Union Assurance PLC Secures Mobile Workforce and Cuts Network Costs by 40% with Zscaler

Shifting to remote work put our journey towards zero trust in motion

The COVID-19 pandemic set Union Assurance PLC, Sri Lanka’s premier life insurance provider, on the path to zero trust.

“The shift to remote work, accelerated by the pandemic, highlighted the limitations of traditional perimeter-based security models and remote access VPN solutions,” said Salmal Pathirana, Head of IT Infrastructure and Security at Union Assurance PLC. “We recognized the need for a solution that would allow our users to access our private apps and resources on the network and internet from anywhere, comfortably and securely.”

Employees in the office accessed the company’s private and SaaS apps over the enterprise WAN, and had legacy firewalls to protect their connections. When staff were on the road or working from home, they used a remote access VPN to access resources. But VPNs and firewalls come with significant weaknesses in today’s evolving technological landscape, by extending the network and increasing the attack surface for cybercriminals with public IP addresses as they connect more users, devices, locations, and clouds. Plus, if the insurer’s staff used personal or unmanaged devices to access corporate resources, this places the organization at greater risk of ransomware, malware, and distributed denial-of-service (DDoS) attacks. If the trusted network were to be breached, attackers could move laterally across connected resources to steal data, expand the reach of their breaches, and disrupt the business.

Transform architecture from firewalls to zero trust

Securely enabling remote and hybrid work was a critical tactic in the company’s focus on reducing risk during the pandemic, and then later, equally critical to offer a great work environment that would retain and attract talented staff. Union Assurance PLC had an opportunity not only to address the growing security risks of hybrid work, but also to accelerate the company’s digital transformation, protect sensitive data, optimize employees’ digital experiences, and dramatically decrease IT costs.

Union Assurance PLC wanted to adopt a zero trust architecture around a security service edge (SSE) framework. A SSE solution would securely connect its workforce and their devices directly to their applications and resources from any location.

“In alignment with the principles of zero trust, a SSE approach acknowledges the necessity for people to work securely from anywhere and access any required resource,” said Pathirana. “The primary goals of our SSE approach were to ensure trusted user identities, devices, and network connections while delivering a good experience for remote workers."

Union Assurance PLC chose the Zscaler Zero Trust Exchange™, an integrated cloud native platform that brokers connections between users, devices, and applications—in SaaS, public cloud, on-premises, and hybrid environments—based on identity, context, and business policies. Applications sit behind the Zero Trust Exchange, making them invisible to the internet, networks, and unauthorized users. Built on the principle of least privilege access, the Zscaler proxy architecture enables full inspection of TLS/SSL encrypted traffic at scale.

“The Zscaler cloud native architecture allows our organization to improve our business agility and adapt rapidly to changing business needs, while scaling security and reducing costs,” said Pathirana.

Phase 1: Securing SaaS, internet, and private apps amid rapid growth

Union Assurance PLC deployed Zscaler Internet Access™ (ZIA) and Zscaler Private Access™ (ZPA) to provide 600 employees with secure access to SaaS, internet, and private apps whether they worked from home, on the road, or in any of the company’s over 90 locations.

“Zscaler has enhanced our workers’ productivity by providing secure, seamless access to their applications from any location or device,” said Pathirana. “Zscaler improves our employees’ productivity and collaboration by facilitating remote work and enabling business continuity.”

Connectivity to SaaS apps like Microsoft 365 as well as private apps on Microsoft Azure and Oracle Cloud Infrastructure is fast and reliable. Union Assurance PLC workers have least-privileged access to the resources they need, with access controls based on business policies and factors such as user identity, device posture, location, and behavior. Users and devices are continuously authenticated and validated so access rights are adapted in real time. Unlike a remote access VPN, Zscaler connects authorized users directly to apps, not the network, so attackers cannot move laterally.

“Zscaler’s robust security controls and threat prevention capabilities help mitigate the risk of cybersecurity attacks, reducing the likelihood of costly downtime and disruptions to the business,” said Pathirana.

The Zero Trust Exchange platform has kept Union Assurance PLC protected as the business has grown to offer new insurance products, delivered a self-service mobile app for customers, and digitized core business processes. In a typical three-month period, Zscaler processes 19.2 TB of traffic to prevent 26.5 million policy violations and block 7,350 security threats, including threats hidden in encrypted traffic. Users are protected from advanced threats like malicious content, adware/spyware, phishing, spyware and botnet callbacks, and crypto mining.

Phase 2: Protecting sensitive data to mitigate business risk

As Union Assurance PLC advanced on its zero trust journey, it added Zscaler Data Protection to safeguard sensitive data and intellectual property, uphold customer trust, and more easily comply with data protection laws and audit requirements. The company maintains sensitive information about the policyholders it insures and other proprietary data and analytics as it brings efficiency and innovation to underwriting. 

“As a financial institution, data protection is a priority,” said Pathirana. “Zscaler provides us with visibility into our users’ access to applications and data, which facilitates audits and compliance with regulatory requirements and industry standards.”

Zscaler Data Protection, part of the Zero Trust Exchange, provides a unified platform to allow Union Assurance PLCto secure all data types across all channels and across all locations. AI-driven data discovery provides instant visibility across endpoints, inline traffic, the cloud, and shadow IT apps without any administrative overhead. As a result, Union Assurance PLC can more easily comply with data protection mandates such as the Sri Lanka Personal Data Protection Act, enacted in 2022, and the ISO 27001 Information Security Management System (ISMS).

Phase 3: Assuring flawless digital experiences

Next, Union Assurance PLC added Zscaler Digital Experience™ (ZDX), a performance monitoring solution that uses AI to rapidly detect and resolve app, network, and device issues. Workers may have different experiences accessing SaaS and private apps depending on their devices or whether they are located in the capital city or a branch office. ZDX lets the IT team create and enforce consistent digital experience policies and proactively monitor application service levels from the users’ perspective—even for SaaS apps not under IT’s direct control.

ZDX uses the same lightweight agent as all Zscaler services, so adding the new functionality was straightforward and eliminated the need for a digital experience monitoring point product, further reducing cost and complexity.

Simplified security and lowered costs

With the Zero Trust Exchange providing its users with fast, reliable zero trust connectivity to their apps from anywhere while preventing cyber threats and data loss, Union Assurance PLC was able to replace its MPLS WAN with a mobile broadband service to directly connect users and eliminate data center and branch office firewalls.

“Zscaler has helped us mitigate capex- and opex-intensive on-premises security appliances and infrastructure, cutting costs by 40%,” said Pathirana. 

With no more need to backhaul application traffic through its data centers for security inspection and policy enforcement, the company has reduced bandwidth consumption and optimized network resources for critical business applications.

“Zscaler has simplified management, unified security, and consolidated multiple security functions into a single cloud native platform,” he said. “We have reduced the complexity of managing multiple security tools and ensured consistent zero trust policy enforcement across the organization.”