The key to successful IT transformation ZSCALER BRANCH TRANSFORMATION “ 50% of WAN traffic is destined for the internet for typical enterprises. d ” Consider that a typical enterprise organization sees more than 50 percent of its WAN traffic destined for the internet1, whether that’s recreational or business usage, cloud, or SaaS. Add to that the average compound annual growth rate (CAGR) for internet consumption—30 percent2 —and you have traffic volumes that your current network simply wasn’t designed to handle. It’s true that all bandwidth types are getting less expensive, but adding bandwidth does nothing to reduce latency. And latency is what kills user performance when accessing resources over a long distance and several hops. The promise of cloud apps to deliver improved productivity and user experience is hindered by legacy network topologies and architectures. If your WAN links are already carrying mostly internet traffic, and that traffic is going to double in the next three years, are your WAN links really much more than expensive internet circuits? And aren’t your data centers becoming just another hop to the cloud? This is where you start to ask yourself what your options are, and the realization sets in that the internet will become the new network. This is network transformation. Network transformation is how you will provide a more efficient path and better experience between users and cloud/SaaS. Network transformation is the catalyst to maximizing IT transformation efforts, which enable top-line business outcomes…a trickle-up effect, if you will. And it all starts with the branch. Solution Options In all likelihood, you have already begun the process of evaluating network transformation options, or you are now realizing that network transformation is the way forward for your organization. So, now what? To be effective, your network transformation efforts should provide the most direct path to resources on the internet, and present the possibility of immediate and long-term cost savings. With these goals in mind, transformation options should include the ability to leverage local internet connectivity at the branch offices. One option several organizations consider first is adding local internet breakouts (LIBs), and replicating their gateway security stacks (in part or in full) at remote locations. This option includes the benefit of providing a faster, more direct path and reduces the need to backhaul over MPLS, but it creates a very complex branch footprint. 1 2 Aryaka, “2017 State of the WAN Report”, 2017. Zscaler Cloud Engineering cloud organic growth statistics, 2017. ©2018 Zscaler, Inc. All rights reserved. 3 ZSCALER BRANCH TRANSFORMATION Internet traffic will nearly triple in volume by 2020 It’s expensive, too. To match the security capabilities of your centralized egress gateways, you’d need each branch outfitted with IPS, firewalls, proxy, sandboxing, DLP, and SSL inspection. If you don’t replicate each of these capabilities, you are compromising security in the branch and across the network. After all, you’re only as strong as your weakest point. And if you are replicating all of these capabilities, how complicated is that to manage from a local security appliance (physical or virtual) and policy perspective? Suddenly, the benefits of offloading internet traffic from your WAN are offset by challenges related to cost, risk, and complexity. Let’s not forget that internet traffic will grow nearly threefold in the next five years,3 with no indication that cloud adoption is slowing anytime soon. Therefore, these branch security stacks will have the same scalability issues that confront your centralized gateways now. Your refresh and upgrade problem goes from perhaps three or five gateways to 20 or 30, and possibly many times that number. This scenario often turns organizations away from the concept of network transformation. They would rather address traffic increases by throwing bandwidth at the problem—until something inevitably breaks. There is a better way. Your best option is one that allows you to leverage local internet breakouts, while removing the cost, complexity, and risk of deploying local security at each branch. This option should also keep your future costs flat, preventing you from having to make tough decisions about how to apply additional funding. You can transform as many branches as your organization needs to fully embrace your cloud and SaaS journey, providing branch employees with uncompromising security and a great user experience. Such a solution is only possible with cloud-delivered security. And it requires a true cloud solution, not a hybrid combination of cloud, endpoint, and on-premises hardware all cobbled together with the hope of it behaving like an integrated platform. Zscaler is a true cloud security platform. Zscaler services are fully integrated and delivered 100 percent in the cloud. The Zscaler model is all about the user, not the number of locations, so you can migrate branches and users away from centralized gateways without additional cost or changes in policy and security. This gives you the power to migrate branches by any priority you choose and as fast as you’d like. IT transformation moves applications from the data center to the cloud. To optimize this move, the network must also transform. But it requires you to have the right security in the right place. 3 Cisco, “The Zettabyte Era: Trends and Analysis”, June 2017. ©2018 Zscaler, Inc. All rights reserved. 4 Please complete the form to gain access to this content Access Now Related Resources Accelerating Secure Digital Transformation Busque estas diez capacidades imprescindibles Ricerca queste 10 funzionalità indispensabili Recherchez ces 10 caractéristiques indispensables Look for these 10 Must-Have Capabilities 10 unverzichtbare Merkmale einer unternehmenstauglichen ZTNA-Lösung Informe de riesgos de VPN de 2023 por Cybersecurity Insiders Report 2023 sui rischi della VPN di Cybersecurity Insiders Rapport 2023 sur les risques liés aux VPN par Cybersecurity Insiders 2023 Cybersecurity Insiders VPN Risk Report Report zu VPN-Risiken 2023 von Cybersecurity Insiders Cómo Zscaler cumple la promesa de la confianza cero en su arquitectura In che modo Zscaler onora la promessa dell’architettura Zero Trust Comment Zscaler honore la promesse de l’architecture Zero Trust How Zscaler Delivers on the Promise of the Zero Trust Architecture Zscaler: eine Lösung, die hält, was Zero Trust verspricht Ofrecer una seguridad incomparable y un valor económico superior con Zscaler Zero Trust Exchange Zscaler Zero Trust Exchange: una sicurezza ineguagliabile con un valore economico superiore Garantir une sécurité inégalée et une rentabilité optimale avec Zscaler Zero Trust Exchange Delivering Unparalleled Security with Superior Economic Value Erstklassige Sicherheit und überdurchschnittlicher wirtschaftlicher Nutzen mit der Zscaler Zero Trust Exchange
ZSCALER BRANCH TRANSFORMATION “ 50% of WAN traffic is destined for the internet for typical enterprises. d ” Consider that a typical enterprise organization sees more than 50 percent of its WAN traffic destined for the internet1, whether that’s recreational or business usage, cloud, or SaaS. Add to that the average compound annual growth rate (CAGR) for internet consumption—30 percent2 —and you have traffic volumes that your current network simply wasn’t designed to handle. It’s true that all bandwidth types are getting less expensive, but adding bandwidth does nothing to reduce latency. And latency is what kills user performance when accessing resources over a long distance and several hops. The promise of cloud apps to deliver improved productivity and user experience is hindered by legacy network topologies and architectures. If your WAN links are already carrying mostly internet traffic, and that traffic is going to double in the next three years, are your WAN links really much more than expensive internet circuits? And aren’t your data centers becoming just another hop to the cloud? This is where you start to ask yourself what your options are, and the realization sets in that the internet will become the new network. This is network transformation. Network transformation is how you will provide a more efficient path and better experience between users and cloud/SaaS. Network transformation is the catalyst to maximizing IT transformation efforts, which enable top-line business outcomes…a trickle-up effect, if you will. And it all starts with the branch. Solution Options In all likelihood, you have already begun the process of evaluating network transformation options, or you are now realizing that network transformation is the way forward for your organization. So, now what? To be effective, your network transformation efforts should provide the most direct path to resources on the internet, and present the possibility of immediate and long-term cost savings. With these goals in mind, transformation options should include the ability to leverage local internet connectivity at the branch offices. One option several organizations consider first is adding local internet breakouts (LIBs), and replicating their gateway security stacks (in part or in full) at remote locations. This option includes the benefit of providing a faster, more direct path and reduces the need to backhaul over MPLS, but it creates a very complex branch footprint. 1 2 Aryaka, “2017 State of the WAN Report”, 2017. Zscaler Cloud Engineering cloud organic growth statistics, 2017. ©2018 Zscaler, Inc. All rights reserved. 3 ZSCALER BRANCH TRANSFORMATION Internet traffic will nearly triple in volume by 2020 It’s expensive, too. To match the security capabilities of your centralized egress gateways, you’d need each branch outfitted with IPS, firewalls, proxy, sandboxing, DLP, and SSL inspection. If you don’t replicate each of these capabilities, you are compromising security in the branch and across the network. After all, you’re only as strong as your weakest point. And if you are replicating all of these capabilities, how complicated is that to manage from a local security appliance (physical or virtual) and policy perspective? Suddenly, the benefits of offloading internet traffic from your WAN are offset by challenges related to cost, risk, and complexity. Let’s not forget that internet traffic will grow nearly threefold in the next five years,3 with no indication that cloud adoption is slowing anytime soon. Therefore, these branch security stacks will have the same scalability issues that confront your centralized gateways now. Your refresh and upgrade problem goes from perhaps three or five gateways to 20 or 30, and possibly many times that number. This scenario often turns organizations away from the concept of network transformation. They would rather address traffic increases by throwing bandwidth at the problem—until something inevitably breaks. There is a better way. Your best option is one that allows you to leverage local internet breakouts, while removing the cost, complexity, and risk of deploying local security at each branch. This option should also keep your future costs flat, preventing you from having to make tough decisions about how to apply additional funding. You can transform as many branches as your organization needs to fully embrace your cloud and SaaS journey, providing branch employees with uncompromising security and a great user experience. Such a solution is only possible with cloud-delivered security. And it requires a true cloud solution, not a hybrid combination of cloud, endpoint, and on-premises hardware all cobbled together with the hope of it behaving like an integrated platform. Zscaler is a true cloud security platform. Zscaler services are fully integrated and delivered 100 percent in the cloud. The Zscaler model is all about the user, not the number of locations, so you can migrate branches and users away from centralized gateways without additional cost or changes in policy and security. This gives you the power to migrate branches by any priority you choose and as fast as you’d like. IT transformation moves applications from the data center to the cloud. To optimize this move, the network must also transform. But it requires you to have the right security in the right place. 3 Cisco, “The Zettabyte Era: Trends and Analysis”, June 2017. ©2018 Zscaler, Inc. All rights reserved. 4
