Zscaler: A Pillar of Trust and Resilience.
Recently, we shared exciting news about Zscaler’s ongoing expansion, as we continue to welcome an increasing number of clients who are looking for a reliable security cloud that ensures both protection and an exceptional user experience. Achieving the milestone of 500 billion transactions daily is a testament to the confidence our customers place in us.
This trust has been developed over time and is well-deserved, considering Zscaler functions as a vital security cloud that operates between users, devices, and applications, making us essential for our clients. Providing dependable service and optimal performance is of utmost importance, which is why we meticulously manage demand to ensure robust service availability and capacity.
The results speak for themselves! As the volume of daily transactions has surged in recent years, we have experienced a notable decrease in the number of support inquiries managed by our customer success team.
Emphasizing Business Continuity
In 2024, the importance of business continuity planning (BCP) has grown significantly, fueled by an increase in both governmental and industry mandates such as DORA. Furthermore, a series of notable IT outages that have affected large populations worldwide have brought this issue to the forefront. With organizations heavily dependent on security and uptime, it is crucial for service providers to ensure the reliability of their offerings while adhering to regulatory standards.
Clients, particularly those in regulated sectors, frequently reach out with inquiries such as, “We have faith in Zscaler and your commitment to developing a top-tier security cloud, but how can we prepare for an unforeseen event, no matter how improbable it seems?”
At the beginning of 2023, Zscaler unveiled resilience features for our security cloud. This innovation provides businesses with a way to remain operational during extensive internet outages or major national-level threats to the infrastructure supporting Zscaler services.
These customer-driven resilience tools address the fundamental necessity of maintaining operations. Now, it’s time to elevate our offerings further, and we are excited to reveal substantial upgrades to our resilience solutions that lessen interruptions to regular operations, even in the face of a catastrophic event, often referred to as a “black swan.”
As we considered how to enhance our initial resilience capabilities, we established three primary objectives:
Zscaler
Introducing Business Continuity Private Clouds
As part of the next phase in enhancing our resilience offerings, we are excited to present Private Business Continuity Clouds. This innovative solution incorporates a private control plane alongside the existing private data plane, allowing seamless access to applications while maintaining a robust security framework, even in scenarios where the public cloud may become unavailable or inaccessible. Customers will have the flexibility to deploy local services within their own data centers or choose an upcoming fully managed solution by Zscaler. The necessary components to implement this vary between internet/SaaS and private applications, so let’s delve deeper into the specifics.
Internet and SaaS Applications (ZIA)
For customers seeking to maintain precise control over their web access and SaaS applications during critical failures, deploying one or more Private Service Edges is essential. These physical or virtual appliances are managed by Zscaler Cloud Operations and offer functionality comparable to that found in typical operations via Zscaler’s Public Service Edges, which are the internet gateways to the Zero Trust Exchange, boasting over 160 locations globally. The primary capabilities of a Service Edge encompass thorough web traffic inspection in both directions to detect malware, along with the implementation of policies concerning malware, security, compliance, data loss prevention, and firewalls.
Enhancements to the Private Service Edge include the integration of Client Connector, which can switch over to the Private Service Edge and form a Z-Tunnel 1.0 by utilizing the Business Continuity PAC file. A novel Private Policy Caching feature has also been introduced, enabling smooth failover between the Private Service Edge and Public Service Edges by serving as a backup for the public Central Authority servers. These Central Authority servers are responsible for hosting all customer policies and settings, monitoring the cloud, and acting as a hub for software and database updates, in addition to aggregating threat intelligence.
With the implementation of the Private Policy Cache, customers can maintain a comprehensive security posture during significant failures, ensuring access for unauthenticated users who need it in those critical moments.
Zscaler
Private Applications (ZPA)
Private applications operate in a manner that keeps them hidden from anyone who does not have explicit access rights. This sets them apart from public SaaS applications, which must be accessible online to be found and used. This distinction leads to specific challenges concerning the management of severe failures.
Zscaler has developed a solution to address this through a new Private Cloud Controller. This virtual appliance remains synchronized with the public Zero Trust Exchange until a failover occurs, or the ZTE becomes inaccessible for any reason. This approach was initially created to meet the rigorous demands of the military’s DDIL (Denied, Disrupted, Intermittent, and Limited) scenario, where federal agencies are required to maintain zero trust access to vital applications, even if the connection to the public cloud is lost. During such situations, the Private Cloud Controller takes over a broad range of responsibilities, surpassing what was previously offered:
Zscaler
Business Continuity for Endpoints
Consider a critical scenario where an organization’s endpoints, such as laptops and mobile devices, have been compromised, similar to the incident that occurred with Maersk in 2017. Even if the Zscaler public cloud remains operational and accessible, an organization in such a predicament could face serious challenges without a secure method to connect productivity devices to essential applications.
This is where Cloud Browser Isolation comes into play, providing secure, agentless access to web applications for BYOD (Bring Your Own Device) users. This feature is already part of the Zscaler portfolio, serving as a viable alternative to VDI (Virtual Desktop Infrastructure) or to secure BYOD usage. Its capabilities make it especially valuable during catastrophic events, allowing affected organizations to leverage any unmanaged or BYOD device for application access through a web browser. Employees can effortlessly transition from their inoperative corporate devices to continue their work. Zscaler streams applications as pixels to the ‘guest’ device, ensuring that robust security measures and policy controls remain intact, thereby preventing data loss.
Zscaler
Conclusion
In the realm of technology, it is inevitable that issues will arise. IT specialists around the globe devote a significant amount of their efforts to reducing potential disruptions to productivity by enhancing resilience in various forms. This is akin to having an insurance policy; however, in terms of business continuity planning for cybersecurity, it encompasses more than that—many sectors are compelled to comply with regulatory and compliance requirements.
These demands have led clients to seek greater capabilities even during the most severe crises. With the introduction of these groundbreaking solutions from Zscaler, businesses can rest assured that their operations will face minimal to no interruptions. To find out more, check out our solution brief, or view our on-demand webinar.