As the cloud transforms enterprise IT, it brings a lot more savings than cold hard cash. No question, reducing infrastructure costs is the #1 attraction to cloud. But there are two other cost dimensions with huge impact on security that must not be ignored. The payoffs depend on whether you approach security with a cloud vs. on-premises model. An organization’s choices are crucial – both for enterprise security and for the roles of its stakeholders.
15. 14
11%
82%
6% 1% 1% 1% 0%
Seconds Minutes Hours Days Weeks Months Years
68%
21%
7% 2% 1% 1% 0%
breach time to compromise
breach time to exfiltration
Average cost of a breach
is now $4 million in total
organizational cost
That’s a 29% increase of
total cost since 2013
The impact of one wrong download
Infect Quicker Steal More
Propagate and Control
841
847
980
1031
1095
Spyware/Keylogger
Phishing
Command and Control
Export Data
Stolen Credentials
Top threat action activities within incidents
involving credentials
of attacks spread from Victim 0 to
Victim 1 within one day
of confirmed data breaches involved
weak, default or stolen passwords.63%
75%
Verizon Data Breach Report ‘16 Verizon Data Breach Report ‘15 Ponemon Institute ‘16
Unknown Threat Costs
Let me give you a bit more about what we mean by cloud scale and delivering the largest most reliable and available cloud. Our cloud is deployed in 100 data centers across 5 continents.
So for instance, your employees sitting in Brazil go through the Brazil data center and employees sitting in India who go to Mumbai connect to the local data center
I only talked about volume of traffic. The number of threats and level of innovation and sophistication is increasing rapidly, so you must be able to evolve your cloud to handle more frequent updates. Appliances were never designed for this frequency of updates.
We do about a120,000 unique security updates every day. Imagine trying to update an appliance 120,000 times day. How often do you upgrade your appliances and how do you manage change control?
The next thing I want to mention is appearing with Internet exchanges. We peer with all leading Internet exchanges and leading apps, ranging from Office 365, to Azure, AWS, Box and Salesforce. This helps you get the fastest performance because our data center sitting in Chicago and New York are peered with the content, giving you fastest connection from our cloud.
We made sure that our cloud is very secure. We do ongoing internal testing and third-party testing and we are very good with redundancy — our cloud is built in from day 1 within our own infrastructure and across data centers where they can fail over. We have nothing to hide and have a Trust Portal which provides full monitoring for full transparency of both Zscaler and third-party partners. We are proud of our cloud and like to show how it’s performing.
Thanks to many of our early large enterprise customers, we’ve received a number of certifications for our cloud, including ISO 7001. These certifications are very important to us and we go through regular audits to maintain compliance. We’ve also received certification from EU-US Privacy Shield (the new agreement between the EU and US for transatlantic exchanges of personal data for commercial purposes).
The complete Zscaler Cloud platform is expertly positioned to disrupt the kill chain in several areas.
For inbound threats, a layered approach helps stop threats from reputation based blocking all the way down to advanced behavioral analysis. An integrated approach helps provide full threat context and visibility. It’s important to note that customers looking for this level of inspection from other vendors would have to piece together several solutions.
For outbound protection, Zscaler can deliver complete protection from botnet callbacks and malicious outbound activity, which helps disrupt data exfiltration and malware attempting to persist within the network.
Spin up VMS as you need them
Dynamically Route traffic through the services you need
Service Chaining and Context Sharing between disparate functions
Scale out for Tenancy, and Scale out for Performance.. Operational Nightmare!
Assumes most advanced bundles will be less than 30% attach rate.
With Zscaler it’s simple to get started. In fact, we’ve cut over 40,000 in 1 weekend night and 160,000 users over 60 days.
All you need to do to make Zscaler your next hop to the Internet is to make Zscaler your default route. A number of customers did this to block threats that were going undetected by their current security appliances without making any policy changes. Some also start by securing their mobile workers, then migrating their office locations. This allows them to take their security from a 6 or 7 to a 9 or 9.5 out of 10. No one is perfect. One ZPA customer got started with one of the uses cases before replacing their entire VPN infrastructure.
The second phase of the journey involves phasing out security appliances to reduce cost and complexity. This can be done at your pace, but more often than not, this is typically shortly after or in tandem with starting to send traffic to Zscaler.
With Zscaler in place, the third phase of the journey is about routing traffic locally via Internet breakouts to Zscaler. By routing traffic locally companies can optimize their MPLS spend and deliver a more secure and better user experience. Office 365 has been a key accelerator for local breakouts as Microsoft now recommends routing traffic locally and doing local DNS. So users are connecting to the closest Office 365 pop and on their CDN Network as fast as possible. ExpressRoute is now only recommending for very specific use cases. Microsoft also cautions against hub-and spoke-architectures with centralized proxies for a variety of reasons.