Zscaler is a security company that sees a great opportunity in today’s SASE-focused market. According to Zscaler, it was already working on the Secure Access Service Edge framework before Gartner came up with the concept, about a year ago. As a result, Zscaler can already offer organisations a SASE architecture now, with a platform that secures as much traffic as possible between endpoints and applications. We talked about these developments with Director of Transformation Strategy Nathan Howe.
Over the past period, several security vendors have expressed their views on SASE. Developing such an architecture often results in vendors including more services in their portfolios, after which they start looking at SASE in their way. Gartner defined SASE at the time as a package of network and security technologies to meet the ‘dynamic secure access needs’ of organisations. Typically, the covered technologies are SD-WAN, firewalls and CASB. The solutions can identify sensitive data and malware, and they can also monitor specific security issues.
By now, we can say that SASE has reached the hype phase, large parties such as Palo Alto Networks and McAfee regularly talk about it. However, this does not make Zscaler’s position uninteresting. After all, the company states that the architecture it offers was SASE even before Gartner came up with the term.
From proxy in the cloud to a platform that has to take many things into account
Zscaler has built a large security cloud to provide a good SASE architecture. This cloud is located between the user and the purchased IT service. In principle, this has been formulated as its mission since the inception of the company some ten years ago. Even then, it had to be done from a cloud-first standpoint, because the Zscaler’s founders were, at that time, convinced that everything would move to the cloud. That’s why they started offering a proxy in the cloud, offering users protection in different locations.
If we fast forward in time, Zscaler’s mission remained more or less the same. However, the IT world has made a giant leap. On the one hand, Zscaler’s security cloud sees personnel in many locations. On the one hand, a large number of employees will be in the office or on the move, while there is also a group working from home. In the current situation, the majority will be working from home. On the other hand, you also have to deal with the fragmented application landscape that employees, but also customers, want to access. Large enterprise organisations use hundreds to thousands of applications, such as SaaS services or internal applications running in their own data centers. Today, the average user expects to be able to access an application securely, regardless of their location and the location of the application. Any device, any location, on-network or off-network, as Zscaler describes it. To achieve this, you need many different security and network services.
The platform comes with many of its own services
A proxy in the cloud alone is, therefore, no longer sufficient to meet expectations. When you look closely at the number of security and connectivity services the Zscaler Cloud Security Platform uses, the platform uses more than ten services that companies would normally purchase as separate products. These services include firewalls, antivirus and Data Loss Provention (DLP) solutions. What’s Important for these services is that they have access to more than 150 data centers. As a result, there is always a location nearby, and the connection is fast. Zscaler processes a lot of data traffic in these locations, and billions of transactions can be processed every day, providing a solid basis for threat analysis.
Basically, you can divide the services that are part of the Zscaler SASE architecture into several elements. First, there are the access-oriented services that include bandwidth control, DNS control, firewall and URL filtering. Also, there are services to prevent cyber attacks, including advanced protection, antivirus, cloud sandbox and DNS security. Finally, Zscaler uses some services to protect data, such as cloud apps, DLP and File Type Controls. Most of these solutions we have explained in a previous article.
Optimising your architecture and complementing it with partners
So, what Zscaler and its SASE architecture are all about in the end is the following: the traffic between the application and endpoints is safe. All this traffic is examined and secured, regardless of location and whether or not any encryption is used. Zscaler strongly believes in its philosophy: today’s products provide secure access. Most solutions are created in-house, although occasionally a small acquisition is made to add specific expertise (e.g. on artificial intelligence) to the portfolio.
Zscaler has also clearly stated that it does not do certain things in Gartner’s SASE description. Specialist companies are better at that, which in Zscaler’s view makes it easier to work with such a party. Think of software-defined networking functionality, for which Zscaler collaborates with HPE Aruba, Citrix and Riverbed, among others. But also for Cloud Access Security Broker, an important part of access security, Zscaler prefers to use partners. In this area, the company works together with McAfee, Microsoft, Proofpoint and Bitglass.
Zscaler also continues to work on the user experience within its SASE architecture. The number of data centres used contributes to this, so there is little latency. Optimisation of threat detection can also contribute to the user experience, as it filters out smaller reports and allows security professionals to deal with bigger issues.
The direction Zscaler is moving towards is clear. It believes in SASE as an architecture for the future; the company stated that it was already working on secure access. The in-house services need to be optimised as much as possible for this purpose. What that basically means is bringing more than ten traditional security and network services together in a single architecture to create a consistent cloud security platform.
Ultimately, this platform will be complemented by several technology partners. Not all of the SASE services formulated by Gartner are available from Zscaler itself. In that case, technical integrations with solutions from other companies will provide a solution. Zscaler looks to the future with a clear vision. We are curious to see how this vision will develop further.