Défis
Rapidly adopt a scalable zero trust network access solution to enable a smooth WFA transition and embrace a hybrid work model
Résultats
Enables zero trust network access for WFA—20,000 employees transitioned within three weeks
Expands zero trust access to approximately 70,000 employees overall
Supplies executives with intuitive reporting that translates security data into actionable insights
Uncovers and protects apps previously unknown to the central security team across 36 business units
Provides a VPN-free solution to minimize attack surfaces and eliminate access barriers
California County Government Snapshot
This California county government, the largest local government agency in the US, provides more than 12 million citizens—approximately 27% of California’s population—with services including law enforcement, tax collection, public health protection, social services, elections, and flood control.
Industrie:
Federal and Government
Siège:
California, USA
Taille:
110,000 employees
Étude de cas client
Transforming to meet shifting priorities
Like many large enterprises, this large California county government was securing data for a modest number of remote employees until the COVID-19 pandemic transformed its workforce almost overnight.
“Previously, we’d averaged about 1,000 remote workers and used a legacy system to secure access,” explained the Deputy General Manager of Cybersecurity Governance and Operations at the County. “With the pandemic spreading, our board of supervisors notified everyone that they’d start working from home. As our legacy system didn’t scale, we needed a new solution fast.”
Visibility, scalability, and performance with Zscaler
As the largest local government agency in the US, with over 110,000 employees serving 12 million citizens, this County’s mandate ranges from animal control to public health. From an organizational perspective, it operates as 36 autonomous groups, each supporting its own IT staff and technology applications, with the exception of services like cybersecurity. “At the Internal Services Department, we’re responsible for cybersecurity across all of the departments,” the Deputy General Manager said.
Faced with quickly securing access to thousands of applications, for which it had no prior visibility, the cybersecurity team stepped up its evaluation of cloud-based offerings and selected Zscaler as a holistic zero trust network access (ZTNA) solution.
“Although we were already considering various cloud-based options, we needed to make the remote transition without knowing what applications were being accessed, or by whom,” said the Deputy General Manager. “Zscaler stood out for providing secure access by deploying an app on a user’s device, minimizing performance impacts on even our oldest machines.”
Rapid ZPA deployment to first 18,000 users
To meet its immediate work-from-anywhere (WFA) needs, the County initially elected to deploy Zscaler Private Access (ZPA). A VPN-free solution, ZPA accomplishes its zero trust mission using two lightweight applications. The first, called Client Connector, is deployed on client devices. The second, App Connector, is deployed to an enterprise’s internal applications, whether running on a public cloud or within a data center.
“We simply gave each IT department the Zscaler Client Connector app on a Friday and asked them to deploy it on County-issued devices,” the Deputy General Manager said.
Once Client Connector was on user devices, the cybersecurity team could see what internal applications each user needed. Then, App Connector was implemented accordingly.
“Over the weekend, we deployed ZPA to 500 information technology users,” said the Deputy General Manager. “By the end of the first week, we were deployed to 5,000 users and within three weeks we’d completed all 18,000 County-owned devices.”
Expanding its zero trust platform with ZIA
Next, the cybersecurity team turned to protecting cloud-based applications accessed via the internet, like Microsoft Office 365. “Our workforce heavily leverages Office 365, particularly Teams, Outlook, OneDrive, and SharePoint,” the Deputy General Manager said. “We also needed an access solution that could accommodate our long device refresh cycles.”
The County elected to expand its Zscaler Zero Trust Exchange™ platform deployment by adopting Zscaler Internet Access (ZIA). With ZIA, the agency can provide WFA access to SaaS applications and the internet, complementing private-access ZPA.
“Like the ZPA solution, ZIA also uses the same agent, Zscaler Client Connector, on devices,” said the Deputy General Manager. “Others require multiple agents that can bog down devices with memory limitations.”
In addition, Zscaler’s direct peering connection to Microsoft was a plus for accelerating, simplifying, and securing Office 365 access. “Routing traffic directly to Microsoft, rather than out to the internet and back to our systems, was a significant differentiator for optimizing user experiences, especially bandwidth-hungry Teams,” the Deputy General Manager said.
Zscaler professional services help meet compressed deadline
With its year-end deadline approaching for migrating approximately 70,000 workers from an existing solution to ZIA, the County contended with an exceedingly compressed implementation of about six weeks.
“As if working as a dispersed organization during the pandemic wasn’t challenging enough, we couldn’t alter our systems before November 10th due to an election freeze,” said the Deputy General Manager.
By utilizing Zscaler professional services, the County completed the initiative on time. “In collaboration with Zscaler, we migrated all users well ahead of our deadline,” the Deputy General Manager said. “Among other things, we credit Zscaler’s comprehensive and systematic project management approach with ensuring we stayed on track.”
Itemizing applications across all business units
Today, the County is realizing multiple rewards from its cloud-based Zscaler Zero Trust Exchange platform, which is designed to secure work-from-anywhere while facilitating exceptional user experiences.
According to the Deputy General Manager, business users are pleased with access simplicity and seamlessness. “They’re particularly impressed that they only need to log in once a day and require no training classes because it’s just that easy,” he said.
For the County’s cybersecurity team, Zscaler delivered unprecedented visibility into the applications that users access. “With Zscaler, we now have an itemization of all applications across every department that includes valuable specifics, such as how many individuals use a particular application, which department they work for, and how often the application is accessed,” said the Deputy General Manager. “We’re using the information to build a detailed inventory that is exceptionally helpful for supporting our broader security strategy.”
Executive Insights App supplies real-time context
A platform feature the County’s senior leadership particularly appreciates is the Zscaler Executive Insights App. It translates cybersecurity data into real-time curated views across all Zscaler solutions. Visualizations include the County’s risk scores and network usage along with industry benchmarks, breaking security news, and research.
“Our executives are excited they can use their smartphone or tablet to see which applications are being accessed by whom, where, and when,” said the Deputy General Manager.
The app also assists with maintaining business productivity, displaying traffic trends and identifying application utilization. “It empowers executives to pose more insightful questions and assists our security team with understanding the source of a question in order to supply a relevant answer,” the Deputy General Manager said. “Plus, having contextual insights enables us to adjust policies, which ultimately contributes to making us more secure,” he added.
Zero trust platform contributes to work-life and sustainability goals
Moving forward, the County intends to continue expanding its zero trust approach to facilitate the agency’s planned post-COVID hybrid work model, which will address work-life balance and environmental sustainability goals.
“Our County spans 110 miles end to end, which means a four hour round-trip commute for some people,” said the Deputy General Manager. “Our employees are definitely more enthusiastic about working remotely, which means we foresee continuing to expand our cloud-based applications and cybersecurity.”
With Zscaler, the County can enable its envisioned hybrid workplace. Among the options under consideration are ZPA Private Service Edge. This allows employees at hybrid work environments to enjoy the same zero trust access experience when they’re in the office as they do when remote.
“We plan to supply workers with the same seamless experience when they’re on-premise as they have when they’re off,” the Deputy General Manager said. “It also ensures our security team can maintain visibility and enable evolving our least-privileged access policies to continue improving our security posture.”
Regardless of which additional solutions it adopts, the County expects to continue receiving a range of benefits from its new zero trust platform. “Zscaler enables our agency to operate using modern cybersecurity technologies,” said the Deputy General Manager. “And our users receive a smooth access experience no matter where they are.”
Leapfrogging to a modern zero-trust approach
Faced with a near-overnight transition to a WFA during COVID-19, the California County leveraged challenging circumstances to leapfrog intermediate cybersecurity technologies and take a modern zero trust approach. This enables the County to continue its transformation to cloud-based business applications and implement a post-pandemic hybrid workplace model.
As a result, the County can provide its 110,000 employees with greater work-life balance while also reducing greenhouse gas emissions to meet State of California climate change mandates and goals.
Solutions