What is zero trust?
Zero trust is a distinct architecture that provides secure connectivity based on the principle of least-privileged access. It inherently prevents excessive permissions and gives users and entities access only to the specific IT resources they need in order to do their jobs. On top of that, zero trust means analyzing context to assess risk and determine whether or not to grant access, rather than using identity alone to do so. This is all achieved through a cloud platform that delivers zero trust connectivity as a service at the edge—meaning from as close to the end user as possible. In short, think of a zero trust platform as an intelligent switchboard.
Zscaler
Figure 1: Zero trust architecture with Zscaler
What is zero trust not?
The architectures of the past are perimeter-based, built on firewalls and VPNs. They connect the user not to the resources themselves, but to network housing these resources. A typical depiction of this kind of architecture is the ‘castle-and-moat’ where there is a moat (perimeter) around a castle (network) to keep out threats and protect what’s inside. However, if a threat crosses the moat, there is no other line of defense to keep it from entering the castle and freely moving within. In security language, this is referred to as lateral movement – when a threat moves unrestricted across network resources. To understand more about lateral threat movement and other weaknesses of perimeter-based architecture, read this ebook.
Zscaler
Figure 2: Perimeter-based architecture
Understanding zero trust as a distinct, cloud-delivered architecture directs us back to our initial assertion that a reliable platform for zero trust adoption is essential for organizations. Specifically, a vendor’s offer on zero trust must be tried and tested across three major areas outlined below.
Scalability
In cases where all traffic from an organization is directed through a zero trust vendor’s cloud for both security and connectivity, this cloud platform transforms into a vital service. It must possess necessary scalability features to be able to adjust with customers’ increasing traffic volumes in real-time. Lack of these features could result in organizations’ security and connectivity coming to a standstill, consequently affecting productivity.
Furthermore, without scalability, encrypted traffic, whether entire or parts of it, often goes unchecked. This is due to the fact that inspecting encrypted traffic is a process demanding a huge amount of resources and delivering high-level performance. Considering that 95% of all web traffic is now encrypted—with cybercriminals hiding 86% of their attacks within—organizations need to have the capability to inspect encrypted traffic at large scales to prevent threats and data loss.
It’s a common misconception that scalability issues only surface in the context of larger entities. This is far from the reality. Even smaller organizations without a well-established zero trust platform capable of scaling can encounter these problems. This especially holds true in instances when these entities undergo growth and their partners require seamless expansion of services. Put simply, organizations, regardless of their size, necessitate a zero trust platform constructed on a cloud with proven scalability.
A fact about Zscaler that might be new to you is that our name implies “zenith-point of scalability.” Since the inception of our organization, our prime aim has been to offer unparalleled performance. The term “Zero Trust Exchange” refers to Zscaler’s zero trust platform. It is the globe’s biggest inline security cloud. The platform showcases an array of data and evidence that illustrates its immense capability for scaling:
So, when the choice is about a zero trust platform, why not opt for something that symbolizes the epitome of scalability?
Zscaler
Figure 3: A snapshot of some of Zscaler’s data centers around the world
Resilience
For IT leaders, continuity planning for mission-critical services is a top priority at board level. To give an example, a zero trust platform holds a strategic inline position among users, workloads, apps, and more, designating it as a mission-critical service. Consequently, companies must be assured that unexpected occurrences will not interfere with their vendor’s services; if they did, there would be negative impacts on security, connectivity, and productivity.
The Zscaler Resilience is an integral part of the Zero Trust Exchange. This is a comprehensive suite of resilience capabilities that offers continuous availability and serviceability. With customer-controlled disaster recovery features and other robust failover options, we assure uninterrupted business continuity, even in the face of catastrophic events.
Zscaler offers the following capabilities for the following scenarios:
Zscaler
Figure 4: Zscaler Resilience functionality
A history of customer success
Zero trust platforms should not only offer scalability and resilience but must also prove their effectiveness in real-world customer applications. Businesses should consider a vendor’s track record with firms similar to theirs in size and industry, and facing similar security and connectivity issues. For larger organizations, it is vital to observe evidence of a zero trust platform being capable of managing a high traffic volume and demanding performance specifications.
At Zscaler, we proudly share numerous customer success stories through videos, blogs, case studies, and press releases on our website. We have assisted companies of all sizes and from all locations, from the 100-users of Australia’s Commonwealth Grants Commission to hundreds of thousands of users at Germany’s Siemens. Our platform even secures a million users with the Zero Trust Exchange at the New York City Department of Education. These numbers and testimonials validate the customer trust we have established with our platform.
Next Steps
If you are new to the zero trust model and would like to hear a beginner-friendly conversation on it, consider registering for our regular webinar, Start Here: An Introduction to Zero Trust. Additionally, our ebook 4 Reasons Firewalls and VPNs Are Exposing Organizations to Breaches might be useful for deeper comprehension.
Or, if you’re interested in finding out more about Zscaler Resilience and how the Zero Trust Exchange offers uninterrupted business continuity to customers, you can read our solution brief.