The Direct-to-Cloud Network

Similar documents
Top 10 Reasons Enterprises are Moving Security to the Cloud

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Why Cloud Security? FIVE WAYS CLOUD SECURITY IS BETTER AT PROTECTING AND ENABLING YOUR BUSINESS. Why Cloud Security?

High Level Overview of IPSec and MPLS IPVPNs

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

4 Steps to Effective Mobile Application Security

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

OPTIMIZING THE NETWORK FOR APPLICATIONS

Mastering Network Design with MPLS

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

ZSCALER WEB SECURITY CLOUD FOR LARGE & MEDIUM ENTERPRISE

Reaping the Full Benefits of a Hybrid Network

WAN Optimization. Riverbed Steelhead Appliances

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

Corporate Network Services of Tomorrow Business-Aware VPNs

Mind the gap: Top pitfalls to avoid when reaching for the cloud. A whitepaper byfatpipe, the specialist in WAN & Internet Connectivity Optimisation

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Providing Secure IT Management & Partnering Solution for Bendigo South East College

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

Zscaler Internet Security Frequently Asked Questions

hybrid networks gaining technological and commercial agility from a new approach to networking

Seven Reasons to Embrace Cloud Security

How To Secure Your Employees Online With Zscaler.Com And Your Website From Being Infected With Spyware Or Malware

White Paper: Nasuni Cloud NAS. Nasuni Cloud NAS. Combining the Best of Cloud and On-premises Storage

Accelerate Private Clouds with an Optimized Network

Multi Protocol Label Switching (MPLS) is a core networking technology that

White Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments

Central management of virtual resources

Navigating to MPLS-Enabled Networks: The Search for Security, Flexibility and Simplicity

Moving to the Cloud: What Every CIO Should Know

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Virtual Private Networks Secured Connectivity for the Distributed Organization

Unified Threat Management, Managed Security, and the Cloud Services Model

VDI May Not Be The Right Solution

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Silver Peak s Virtual Acceleration Open Architecture (VXOA)

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

WAN and VPN Solutions:

Top IT Pain Points: Addressing the bandwidth issues with Ecessa solutions

Whitepaper. Controlling the Network Edge to Accommodate Increasing Demand

Nominee: Barracuda Networks

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Vyatta Network OS for Network Virtualization

November Defining the Value of MPLS VPNs

CLOUD NETWORK DEFENSE

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

E-Guide. Sponsored By:

The Advantages of Security as a Service versus On-Premise Security

PRODUCTS & TECHNOLOGY

How to cut communications costs by replacing leased lines and VPNs with MPLS

Building a better branch office.

Web Security Update. A Radicati Group, Inc. Webconference. The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited

How To Find A Vpn Wan Solution

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

2013 WAN Management Spectrum. October 2013

How to Determine the Best IT Strategy for Business

Aggregate speed and availability optimize your business connectivity. Visit for more information. Protonyx Data Services,

Citrix desktop virtualization and Microsoft System Center 2012: better together

Multi-protocol Label Switching

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Design Your Network For Maximum Efficiency

DUBEX CUSTOMER MEETING

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

ECESSA. White Paper. Optimize Your Network on a Limited IT Budget

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Executive summary. Introduction Trade off between user experience and TCO payoff

Site2Site VPN Optimization Solutions

Get Control of Your Data Center. Application Delivery Controllers

Unifying the Distributed Enterprise with MPLS Mesh

Egnyte Local Cloud Architecture. White Paper

Virtual Privacy vs. Real Security

Improve Application Performance in the Hybrid Enterprise

Assuring Your Business Continuity

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

How To Choose A Network Firewall

Private Cloud Solutions Virtual Onsite Data Center

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Replacing Expensive MPLS

End-to-End Secure Cloud Services. Pertino Perspective

Enterprise Solutions. Solutions for Enterprise Customers Data, Voice, Security. Get Started Now: to learn more.

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

Making a Case for Including WAN Optimization in your Global SharePoint Deployment

VPN. Date: 4/15/2004 By: Heena Patel

The Application Front End Understanding Next-Generation Load Balancing Appliances

Security Design.

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

Security is a top priority. The reasons for reliable network security keep growing.

Secure mobility with Citrix & Cisco

+ web + DLP. Secure 1, 2, or all 3 with one powerful solution. The best security you can get for one or for all.

Allot Communications Solutions. Enterprise Solutions. Ensuring mission- and business-critical application performance, and controlling IT costs

Top Five Considerations for Building a Cloud-Ready Network for Distributed Enterprises

Managed Enterprise Internet and Security Services

TERRE ACTIVE / BLUECOAT ROLAND MARTY WOHIN GEHT DIE REISE. Territory Sales Manager Switzerland. Septembre 2013

Mesh VPN Link Sharing (MVLS) Solutions

Database Security, Virtualization and Cloud Computing

Transcription:

Zscaler Whitepaper The Direct-to-Cloud Network Re-imaging Network Architecture to Leverage Mobility and Cloud Applications

Table of Contents Executive Summary 2 Introduction 3 Network Connectivity 3 The Traditional Network Architecture 3 Hub and Spoke is Broken 6 Re-Imaging a New World: A Direct to Cloud Network 6 Zscaler Direct-to-Cloud Network 7 Advantages of DCN 7 In Summary 10 About Zscaler 10 Executive Summary The twin trends of mobility and the cloud based business applications have rendered the traditional hub and spoke network architecture inefficient and expensive. To be effective, companies need to adopt a new paradigm to network architecture a Direct-to-Cloud network. Zscaler s Direct-to-Cloud network enables users to access the internet and cloud applications from anywhere, anytime, using any device while ensuring security and compliance with corporate policies and providing IT administrators complete visibility and control over user traffic. 2

Introduction The Internet has disrupted industries and business models and fundamentally changed the way we live and work. It has rendered long standing industries and ways of doing business obsolete almost overnight. For evidence of this just speak to anyone who was a former travel agent, stock broker or newspaper publisher. The advent and maturing of the cloud is igniting a whole new wave of disruption. Taken in conjunction with the rise of mobile devices, it has ushered in a new post-pc era that is calling into question former best practices that are no longer proving efficient or cost effective. Network Connectivity One area of that is ripe for change is network architecture. Traditionally, organization s stored their data and applications at a central datacenter, and most user traffic was to access said corporate data. Organizations used a hub and spoke architecture whereby remote offices were connected back to the central office (datacenter) and all network traffic flowed to and then out of the central office. Today, with companies hosting their data and business applications in the cloud, and users becoming increasingly mobile, it is estimated that over 80% of corporate traffic is internet bound. The very idea of channeling all of the network traffic to a central office only to send the traffic out to the cloud, and back out to the remote office or mobile device is extremely inefficient. As in other forms of communication and transportation, the shortest distance between two points remains a straight line. The Traditional Network Architecture Before we discuss the need for a new network architecture, let s review how network topographies emerged to accommodate business models and workers who increasingly decentralized from a HQ or common location. 3

Frame Relay Utilizing early technology, branch offices were connected to the central office hub via dedicated connections such as frame relay circuits. With the frame relay model, the remote office had no means of reaching networks outside of the central office. This provided the central office complete control in monitoring, securing and managing communications. On the flip side, frame relay limited how far the remote office could be located and introduced significant latency in the communication. It also represented a single point of failure -if the spoke connection went down, the remote location was left stranded. The cost of implementing this infrastructure and maintaining it was also substantial. Between the cost of the solution, the single point of failure and development of new technologies direct point to point connections such as frame relays have been superseded in most organizations. MPLS 4

With the advent of the Internet and public networks, frame relay gave way to MPLS. This allowed for much smarter network management, and gave remote offices the ability to communicate with others outside of the central office. MPLS could leverage frame relay as well as other protocols to deliver point to point connectivity across a variety of networks. It was much more flexible, redundant and scalable than single point to point protocols. However, MPLS while providing many benefits, was not really any cheaper actually than single frame relay, ATM or any number of other protocols in use. Perhaps more importantly, the ability of remote offices to communicate without routing through the central office introduced control issues or rather lack of control issues to the mix. Ensuring security and compliance with corporate policy across all offices and users became much more complex. VPN Another innovation to the remote office connectivity dilemma was VPN technology. IPSec VPN allowed the remote office to have direct internet access while being able to tunnel to the central office when required by creating an encrypted point-to-point connection. VPN is less costly than MPLS and is also much less complicated. However, it posed challenges on quality of service and required more network horsepower. Moreover, like MPLS, it gave the remote office the opportunity to connect to the outside world without routing to the central office thereby injecting security and oversight concerns. 5

Hub and Spoke is Broken As branch and satellite offices become more distant, and more and more employees use mobile devices to access corporate data from outside the office, backhauling to the central office via MPLS, VPN or direct connectivity becomes more and more burdensome and expensive. Latency is a real obstacle to doing business at today s increased velocity. And poor user experience just encourages employees to circumvent corporate procedures. With the very nature of the user traffic changing from being corporate server bound to cloud bound, the last rationalizations for using the hub and spoke architecture have been rendered moot. But there is still one overriding factor that organizations need to account for - security, policy and control. How can this be accomplished without routing all traffic back through the central hub? One option is to proliferate security appliances at each branch office or remote location. However, this adds significant CAPEX and ongoing maintenance overhead, without providing easy scalability or robust failover support. It also does not provide a robust cover to road warriors and mobile users. With mobile devices outnumbering PC s in the enterprise, and working outside the physical office becoming commonplace, proliferating appliances is obviously not a robust solution. Re-Imaging a New World: A Direct to Cloud Network As mobility and cloud technologies become the norm, a new network architecture is needed that effectively supports remote and mobile users, and the preponderance of cloud solutions and Web 2.0 technologies a Direct-to-Cloud network (DCN). What is a DCN? Simply put, DCN allows remote and mobile users to access cloud based applications and data by going directly to the internet. There is no longer a requirement to backhaul traffic to HQ except for accessing data residing in the central servers. The savings in time and money and the impact on user experience is self-evident. The caveat security, visibility and control. The key to a robust, enterprise ready DCN solution lies in the ability to ensure security, enforce corporate policy and provide administrators instant visibility to the user traffic all without needing to install appliances at every single user location. This is what the Zscaler Direct-to-Cloud network offers 6

Zscaler Direct-to-Cloud Network Zscaler s Direct-to-Cloud Network acts as a global check post in the cloud inspecting all end user traffic, including SSL encrypted traffic, bi-directionally regardless of location or device. It allows remote users and offices to access the data and applications they need from anywhere, anytime from any device while ensuring security against current and emerging threats and enforcing compliance granular user policies. DCN offers several key advantages: 1. Advanced Security: In today s evolving threat environment, blacklists/ whitelist and periodic security update patches have been proven to be ineffective. By sitting inline between the users and the Internet, Zscaler is able to scan every element of the page, match it against millions of signatures, behavior patterns and heuristics in real time and create a page risk index to determine whether to let the page pass through or send it for further behavioral analysis. As a cloud based service, Zscaler leverages the power of cloud intelligence - mining billions of daily web transactions to identify new and emerging threats as they occur. Once a threat is identified in any part of the network, the findings are applied to the entire network. We have lost the ability to control the client. The only place to do security is in the network. Zscaler is directly inline, doing packet inspection inline at a very high speed that s where the value is. MAN DIESEL AND TURBO, 15,000+ employees. Headquartered in Europe 7

2. Enable the mobile workforce: With the increasing computing power of mobile devices, and the bring your own device movement, corporate IT has been tasked with supporting a plethora of user owned devices and platforms. Mobile devices can enhance productivity but they also represent a new threat vector, especially with the ubiquitous usage of mobile apps. Zscaler DCN is platform agnostic - extending the same advanced protection to smartphone and tablet users, as it does to traditional PC users. To combat the unique threat posed by mobile apps, Mobile App Profiler TM fingerprints apps based on persistent visibility to the traffic patterns and identifies malicious apps or apps that leak confidential personal of device information. 3. Cost savings: With the nature of today s corporate traffic, there is no reason to pay for costly infrastructure and traffic charges to route traffic back to a central HQ and then back out to the internet. Between the capex of building backhaul pipes and the opex of maintaining these connections, Zscaler DCN affords tangible and considerable cost savings. Zscaler solutions paid for itself in 2 years estimated 1M savings in just software replacement cost BRITISH AMERICAN TOBACCO 55,000+ employees. Headquartered in UK Moreover, by sending traffic directly to the cloud, the potential for service disruptions is greatly reduced. The business impact of these disruptions can be the most costly aspect of maintaining long communication channels back to a central office. A different but related aspect of cost savings is the ability to ensure uniform policy and security cover across locations, without needing individual branch offices to manage complex in-house solutions. With Zscaler DCN, the central IT team can apply granular policies globally straight from the administrative UI with a few simple clicks. The impact of these costs savings tend to be more pronounced as companies globalize to beyond North America and Europe, adopt Web 2.0 technologies or have a larger proportion of road warriors and mobile users. Smaller offices across the world did not have the skill or the budget to administer a local appliance. So (with the appliance based solution) even one year after the publication of the internet use policy, it was not uniformly applied. Zscaler simplified administration and now policy can be centrally applied LEADING OIL & ENERGY CONGLOMERATE 200,000+ employees. Headquartered in Europe 8

4. Real time visibility and control: Zscaler s DCN provides IT complete control over setting policy at the granular user level, applying it across devices irrespective of where the user is located. However, the challenge is more than just applying policy it is about tracking usage in real time, and deriving meaningful data for reporting and corrective action. With its patented Nanolog Technology, Zscaler s DCN consolidate logs from various locations around the globe in a central repository within seconds and provides the organization a single pane of glass through which it can view and mine transaction data across devices, applications and locations. Every event we cover has an aspect of moving content over our network. If the network is down, the cost in terms of content, especially airimpacting content which is qualified with advertising dollars, is high LEADING MEDIA BROADCAST COMPANY 30,000+ employees. Headquartered in USA Zscaler Nanolog technology consolidates and correlates 8 Petabytes of data every year from 4,000 customers located in 180 countries, who generate 10 billion transactions per day. Another facet of visibility and control is the ability to leverage Web 2.0 technologies for business benefits. Many social apps like YouTube and Twitter are often used for marketing, and hence cannot be blocked completely. Yet such apps can suck up bandwidth and potentially even cause harm if employees post or upload malicious content. With Zscaler DCN organizations can mold policies to enhance productivity with cloud applications. For e.g. IT can ensure that bandwidth is prioritized for business critical apps like Office 365 and salesforce.com over social apps. IT can also set granular policies on social apps like permission to read but not write on Facebook, or allow only specific users to upload on YouTube. 5. Superior end user experience: With Zscaler s DCN, users are freed from having to use clunky VPNs, dedicated, but limited connections and convoluted paths out to the applications, resources and online locations they need to connect with. Authentication is seamless, and Zscaler provides varied options including partnerships with leading single sign-on vendors. More importantly, user traffic is routed to the closest node in Zscaler s global network of 100+ datacenters, ensuring low latency and a fast internet experience. Lastly, by sending traffic directly to the Zscaler DCN, users are not subject to the variances in bandwidth and connectivity that arise from piping traffic back from remote locations to a central office. While this may seem quaint in well-connected areas, communications in, and to and from other areas like Africa, South America and parts of Asia are less reliable and uniform. Saving over $1.5 million in backhaul costs every month by using Zscaler Direct-to Cloud network LEADING INVESTMENT FIRM 10,000+ employees, and 7 million clients. Headquartered in USA 9

In Summary As the pioneer in providing security through the Cloud, Zscaler is a uniquely positioned to offer a Direct to Cloud network. Zscaler has won the respect of CIOs and enterprise executives because it allows them to ensure security while enabling the productivity benefits provided by mobile and cloud technologies. The end result is a satisfying user experience with ample visibility and control for IT. The Direct-to-Cloud Network also frees up both manpower and equipment expenses by consolidating management and eliminating costly hardware. It thus provides more time for strategic planning and the money for implementation. Of course to the bold go the spoils of victory. Given the obvious advantages of the DCN, organizations need to be brave enough to break free of the spend and build philosophy building ever bigger, more costly data centers, connected by ever fatter and more expensive pipes. Casting this aside and putting faith in the Zscaler DCN as the network of the future will reward those executives and organizations who seize the opportunity. Those organizations who cling to the old models will be outmaneuvered and out innovated. Unfortunately history and fortune are not kind to those who get left behind. About Zscaler Zscaler is transforming enterprise networking and security with the world s largest Direct-to-Cloud Network, which securely enables the productivity benefits of cloud, mobile and social technologies without the cost and complexity of traditional on-premise appliances and software. The Zscaler Direct-to-Cloud Network processes daily more than 10 billion transactions from more than 10 million users in 180 countries across 100 global data centers with near-zero latency. Learn why more than 4,000 global enterprises choose Zscaler to enable enduser productivity, enforce security policy and streamline WAN performance. Visit us at www.zscaler.com. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information