’s security ecosystem, providing additional value. 

With its hybrid workforce using a variety of devices, endpoint security is a top priority for the security team. The Zscaler-CrowdStrike integration enables bidirectional threat intelligence sharing to strengthen protection and provide historical forensics to make incident investigation faster and more accurate.

The CrowdStrike Falcon generates a Zero Trust Assessment (ZTA) score by continuously evaluating  the security and compliance posture of every endpoint device it protects. Based on the changing ZTA score shared by CrowdStrike, Zscaler adapts its application access policies. It can perform gradual lockdown with full access or conditional browser isolation access. Zscaler can also completely block access to predefined, business-critical applications.  

“Thanks to the Zscaler-CrowdStrike integration, we have improved our security posture, consolidated security tools, and lowered our security maintenance costs,” said Singh. “Endpoint security was a critical piece for us, enabling us to better leverage the CrowdStrike’s forensics capabilities. The sum is greater than its parts.”

Zscaler also integrates tightly with Microsoft Entra ID to control access to private applications in the Azure cloud platform. Once a user’s identity is established and confirmed based on multiple factors, such as privilege level, device, and location, they can automatically connect to authorized private applications on Azure with single-sign-on (SSO) and multifactor authentication (MFA).

To accelerate threat detection and response, Persistent integrated Zscaler with its Securonix security information and event management (SIEM) system. Securonix collects relevant Zscaler log data into a central repository, enabling the security team to gain actionable, real-time insights across devices, users, and locations from one unified platform.

Better security and infrastructure consolidation supports a thriving business

As Persistent continues on its rapid growth path, the Zero Trust Exchange platform has enabled staff to work flexibly and securely while improving visibility and reducing costs. The platform has scaled up to protect Persistent as its revenue has grown 27% over a period of three years.

With application traffic increasing 42% year-over-year, Zscaler has proven its worth. Over a three-month period, it has processed more than 1,032 TB of traffic, prevented 1.5 billion policy violations, and blocked more than 2.7 million security threats, 439,600 hidden in encrypted traffic. 

The Zero Trust Exchange platform has also eliminated the problems associated with using multiple, unintegrated point products: security gaps, longer recovery from attacks, higher security operations costs, and expensive infrastructure investments. With Zscaler, Persistent now has strong, consistent cloud-based security that extends protection across the head office, branch offices, and users everywhere.

“As we continue to add offices and do acquisitions, we are finding that Zscaler is the best way to support our growing hybrid workforce and integrate new offices,” noted Singh. “Since fully implementing Zscaler, we have seen an 85% improvement in our overall security posture and have eliminated 11 security products, thus reducing both our capex and opex, delivering over $2 million in cost savings over a year’s time.”

Building a Zscaler-focused practice for clients

Persistent continually develops innovative digital solutions that deliver business value for its clients. The company not only relies on Zscaler as part of its own zero trust strategy, it also offers Zscaler solutions as part of its practice to help customers advance their own zero trust journeys. 

Persistent is a Zscaler Zenith partner, the highest level of engagement in the Zscaler partner ecosystem. With 170 certifications, Persistent has built a solid foundation for its practice. Drawing on its software engineering expertise, it has also developed proprietary, prebuilt automation tools for faster and more efficient Zscaler onboarding at client sites, troubleshooting playbooks, and custom integrations for clients.

Persistent sees a healthy growth opportunity for its Zscaler practice both regionally and globally across multiple industries, including banking, healthcare, and technology. It is particularly focused on helping clients in private equity secure their own hybrid workforces as they engage in mergers, acquisitions, and divestitures.

“We believe Zscaler zero trust is the best solution for our clients based on our own experience as a customer,” remarked Singh. “And to make sure our clients are successful with their Zscaler deployments, we strive to optimize it for each client’s unique environment.” 

Zero trust supports sustainability goals while increasing resilience

As a United Nations Global Compact participant, Persistent is committed to environmental sustainability, as part of its ESG initiatives. It has already made great strides: 44% of its energy comes from renewable sources, and 13% of its transactions are processed by renewable energy.

As a 100% carbon-neutral organization, with 100% of its global data centers powered by renewable energy sources, Zscaler is in full alignment with Persistent’s sustainability goals. 

“An expanded carbon footprints breeds higher costs as a result of power and cooling requirements of appliances. By adopting the Zscaler Zero Trust Exchange platform, we’ve been able to vastly reduce our reliance on costly, energy-intensive hardware while reaping the benefits of greater business resilience through our enhanced security posture,” said Singh.