Cloud security provider Zscaler on April 20 revealed a number of innovations for its Zscaler Zero Trust Exchange platform designed to help organizations improve cybersecurity. This isn’t just a product update; the company announced new solutions but also resources for IT leaders and practitioners as well as deployment guides to speed up zero-trust adoption. It’s the combination of these offerings that will help companies modernize their approach to security and bring threat protection into the digital era.
Digital transformation drives the need for zero trust
The rapid uptake of digital transformation initiatives has changed the way businesses operate, serve customers and come to market. Digitization momentum was strong pre-pandemic, but COVID-19 accelerated plans by years in some cases as companies were forced to find new ways of functioning. This created faster-than-expected adoption of cloud applications, SD-WAN and work from home shifting the corporate network away from private MPLS services to the public internet. While this created unprecedented agility, it also opened up a number of new threat vectors and put companies at risk driving the need for zero trust.
The concept of zero trust is relatively easy to understand. The internet was designed on the principle that everything can talk to everything, which is why it works so well but enables threat actors to find one point of entry and have access to the entire company network. Zero trust flips the internet model by mandating that nothing can talk to anything else unless explicitly allowed. Easy to understand but very difficult to deploy.
Zero trust ties users to business policies
The starting point for zero trust is validating user identity and then applying business policies to authorize that individual to access the devices, applications or content they require. The default assumption comes straight out of Fox Mulder’s playbook where you “trust no one.” This isn’t always obvious because workflows can be highly complex–particularly when it comes to the cloud, because the internet is a public resource.
The three tenets of the Zscaler Zero Trust Exchange
- Connect users and applications directly to resources instead of the company network. This will limit lateral movement of threats creating a much smaller “blast radius” if a breach does occur.
- Make applications invisible to the internet. The applications that are protected by the Zero Trust Exchange can’t be seen or discovered across the internet reducing the overall attack surface. The attack surface for most companies has grown exponentially with the adoption of the cloud, so the ability to shrink it will be a welcome change to security pros.
- Leverage a proxy architecture. Traditional security is built on passthrough firewalls that blocked certain types of traffic but were blind to threats in encrypted traffic. A proxy architecture enables encrypted data to be inspected and policies applied before it reaches its destination.
Zscaler introduce three new innovations for the Zero Trust Exchange platform
Cloud-native zero trust now available on-premises. While the world is rapidly shifting to the cloud, not all businesses can put both feet in that world. Regulatory requirements, data sovereignty issues and other factors require that some functions remain on-premises. For that, the new Zscaler ZPA Private Service Edge enables customers to host the security capabilities in their own data centers but still allows Zscaler to manage the service. This security brokers user to private apps and removes the requirement for local network segmentation.
Mitigating web-based attacks and data leakage
Most external attacks come through the user’s browser. There has been a significant rise in these types of attacks since users started working from home as they are no longer behind corporate security technology. Zscaler’s new Cloud Browser Isolation sandboxes a user’s session, so sensitive data is blocked from being transmitted to the local device or company network. This makes the web experience safer and protects the user and company.
Automated policies
Zscaler announced a number of new APIs that can automate the creation of policies for newly discovered services and can revoke access based on time settings. Machine learning is used to discover workflows and then automatically segment the application traffic improving the effectiveness and scale of zero trust.
Zscaler is addressing the people and process side of zero trust
The company also made some people-centric announcements to help IT leaders and security pros. For the IT executive, Zscaler has created an online CXO community called the “REvolutionaries Forum” to enable members to share ideas and learn techniques to advance zero trust strategy and execution.
For security professionals, the company launched the Zero Trust Academy, a certification-based training program focused on the principles of zero trust. Members will learn how to secure access to private apps, SaaS apps and the internet using Zscaler solutions. The certifications will give companies confidence that a proven methodology and best practices are being followed.
Lastly, Zscaler announced a number of validated designs and blueprints to remove the friction from zero trust deployments. Customers have access to a number of jointly validated architectural guidelines to speed up multi-vendor zero trust while reducing the likelihood of errors. Zscaler has designs for a number of its partners across identity management, endpoint security, and security operations. This includes CrowdStrike, IBM Security, Microsoft, Okta, Ping Identity, SailPoint, SentinelOne, Splunk and VMware CarbonBlack.
Zero trust is something that’s been top of mind for security leaders for some time, but complexity has made it difficult to deploy at scale. The updates to its Zero Trust Exchange framework should help customers move this new security model from vision to reality.