-By Scott Robertson, Vice President, Asia Pacific and Japan, Zscaler
The threat landscape in today’s world demands the constant retooling, updating, and maintenance of complex and sprawling security architectures. Typically, network security appliances work in isolation and it is difficult to get a comprehensive view into threat activity and manage a multi-vendor security environment. Furthermore, as enterprises adopt policies such as “bring your own device” and mobility, users can add to the problem as they succumb to social engineering attacks or forget to install the latest updates on their systems, leaving enterprises vulnerable to exploits like ransomware and other advanced threats. All of these complex issues drive up costs, and security teams are finding themselves making compromises between cost, performance, and capability.
Security breaches escalate year after year and network security appliances have traditionally been the best solutions available to enterprises. However, the technology landscape has changed radically. In the era of cloud and mobility, users and applications have moved off the network and the secure perimeter has dissolved. According to survey by Longitude Research along with Oracle and Intel, 43 percent of Indian enterprises have implemented cloud and there are emerging group of enterprises that have 70 percent or more of their applications in the cloud. An increasing percentage of business is taking place outside the bounds of the corporate network, yet legacy appliances remain stuck in the data center.
Software applications—Microsoft Office 365, Google Drive, and others—are meant to be accessed directly, but due to limitations imposed by traditional network security appliances, user traffic is routed through the data center, which creates latency and frustrates users. In many cases, users simply bypass security controls and go direct, compromising security in the name of productivity. Branch office workers face compromises, too. It’s nearly impossible to replicate HQ security in branches, so organizations find themselves either backhauling internet traffic—which is expensive and slow—or accepting less stringent security.
There are massive investments in security appliances and services across Indian enterprises—estimated at US $1.7 billion this year according to research firm Gartner. Despite the investments, breaches are increasing in scale, frequency, and sophistication. In a nutshell, network security appliances are not sufficient to protect against sophisticated cyber threats. As users across enterprises in India move beyond corporate network, they still need to get comprehensive and consistent security no matter where they connect, especially since poor security awareness and habits are hard to change. Furthermore, IT teams that manage security shouldn’t have to compromise between what they can inspect and what they can afford.
As applications and infrastructure move to the cloud to take advantage of its lower costs, scalability, and agility, how can enterprise security make the transition? There’s an easier and more cost-effective way to achieve cloud-ready security through a cloud-delivered, set-and-forget architecture that’s ubiquitous, with always-on security and access controls (no more bypassing), and transparent updates (no more delays due to change windows). Here’s what a global, cloud-ready enterprise security solution should deliver:
Software-defined policies that securely connect users to applications regardless of network
Fast, secure, direct-to-internet connections
Centralized controls and visibility into threats and user activity across the entire cloud
Around-the-clock security updates for prevention against new and evolving threats
Consistent policies that follow users, no matter what devices they’re using or where they’re connecting—headquarters, remote offices, cafés, or airports
A global security cloud has an architecture that’s purpose-built to enforce policies equally on all cloud traffic at all locations and for all users. It’s a new model for cloud security that is fueled by the ongoing disintegration of the traditional network perimeter. Enterprises across India are rushing to capture the benefits of the cloud, which shifts apps, data, and users from inside the old security perimeter to “out there” in the cloud. And they’re doing it in increasing numbers. A typical enterprise uses about 1,000 cloud services with a workforce that is 40 percent mobile. Globally, there are about 30 billion devices connected to the internet. Billions more IoT devices are poised to swarm into use with 5G.Two fundamental issues impede the ability to secure a cloud-enabled enterprise with a legacy perimeter approach. Remote users are often outside the visibility and control of an enterprise. Furthermore, branch traffic is backhauled to central or regional hubs, which stunts performance and results in a poor cloud experience.
Another legacy downside is unpredictable security capabilities—the byproduct of deploying, managing, and upgrading appliances for hundreds or thousands of branches. Often, the smaller sites get fewer controls; for example, they might not be able to scan all encrypted traffic or divert suspicious traffic into a sandbox. As a result, security policies are applied unevenly, increasing the potential for a breach and raising the enterprise risk profile. A global security cloud eliminates all those variables and provides uniform security for all internet-bound traffic at all locations for all users. The cloud-based controls—a security stack in the cloud—means it’s always available to inspect all traffic, including all ports and protocols. There is no difference in policy control for an office of thousands or a branch with just five users.
As attackers become more sophisticated, they can exfiltrate sensitive data from enterprises and leverage ransomware attacks against organizations, often with precise targeting. The advantage of a global security cloud is the ability to immediately share security intelligence and push protections out to all customers across the cloud, which enables a faster, global response to emerging threats.