Herausforderungen

Replace VPNS with secure remote access from anywhere worldwide

Ergebnisse

Reaps significant cost savings from retiring network hardware

Simplifies security administration

Improves user experience for both end users and operations

Provides policy-based, secure remote access from anywhere

Accelerates the company’s zero trust journey

Displaced VPNs and slashed NGFWs from 320 to less than 20

Takeda Snapshot

The oldest pharmaceutical company in the world, Tokyo-based Takeda Pharmaceutical Company has more than 60 office and research locations in 110 countries around the world. From its Cambridge, Massachusetts offices, Takeda’s IT team manages systems for its global workforce.

Industrie:

Healthcare and Pharmaceutical

Hauptsitz:

Tokyo, Japan

Größe:

47,000 employees in 110 countries

Takeda’s transformation journey
Video

Takeda’s transformation journey

Mike Towers

Mike Towers

Chief Digital Trust Officer, Takeda
Now IT can instead provide “an app-by-app type of approach to give folks what they need, and not have to over-provision access. … With the Zscaler Zero Trust Exchange, we’re much more flexible with what we can provide.

Fallstudie

Merger drives transformation initiative

“When we acquired Shire PLC, we doubled the size of the company,” said Mike Towers, Takeda Pharmaceutical Company’s Chief Digital Trust Officer. Tasked with merging the security infrastructure of the two entities, Towers found himself having to integrate an incongruous patchwork of network hardware technologies and protect an even more widely dispersed user base.

The merger led to the creation of a corporate initiative to enable employees to work from anywhere. Towers prioritized four objectives: secure remote access, VPN replacement, better user experience, and a focus on control, regardless of whether a system is on premises or in the cloud.

Improving agility and protection without NGFWs

Fortunately, Takeda had already invested in the Zscaler Zero Trust Exchange and begun rolling out its Zscaler Internet Access (ZIA) service, initially to secure employee internet egress via the cloud and provide employees with a better, more consistent user experience no matter their location or device. But ZIA proved particularly valuable when Towers and his team were confronted with integrating what he called a “quite disjointed” network architecture.

“[The combined company] had about 320 firewalls in local sites, regional sites, core sites, and so on,” recalled Towers. “It was a very, very traditional, on-premises, network appliance-based architecture designed to protect the perimeter.”

Towers knew that this legacy castle-and-moat security infrastructure was already inadequate to provide the desired level of protection against cyberthreats, so the merger just accelerated Takeda’s migration to the cloud. “We were ready to move toward a zero trust type of model,” continued Towers. “We wanted to do that as quickly as possible, so we standardized on ZIA. By doing so, we displaced our next-gen firewalls.”

Implementing a zero trust approach with ZIA and the Zero Trust Exchange gave Takeda greater flexibility in enabling secure employee connectivity via local internet breakouts. “For our tens of thousands of employees spanning over 100 countries, we can apply the same security policies and provide a consistent experience—regardless of whether they are on premises or off,” Towers explained. “Because of that flexibility, Zscaler allows us to improve both user experience and security.”

Deploying remote access slowly…then very, very fast

In an industry built on research, Takeda Pharmaceutical Company relies heavily on internal development, and that requires extensive use of proprietary technologies, applications, and intellectual property. In the past, that dependence on machines that must stay on premises and regulatory pressures had prevented Takeda’s migration to the cloud.

Yet, looking to a cloud future, Towers envisioned a model of remote access for historically on-premises applications. “We wanted to provide secure access to those applications without granting access to the full network,” he said.

Consequently, Towers and his team turned to the Zero Trust Exchange and its Zscaler Private Access (ZPA) service, which provides fast, direct, secure access to private apps and services. The initial ZPA rollout proceeded cautiously, with deployment prioritized by both application and user. ZPA Towers also noted that Tokyo-headquartered Takeda — the oldest pharmaceutical firm in the world — is “values-driven,” and shifting to a cloud solution was a bit of a cultural change for the company.

Zitat

We were ready to move toward a zero trust model. We wanted to do that as quickly as possible, so we standardized on ZIA. By doing so, we displaced our next-gen firewalls.

Mike Towers, Chief Digital Trust Officer, Takeda

Goodbye VPNs

Deploying ZPA meant that Takeda could accomplish one of the initiative’s key objectives: replacing VPN hardware. “Remote access historically has meant remote network access,” said Towers. “We no longer think that way. … access should be more about the applications and services folks need.”

Besides providing more secure remote access, Takeda wanted to improve the user experience. “ZPA allows us to have the application accessed without somebody having to ever think about whether they must click some other window or some other emulation engine to get to it,” continued Towers. “We want to support that capability as quickly and with as little friction as possible.”

Zitat

For our tens of thousands of employees spanning over 100 countries, we can apply the same security policies and provide a consistent experience—regardless of whether they are on premises or off.

Mike Towers, Chief Digital Trust Officer, Takeda

When working from home becomes the new normal

As Towers and his team were progressing with a measured ZPA rollout at Takeda, the coronavirus outbreak hit. Like many multinational companies, Takeda saw its first operational impacts in China, where Towers notes branch offices were still using “legacy VPN infrastructure” on “dated network architectures that made application access and performance quite slow.” The solution? A “quick pivot to ZPA,” led by Towers and team.

But as the urgent need for employee remote access grew, Towers had to figure out how he and his colleagues around the world could sustain business continuity given such “unprecedented” challenges. “We’ve never had a situation where we have so many people working from home,” he says. “You practice for widespread work-from-home quite regularly, but no one practices with everyone doing it at the same time when all their children and families are home.” Access was one thing, managing crowded bandwidth was quite another: “Every worker [at home] is competing with Netflix and Xbox from the kids at the same time, so performance optimization for internet access is something that we’ve had to focus on.”

Towers and team looked at how Takeda users work with internal applications. They shifted Takeda’s “control and provisioning approach” so users would be concerned with which applications they needed to get their work done, and not so much with where those applications might reside. “We don’t want to think that way anymore,” Towers explained. “Now IT can instead provide “an app-by-app type of approach to give folks what they need, and not have to over-provision access.”

Zitat

This is a good time to be a security professional because you don’t have to worry about trying to balance user experience and security anymore. You can do both!

Mike Towers, Chief Digital Trust Officer, Takeda

Reaping cost savings and simplifying security

By leveraging the Zero Trust Exchange and its ZIA and ZPA services, Takeda has achieved what Towers calls “significant cost savings.” Retiring firewall hardware—from more than 320 appliances to a target of just a dozen—and VPN hardware eliminates a lot of future spending on upgrades and maintenance alone. As employees have shifted to local internet breakouts, Towers has also been able to do away with costly networks. “Ninety-eight percent of what [users are] going to is on the internet anyway,” he said. “We can get rid of a lot of expensive WAN links.”

In addition, after struggling with “a lot of niche point solutions,” Towers is now leveraging Cloud Access Security Broker (CASB) capabilities within the Zero Trust Exchange. “Zscaler can help us do more with CASB controls, be smarter with the data, and make better security decisions based on data,” explained Towers. “And because it’s in the cloud, and we’re already sending our traffic through it, we know that it will scale [and] be operationally stable.”

Looking toward a bright future

In the past two years, Towers and his IT team have had to adjust (much more adroitly than they could have imagined) to operational obstacles placed in their path. But though Takeda’s secure cloud transformation may be progressing at a faster-than-expected pace within the company, Towers remains optimistic.

“With the Zscaler Zero Trust Exchange, we’re much more flexible with what we can provide and since we’re running all our traffic through it, we know it can scale,” concluded Towers. “This is a good time to be a security professional because you don’t have to worry about trying to balance user experience and security anymore. You can do both!”

More from this customer

Evaluating vendor relationships in the context of zero trust
Industry-first zero-configuration data protection by Zscaler
Read the Press Release
Lessons learned: Secure digital transformation at Takeda
Read CXO Journey

Lösungen

Zero Trust App Access
Stop Cyberattacks
Protect Data