Years ago, we at Sanmina, a leader in the electronic manufacturing services (EMS) industry, recognized that the restrictions imposed by traditional security were becoming less effective. We aimed to enhance the productivity and security of Sanmina employees, wherever they might work. Our move towards cloud-based services and the integration of advanced Industry 4.0 manufacturing strategies highlighted the need to shift from old infrastructure practices to a zero trust architecture in order to decrease cybersecurity risks and simplify processes.
Based in San Jose, California, and operating in multiple locations across six continents, Sanmina holds a position in the Fortune 500 and stands as one of the largest global manufacturers of circuit boards and backplanes. We serve a diverse range of industries including medical, automotive, communication, as well as defense and aerospace, always striving to surpass our customer’s expectations by delivering superior performance, flexibility, and cutting-edge technology.
Why we shifted to Zscaler zero trust from a legacy system
Joining Sanmina in 1999 as a technical support staff, I observed a significant lack of effective security measures. Having climbed the ranks over time, I took charge of building a new security department. This role involved the introduction of stronger security solutions and emphasis on cybersecurity training for our workforce. I have seen technological changes in manufacturing and the vital role zero trust practices and frameworks play, making them indispensable for our ongoing success and expansion. Providing our widespread workforce with quick, yet secure, access to vital business applications is essential for our future endeavors.
Initially, we managed internet access via physical servers equipped with a Squid caching proxy at each of our 60-plus locations. Updating these consistently was a major issue. We transitioned to using the Zscaler Zero Trust Exchange™ platform with Zscaler Internet Access™ (ZIA™), which allowed us to eliminate the outdated servers globally.
The next hurdle was updating how we provided remote access through VPNs. Prior to adopting Zscaler, our network included employees, vendors, suppliers, and customers, all accessing the same VPN service as Sanmina employees. This was problematic, posing security risks from potentially harmful encrypted traffic and yielding slow performance due to traffic routing through firewalls to the data center before accessing necessary resources.
We also faced challenges with our VPN concentrators, which involved several physical units globally, each demanding unique configurations, rules, patches, updates, and maintenance. Manual implementation of changes to each unit across locations was cumbersome. It became clear that a zero trust architecture was unachievable with our existing VPN setup. We required a modern solution fit for a perimeter-less framework.
After exploring various alternatives, we decided on Zscaler Private Access™ (ZPA™), affirmed by our positive results with ZIA. ZPA emerged as the top option for resilient remote access, spearheaded by Zscaler’s extensive network of over 150 global data centers, which optimize connection paths to necessary applications and online resources. We have successfully discontinued traditional VPNs and now fully utilize ZPA for secure, remote access to private applications.
For those embarking on their Zscaler zero trust journey, here are six insights I’ve gathered to help ease the transition from traditional network setups:
Our initial step with Zscaler emphasized that zero trust was a comprehensive organizational strategy, rather than merely an IT initiative. It was crucial to promote the idea that security is a collective responsibility.
It’s essential to start with clear communication and education. Employees should understand what changes are expected and the reasons behind them for a smoother transition. Often, firms implement new technologies without properly explaining their purpose, functionality, implications, and benefits. In our experience, explaining these aspects well in advance facilitated a more receptive adjustment among staff. For example, when our team members learned that their re-authentication would be required only every seven days rather than every 23 hours, their enthusiasm for the new system noticeably increased.
At security conferences, I share with my colleagues that my team was once viewed as the “department of no.” We transformed that perception into being the “department of know.”
Adopting Zscaler required a leap of faith due to its novel approach, necessitating a departure from established IT processes in favor of new, more efficient methodologies enabled by Zscaler’s management capabilities.
Sanmina views mergers and acquisitions (M&As) as vital to its growth and profitability. Prior to using Zscaler Private Access (ZPA), integrating an acquired company was a sluggish process, starting with updating their systems to our standards and establishing secure network connections. Relying on VPNs also meant exposing our entire network to new users without assurance of their security measures, posing significant risks.
With Zscaler’s solution, newly acquired companies can be operational from day one, with employees accessing only approved applications, greatly enhancing our M&A security strategy. We took advantage of ZPA’s posture checking from an early stage and set geolocation policies that adjust employee network routes based on their location. This flexibility ensures ongoing productivity and secures our investments, regardless of employee locations.
One of the greatest benefits of the Zscaler platform is that we can turn the day-to-day administration over to our Security Operations teams. This is possible because of the platform’s user-friendly, intuitive interface. This allows our highly skilled security professionals to focus more on strategic goals than on tactical tasks. It’s a huge value to the company to be able to free up those resources for higher value projects.
Another key component of the communication piece is informing executives about our risk posture. When we were introduced to Zscaler Risk360™, we immediately put it to work. Risk360 enables us to visualize risk across our entire environment and drill down into risk factors and even financial exposure details. The framework makes it easy for us to prepare reports for the board and management team so they can get insights into how we prioritize security issues and apply mitigation actions.
The benefits of the Zscaler platform have been phenomenal. It has provided us with tremendous benefits that enable us to:
All of the above helps us accomplish our overall goal of mitigating risk across the enterprise so we can better serve our partners and customers.
We’re thrilled to delve deeper into Zscaler’s features. With the recent addition of the AI-empowered Avalor Data Fabric for Security integrated with Risk360, we aim to enhance our risk management capabilities. This will be achieved by detecting vulnerabilities early and addressing them preemptively. The data fabric enables us to gather comprehensive data from our entire network, offering a detailed understanding of the actual risks associated with those vulnerabilities uncovered by Risk360. In our role as a manufacturing entity, we are keen on adopting zero trust segmentation within our operational technology (OT) environments. Applying Zscaler’s Airgap technology will be crucial in safeguarding east-west traffic across our manufacturing sites, which are integral to our vital OT infrastructure.
The benefits we see from engaging with Zscaler are diverse. The Zero Trust Exchange platform has not only enhanced our agility and security stance but also uplifted our workforce’s productivity, reduced operational costs worldwide, simplified complexities, and enhanced oversight and management. Our experience with Zscaler has been exceedingly beneficial from the outset. Indeed, it represents a comprehensive success for our entire organization.
To understand more about Sanmina’s adoption of zero trust, read their case study.