EML Leverages Zero Trust to Secure Private AI-Based Apps and Increase Digital Trust for Customers

Digital trust and resiliency guide the search for a VPN alternative

With its beginning as a bakery turned baking industry workers compensation provider, EML Group (EML) is the injury management partner of choice for employers and government agencies. For over 110 years, Australians have turned to EML for its claims expertise and personalised support in helping people get their lives back.  It has a history of placing the individual at the center of its business. This responsibility to the safety of each person extends to protecting personally identifiable information (PII) by maintaining a high standard of cybersecurity. 

EML has a broad scope of services. The company is a claims manager for large self-insurers, government agencies, and life insurance and provides religious institutions and the hospitality industry with specialized insurance. EML prioritizes maintaining its customers’ trust and expectation of availability. Case managers use proprietary applications that harness the power of automation and AI to streamline claims management, reduce administrative burdens, and have more meaningful interactions with their customers. The security team plays an integral part in this by supporting internal case managers with streamlined and efficient tools to support their daily activities and interactions with customers.

“At EML, we are harnessing the power of AI and automation and a human-in-the-loop model to improve the efficiency of our claims model and better serve our customers. We build trust by combining empathy with reliable, high-quality service while maintaining the highest standards of privacy and data security. This human-centered approach, supported by innovative tools and robust cybersecurity measures, ensures transparency and consistency for better outcomes,” said CIO Shane Devlin. “When our VPN failed, we knew the next solution needed to meet a high bar of digital trust and resiliency.”

EML was using a traditional VPN that funneled all traffic back to its data center and then out to the internet. When employees began working from home during the COVID-19 pandemic, VPN latency caused bandwidth issues, which resulted in slow performance and ongoing connectivity problems. Increasing bandwidth was a temporary fix, but it did not address the problem long-term. Employees continued to have trouble accessing the tools they needed to serve customers in a timely fashion. As a consequence, productivity dropped, and IT was constantly triaging issues.

An eye-opening POV points to the clear-cut choice for zero trust

At the time, Devlin and Leon Gelderblom, Head of Security and Infrastructure, had been working on a zero trust architecture design and saw an opportunity to address the root cause of these problems. They determined that replacing the on-premises web proxy and VPN with a cloud native security stack would resolve employees’ dependence on unreliable home internet connections and would ensure high-performance and secure access to the tools they need.

“Our immediate goal was to improve the work-from-home experience with a solution that meets our stringent technical and cybersecurity requirements,” said Gelderblom. 

The team narrowed their options down to three vendors using the FURPS model, a framework for classifying software quality attributes into five categories: functionality, usability, reliability, performance, and supportability. With their list of well-defined requirements, the EML technical teams selected the only solution that ticked all the boxes—the Zscaler Zero Trust Exchange platform—and launched a proof of value (POV).

“Other solutions did not meet our requirements and security threshold while Zscaler, on the other hand, met every single requirement we had. What really stood out was secure access to private applications and ease of connectivity. And the level of attentiveness we received from the Zscaler Professional Services team during the POV process was like nothing we've seen. They’re technically strong, answered all our questions, and worked with us to ensure our requirements were met,” Gelderblom recalled.

Phase 1: Secure private access is a game changer for remote user experience and productivity

EML’s proprietary applications aim to help its team of personal injury specialists proactively manage customers’ workers compensation claims and ensure a high level of human-to-human interactions. One of the biggest issues EML needed to address was the inefficiency in employees’ work-from-home experience and access to these applications.At times, remote employees waited up to 15 minutes for the legacy VPN to log them in. Once connected, the internet speed was slow due to ongoing bandwidth issues, causing further productivity disruptions. Additionally, Devlin and Gelderblom were concerned about potential exposure of EML’s legacy VPN to attackers.

During the POV, EML was impressed with how Zscaler Private Access (ZPA) provided faster connectivity and offered greater security than the legacy VPN. ZPA connects users, regardless of where they are, directly to authorized applications rather than the entire corporate network, preventing lateral threat movement. EML no longer had to funnel traffic through the data center, and users no longer faced latency or bandwidth issues.To improve security and enhance user productivity and satisfaction, EML decided to accelerate the Zscaler deployment.

“Once word got around that a better option was coming, everyone was eager to use it. So, we pushed the rollout of all our Zscaler solutions–ZIA, ZPA, and ZDX–to the majority of the workforce in just two months,” said Gelderblom. “We didn’t expect to receive the subsequent outpouring of praise for the new user experience.”

Devlin added that the Zscaler deployment also made his job significantly easier: “Since moving to Zscaler, we don't get any negative feedback about connectivity anymore, and that's a massive plus for me.”

During the deployment, the team separated the 3,900 employees by business unit, transitioning 100 to 500 users to Zscaler at a time.

The change was evident immediately, and users were thrilled. “We became acutely aware of the impact on morale when employees had to wait for VPN access. Zscaler turned things around dramatically. Starting the day right with seamless, fast access is priceless to users,” said Lian Turk Rivero, marketing and communications manager at EML.

The help desk also appreciated the benefits of Zscaler, which included an 80% reduction in remote access support tickets over the year and a 20% reduction in remote access maintenance efforts during that same timeframe. 

“ZPA has been a game changer for us. It has significantly improved the employee experience and reduced time spent on VPN support incidents for our technical teams,” said Gelderblom. 

Phase 2: Granular, dynamic, risk-based policies secure access to the web and SaaS

Gelderblom was familiar with Zscaler Internet Access (ZIA). A few years prior, the company considered adopting a cloud-first architecture but delayed the initiative due to competing priorities. As EML’s support agreement with its on-premises proxy solution neared the end of its term, Gelderblom saw the opportunity to implement ZIA alongside ZPA.

To ensure a seamless transition, EML aligned specific groups to each product: the network team oversaw ZPA, and the infrastructure team managed ZIA. A year later, the infrastructure team reported a 25% reduction in maintenance time. They can now reallocate that time to higher-priority activities. 

The team also benefits from granular access controls that they lacked prior to Zscaler. ZIA sits inline between users, the internet, and SaaS, inspecting traffic in real time. EML’s access controls are enhanced by ZIA’s dynamic risk-based policies, which continuously analyze user, device, application, and content to minimize the possibility of compromise. 

“The move from on premises to cloud has simplified our maintenance requirements and has given the team significantly more control. With the granularity to enable access to resources based on business requirements, we're aligning our policies to limit risk,” said Gelderblom. 

Phase 3: Digital experience monitoring speeds time to resolution and empowers the support team

EML also implemented Zscaler Digital Exchange (ZDX) during the initial rollout to gain more visibility into users’ remote connections. Prior to adopting Zscaler, when the IT team supported users working from home, they often lacked definitive details on the root causes of issues. This lack of visibility delayed time to resolution, frustrating IT operations and users. 

“We needed to empower our support teams and management to have difficult conversations with employees about their connection and give them clear direction to either upgrade or come into the office,” Devlin noted. ZDX's AI capabilities significantly reduce mean time to resolution by analyzing devices, networks, and SaaS, cloud, and data center applications. This enables the technical support team to definitively detect issues and resolve them quickly.

“Our remote users are now more productive, as ZDX provides full end-to-end visibility, significantly reducing the time it takes for our technical teams to investigate and identify network issues,” Gelderblom said.

Protecting proprietary technology and AI models to build digital trust

One of EML’s biggest differentiators is its proprietary technology. The organization has more than a century of learnings in personal injury claims management and understands the nuances of workers’ compensation. As such, EML leverages this deep knowledge to build purpose-built technologies that enable innovative programs like Mutual Benefits. 

It has extended this approach to building AI tools as well. EML recognizes how AI innovations are changing the business landscape and the importance of  leveraging them in a responsible, human-centered way. 

“Most of the industry is using off-the-shelf (OTS) AI, whereas we’ve developed AI in-house with our teams training large language models. While we see huge value in AI, we carefully monitor its usage. For example, we use Zscaler’s help to prevent our employees from accessing public AI tools and accidentally leaking proprietary data,” said Devlin. ​​”Zscaler had made it possible for us to use innovative tools by providing robust cybersecurity measures that help ensure transparency, consistency, and better outcomes. Zscaler is foundational to the digital trust we are continually building with our customers.”

Using Zscaler’s URL filtering, EML can create granular rules about sites, categories, and user groups, and apply acceptable use policies. This also controls the use of AI tools and helps limit risk.

Next up: Expanding the use of zero trust architecture

With a successful initial deployment, EML is preparing to strengthen its security posture by leveraging additional solutions and extending zero trust to all users at all times. When users are onsite, EML currently connects employees to internal resources over its LAN. In the near term, Devlin and Gelderblom intend to bring the security advantages of ZPA to in-office connections as well, with cloud sandbox and browser isolation technologies.

“Because threats are getting more and more sophisticated, we’re looking at Zscaler Cloud Sandbox and Zscaler Browser Isolation to ensure that we stay safe,” said Gelderblom. Zscaler Cloud Sandbox quarantines and analyzes unknown or suspicious files before they reach users. During the analysis, Browser Isolation allows instant, virtualized access to flattened PDFs and documents so that there is minimal user interruption.

Devlin advises organizations in a similar situation to “Make your life easier and happier—get off VPN and move to Zscaler. It made my day-to-day operations a lot smoother and more secure because there are fewer interruptions and we have happier users. You want to uplift your user experience and security? Move to Zscaler.” 

Gelderblom concurred: “Don't waste your time on other vendors that claim to offer a private access solution. Just talk to Zscaler. That's my honest message.”