For the past three decades, organizations have been building and optimizing complex, wide-area, hub-and-spoke networks, connecting users and branches to the data center over private networks. To access an application, users had to be on the trusted network. These hub-and-spoke networks were secured with stacks of appliances, such as VPNs and firewalls, in a “castle-and-moat” security architecture. This served organizations well when their applications resided in the data center.
Today, users are everywhere, and data and applications no longer sit in data centers. For fast and productive collaboration, they want direct access to apps from anywhere at any time. Given this, it doesn’t make sense anymore to route traffic back to the data center to securely reach these applications in the cloud. This is why organizations are moving away from hub-and-spoke networks in favor of direct connectivity to the cloud, using the internet as the new network.
Perimeter-based security has failed modern business
Traditional hub-and-spoke networks put everything in the network—users, applications, and devices—onto one flat plane. While this allows users to access applications easily, it gives that same easy access to any infected machine. A single infected machine in a user's home or any infected workload in a public cloud can access all your applications, bring them down, and cripple your business.
So how do you ensure the same level of protection in all locations? Deploying hardware or spinning virtual firewalls is a nonstarter. It only provides a false sense of security and increases your attack surface. Every internet-facing firewall—whether in the data center, cloud, or branch—can be discovered, attacked, and exploited. Breaches will continue as long as organizations depend upon VPN and firewalls for cybersecurity.
The solution: a zero trust architecture
Zero trust begins with the assumption that everything on the network is hostile or compromised, and access to an application is only granted after user identity, device posture, and business context have been verified and policy checks enforced. In this model, all traffic must be logged and inspected —requiring a degree of visibility that traditional security controls cannot offer. To realize the vision of a secure hybrid workplace, organizations need to move away from castle-and-moat security and toward a zero trust architecture that secures fast, direct access to applications anywhere, at any time.
The Zscaler Zero Trust Exchange: The One True Zero Trust Platform
Zscaler is a pioneer in zero trust security, helping organizations worldwide secure their digital transformation with the Zscaler Zero Trust Exchange. It is an integrated cloud-native security platform founded on the principle of least-privileged access, and the idea that no user, workload, or device is inherently trustworthy. The platform grants access based on identity and context such as device type, location, application, and content, before brokering a secure direct connection between an application and a user, workload, or device – over any network, from anywhere. Its proxy architecture terminates every connection in real time to inspect all traffic—including encrypted traffic—to eliminate attack surface, prevent lateral movement of threats, and stop data loss.
Every communication that flows through the Zero Trust Exchange is subject to a series of controls before establishing a connection, including:
- Verifying identity and context. Once the user, workload, or device requests a connection, the Zero Trust Exchange first terminates the connection and then determines who is connecting, what the context is, and where they are going.
- Controlling risk. The Zero Trust Exchange then evaluates the risk associated with the connection request and inspects the traffic for cyberthreats and sensitive data.
- Enforcing policy. Finally, the Zero Trust Exchange uses the outputs of the previous steps to enforce policy on a per-session basis to determine what action to take regarding the requested connection.
The Zero Trust Exchange is the world's largest inline security cloud, operating from more than 150 data centers globally and processing hundreds of billions of transactions per day. Purpose-built for scale, The Zscaler Zero Trust Exchange delivers a truly comprehensive set of capabilities to eliminate multiple point products – all within a single solution:
1) Cyberthreat protection: Applications sit behind the Zero Trust Exchange, which makes them invisible to the internet. They can't be discovered, bad actors can’t attack what they can't see, and all traffic is inspected for cyberthreats.
2) Data protection: The Zero Trust Exchange provides a holistic approach to prevent data loss through inline inspection and out-of-band protection across SaaS, IaaS, and PaaS as well as email and endpoints.
3) Zero trust connectivity: The Zero Trust Exchange platform connects users and devices to applications, not the network. Threats cannot propagate laterally to infect other devices and applications. And all this is done without the complexity of network segmentation.
4) Digital experience management: Zscaler’s AI-powered engine monitors end-to-end user experience and can pinpoint the root cause of issues so IT can proactively resolve them.
The Zero Trust Exchange makes it possible to achieve a zero trust architecture that’s seamless, secure, and cost-effective – without needing to make compromises. This solution is unique in the market because its purpose-built architecture enables organizations to:
- Eliminate the internet attack surface and lateral movement of threats: Users are connected directly to the applications and not the network.
- Improve user experience: The Zero Trust Exchange intelligently manages and optimizes direct connections to any cloud or internet destination, with no need to backhaul traffic, thereby eliminating latency and inefficiencies.
- Seamlessly integrate with leading cloud, identity, endpoint protection, and security operations providers.
- Reduce cost and complexity: Simple to manage and deploy without the need for VPNs or complex network perimeter firewall policies.
- Deliver security at scale: World’s largest cloud security operating from 150+ data centers globally, processing 250B+ daily transactions per day.
Learn more about the One True Zero Platform and how Zscaler can accelerate your zero trust strategy at www.zscaler.com.