DLUHC Improves Remote Experiences, Cutting Time to Connect By 80%

Mission-critical work requires zero trust security

Implementing life-changing programs at a local level is​​ work that cannot be confined to an office. The ability to work whenever and wherever is mission-critical for the Department for Levelling Up, Housing and Communities (DLUHC). 

The department has a workforce of nearly 5,000, and almost anyone on the team could be dispatched to support projects on-location in UK communities. Securing such a geographically dispersed workforce inspired a zero trust digital transformation for the DLUHC.

“We wanted to break away from traditional thinking around technology provisioning,” said Dave Baldwin, CTO at the DLUHC. “You can’t embark on a non-traditional path while still relying on traditional security methods. Achieving zero trust security was part of the bigger picture for us.

Zscaler leads the evolution to holistic zero trust

Becoming a cloud-first organization required the DLUHC to reconsider their security. The department had been using a traditional perimeter-based model reliant on legacy hardware, firewalls, and VPNs. Fragmented solutions made remote work more challenging for staff, provided poor visibility to threats, and increased costs and complexity for Baldwin.

“We were evolving beyond maintaining servers in a data center, so traditional perimeter security was no longer viable,” said Baldwin. “We wanted a zero trust security platform that could protect our users and applications across any location.”

To address these challenges, the DLUHC chose the Zscaler Zero Trust Exchange. Zscaler delivers comprehensive security from a cloud native platform that eliminates the need for legacy infrastructure, VPNs, firewalls, and multiple point solutions. This vastly simplifies operations while providing industry leading zero trust security.

“Zscaler is a leader in zero trust technology that supports the cloud experience,” shared Baldwin. “With the Zero Trust Exchange, we’ve achieved a more comprehensive approach to security that is actually easier to manage and more cost effective. We have greater visibility across our users and devices, and we can control access to resources in a more granular way. This allows our staff to work effectively, no matter where they are needed.”

The Zero Trust Exchange enables secure work from any location

With the department’s mission to support local communities and respond to unplanned events such as flooding or pandemics, hundreds of staff may sometimes need to quickly start remote work in a brand-new location. Zscaler Internet Access (ZIA) enables fast and secure access to the internet and SaaS applications for the DLUHC’s mobile staff. 

Users enjoy direct-to-internet access, and the Zscaler platform inspects all traffic and applies inline security controls to prevent compromise and help stop data loss. Functionality for cloud firewall protection, URL filtering, and SSL inspection is built into the platform, eliminating the need for multiple outbound demilitarized zone (DMZ) solutions.

“The Zscaler platform protects our staff regardless of where they are working, and that protection is achieved with a significantly streamlined outbound security stack,” Baldwin said. “This has been a big technology leap for us.”

Zscaler technology transforms the remote user experience

In addition to anytime, anywhere, secure access to the internet and SaaS apps, embracing Zscaler Private Access (ZPA) for connecting to private DLUHC resources further transformed the remote user experience.

Previous VPN services left employees feeling frustrated by what Baldwin described as a “very clunky” process to access essential department applications remotely. “There were a lot of steps involved to get staff from opening a laptop to actually working, and any one of them could be a failure point,” Baldwin elaborated.

Zscaler eliminates the need for VPN appliances by enabling fast, seamless, zero trust access to DLUHC private applications. Users connect directly to the applications they need, so they can work more efficiently and productively.

“With the Zscaler platform, we’ve reduced the average time it takes for a remote employee to successfully connect and start working by nearly 80%,” shared Baldwin. “Staff can be effectively and securely working in less than 30 seconds after turning on their laptops. We calculated that this collective time saved across our total workforce on the Zero Trust Exchange equates to an overall productivity boost of about 50,000 extra hours each year.”

Zscaler connects users to private apps with less risk

Connecting users to DLUHC private applications isn’t just faster and simpler with Zscaler; it is also more secure. Unlike traditional VPN appliances, the Zscaler platform is built to support a holistic zero trust architecture. 

Not only are apps hidden behind the Zero Trust Exchange to reduce the attack surface, but, as previously mentioned, Zscaler connects users directly to DLUHC applications and not to the network as a whole, preventing lateral threat movement. User identity, device security posture, and other context are verified before a connection is made. Inline traffic inspection enforces access control and actively prevents web attacks.

The department hosts 100% of its applications within Amazon Web Services (AWS). Because the Zscaler platform integrates with AWS, zero trust protection seamlessly extends to every private application in the cloud.

“We had internal-facing systems and resources that we were simply not willing to expose to the internet,” Baldwin shared. “The Zscaler platform keeps our critical resources invisible to the internet while allowing DLUHC staff the controlled, secure access they need to carry out their work from anywhere.”

Zscaler solves unique remote work challenges

Installing Zscaler Client Connector on all DLUHC laptops as part of the Zero Trust Exchange deployment has helped Baldwin mitigate the challenge of captive portals—the splash screens used in public places, like coffee shops and trains, to broker a Wi-Fi connection. The department’s old VPN solution did not recognize captive portals, so staff were unable to connect to Wi-Fi while in transit between remote locations. 

“The Zscaler platform can recognize these captive portals and provide access for a minute to allow staff to connect to Wi-Fi via those splash screens before locking connectivity back down securely,” explained Baldwin. “Solving for the captive portal challenge has been another boost to overall staff productivity and satisfaction.”

Zscaler scalability supports operational efficiencies

In addition to the boost in individual staff productivity and satisfaction, organizational efficiency has also increased with Zscaler. The scalability of the Zero Trust Exchange allows the DLUHC to react quickly to the ever-changing demands inherent in public sector work.

Baldwin and his team can now increase the number of staff in the field with ease. “There have been times when we’ve needed to onboard 600 staff in two weeks,” Baldwin explained. “We couldn’t have done that previously, but with Zscaler, it’s fast and easy.”

The COVID-19 pandemic—perhaps the ultimate test of an organization’s readiness for secure remote work at full scale—didn’t present the typical challenges for Baldwin, since DLUHC had fully deployed Zscaler several years prior. “When asked about what we might need to do to prepare for nationwide work-from-home mandates during the pandemic, I was really pleased to tell our leaders that there was absolutely nothing to do. With Zscaler, we were already fully prepared for everyone to work remotely for as long as needed,” Baldwin recalled.

Robust analytics enable transparency and compliance

Zscaler technology also makes it easier for the DLUHC to fulfill unique reporting obligations with transparency and speed. Performance monitoring and security analytics insights available through Zscaler allow the DLUHC to better manage Freedom of Information (FOI) Act requests that government departments and public authorities are required to respond to, often within specific time frames. 

“We’re able to answer FOI requests faster because of the simplified reporting features available on the Zscaler platform,” said Baldwin. “With our previous solutions, reporting was a fragmented process. With Zscaler, I have a single platform to gain an overall view of our traffic and activity.”

Enhanced reporting also makes general operational decisions easier to navigate. “The reporting capabilities we now have with Zscaler give us greater visibility into staff use,” explained Baldwin. “We can make better informed decisions around all the details that go into keeping staff secure and productive, like increasing bandwidth at individual remote work sites.”

Fostering deeper and safer collaborations through Zscaler

The DLUHC is supported by 15 affiliated agencies and public bodies that help it carry out its mission. One of the most profound benefits of adopting Zscaler has been the improvement in secure collaboration.

With the Zero Trust Exchange, private DLUHC applications can be shared with external departments and bodies with reduced risk, ensuring adherence to cross-government standards for cybersecurity. The zero trust protection that DLUHC staff have can be expanded to external users with minimal administrative overhead. 

“Zscaler technology allows us to extend our secure edge into these external environments to share critical resources safely,” Baldwin explained. “With our previous security solution, achieving that level of resource sharing would have taken significant effort and posed increased risk.”

In a single three-month period, Zscaler processed more than 3 billion transactions for the DLUHC, preventing 81 million policy violations and blocking nearly 99,000 security threats. “Zscaler is blocking many threats for us on a daily basis,” said Baldwin.

Zscaler plays a tangible role in helping UK communities thrive

As the DLUHC continues its zero trust journey, Baldwin anticipates a lasting partnership with Zscaler. While he’s still exploring other Zscaler solutions for the future, he appreciates that Zscaler is always innovating existing solutions to help clients get the most out of the platform today.

Baldwin is currently working with Zscaler to enhance source IP anchoring (SIPA) policies, as well as expand data loss prevention (DLP) measures, allowing the DLUHC to further streamline its security infrastructure. Fully leveraging Zscaler technology gives Baldwin confidence to, as he stated, “reduce the estate in terms of hardware volume and type of equipment.”

“With Zscaler, we aren’t reliant on a series of managed service providers and mismatched point product solutions,” said Baldwin. “We have one comprehensive platform that supports our cloud-first experience with holistic zero trust security. Zscaler has been critical to our technology transformation.”

That technology transformation has been critical to the department’s ability to carry out its mission to help UK communities thrive. “With the Zscaler platform, staff can work anywhere they are needed, and the seamless user experience enables them to effectively meet objectives,” concluded Baldwin. “In this way, Zscaler is tangibly helping the DLUHC improve quality of life across the UK.”