For our client, like many organisations, IT had evolved through castle and moat IT infrastructure and security configuration. As the internet evolved into B2B, SaaS and remote user working, they had installed various types of security to keep their networks and data safe including outbound proxy gateways, Firewalls, AV, DLP. However with many of the applications used being in the cloud and the advent of more remote users the clients, hardware based security infrastructure was being pushed to its limits and was rapidly becoming not fit for purpose or use and the risk of being breached and their data being compromised was increasing. Therefore the client urgently required a more robust, reliable security solution for managing its internet traffic supporting some 100,000 + users across diverse geographic area.
Challenges:
- Migration of rules and configurations for multiple applications including complex financial transaction applications.
- Very large diverse user base
- Aggressive timescale
- Maintaining two proxy solutions during the transition
Essential Requirements:
The following were detailed as essential requirements for the solution:
- Cloud based solution
- Capable of supporting 100,000 + users
- Centralised management
- URL Filtering
- NetG Firewall
- AV
- Data Loss Prevention
- Sandbox – behavioural analysis for Zero Day protection
- Full packet inspection including SSL traffic
- Flexible access control lists IE; areas, departments, users
What our Consultant did:
- Reviewed the clients proxy configuration, establishing areas of dependency and risk.
- Reviewed the marketplace for the product that met the clients requirements.
- Established a test base to run a POC with the selected product prior to client sign off.
- Migrated in a closely monitored staged/batched manner, starting with 50 users and progressing quickly to batches of 5,000 users.
- Created an excellence team to work closely with application providers to address issues arising from the migrations – resolving 95% of issues within 24 hours.
- Maintained the legacy system to minimize any business risk when the migration caused issues.
Technology involved:
Our review of the products to meet the requirements established that the best product was Zscaler Cloud Proxy Solution
Result:
- Immediately addressed the security risks facing the business
- All 100,000+ users fully migrated to cloud based solution
- Zero downtime on any application accessed through a proxy
- All security elements of the solutions fully installed
Benefits:
- Risk Reduction.
- One point of entry for managing access to Internet based services.
- Zero hour protection protection for all internet based traffic.
- Cost/Productivity
- Improved throughput to/from cloud by negating the need for traffic to pass through numerous locally based systems ie; proxy gateways, DLP, Firewall etc devices.
- Reduced maintenance/licence costs – no more in house security systems to support pay for.or Fully scalable with unlimited capacity.
- Elastic cost service dependant on clients requirement.
- An elastic service with no restrictions on the number of users or throughput that is able to grow with the business.
Engineering Level Used:
- Cisco CCIE Switch & Routing
- Cisco CCIE Security