Cloud security provider Zscaler Inc. updated its Zero Trust Segmentation solutions Tuesday, with an eye to improving security, reducing complexity and lowering costs — specifically targeting organizations with widely distributed infrastructure, such as branch offices, factories, data centers and cloud environments.
Historically, these environments have been challenging to secure as they required on-premises appliances but had little to no information technology staff to manage them. Security threats have grown more advanced, and one of these locations being breached would lead to lateral threat movement, which would then cause the entire company to be breached. The famed Target breach was an example of this, as a breach of an HVAC system led to stolen point-of-sale data because of the malware spreading laterally.
One way to protect against lateral threats is to deploy internal firewalls restricting access between zones. Though this can work, it’s very complicated and extremely expensive, which is why it’s usually only done in the most mission-critical environments. In response to the growing need for protection against lateral threat movement and the complexities of securing remote and hybrid locations, Zscaler’s latest solution offers Zero Trust Segmentation as an alternative approach.
I recently discussed this topic with several Zscaler executives, including Ritesh Agrawal, vice president of zero trust device segmentation, Brian Lazear, vice president of product management, and Senior Product Manager Amit Nake. They provided insights into the strategy and capabilities that underpin this new offering.
Agrawal opened up by offering some context. “One infected device or one infected branch could bring the house down, so to speak because there was no control over lateral threat movement,” Agrawal told me. “This type of risk is exactly what we’re addressing with this solution.”
On this point, Agrawal is correct. One of the great things about an IP network is that it lets all devices talk to all other devices, which is why the internet works as well as it does. The downside is that once breached, that infected device can spread malware everywhere fast. Zero trust flips the network model where devices can only talk to the others they are permitted to, so the “blast radius” is kept small if a breach occurs.
Overview of Zscaler’s Zero Trust Segmentation
Zscaler’s Zero Trust Segmentation follows the zero-trust principle of “never trust, always verify” to securely connect users, devices and workloads. This solution isolates each branch, factory or cloud instance as a “virtual island,” which communicates directly with Zscaler’s cloud-based platform.
Zscaler applies tailored security policies to control access, reducing reliance on firewalls, network access control or NAC systems, and other on-premises security measures. This cloud-centric approach aims to simplify network security while addressing lateral threat movement, a common vulnerability in traditional network models.
The cloud model is key to scaling zero trust. Though there have been a host of other segmentation and NAC solutions, they were never widely adopted because on-premises systems need to be configured on a box-by-box basis. This can work in small or static environments but does not scale up. The cloud allows a single change to be pushed everywhere quickly. Also, because the policies are in the cloud if a device moves, the policy will follow it without requiring a security admin to update devices.
Key features and benefits
- Improved security through zero-trust architecture: Zscaler’s approach eliminates the need to extend corporate networks into remote locations, replacing them with a cloud-managed system. Each branch or factory connects, via broadband, to Zscaler’s platform, which applies security policies directly. For industries that rely on operational technology and internet of things devices, such as manufacturing, Zscaler’s solution segments and secures these assets, including legacy devices with outdated software, which can be vulnerable to attack.
“We were addressing east-west communication risks within and between branches,” Agrawal told me. “By isolating each device, we ensured that an infected device could not easily spread malware to other devices.”
- Cost reduction by replacing legacy infrastructure: Zscaler estimates that its solution can cut costs by up to 50% compared with traditional network models. By eliminating firewalls, site-to-site virtual private networks and software-defined wide-area network infrastructure, Zscaler enables organizations to reduce hardware expenses and streamline operations.
This setup enables branches to function with minimal hardware requirements, using broadband connections without additional security equipment.
- Support for multicloud and hybrid environments: Zscaler’s solution also addresses the security challenges associated with multicloud and hybrid models. Security management across different cloud providers often becomes complicated due to differences in protocols and configurations.
Zscaler’s Zero Trust Segmentation standardizes security across data centers, public clouds and inter-cloud communication channels, maintaining consistency in security policies. Initial support includes Amazon Web Services and Microsoft Azure, with Google Cloud Platform integration expected in early 2025.
- Deployment and scalability: Zscaler reports that organizations can deploy its Zero Trust Segmentation solution within days, allowing a quicker transition from traditional models. This solution also scales up easily, growing with an organization’s needs without requiring extensive physical infrastructure.
“In today’s dynamic threat landscape, organizations need security measures that can evolve with emerging challenges,” Nake told me. “Our goal is to empower security teams to implement robust defenses without adding operational burdens.”
Use cases and industry implications
Zero Trust Segmentation is ideally suited for firms with distributed infrastructure and connected devices, such as manufacturing, warehousing or retail.
For example, Gray Television, which operates multiple broadcast facilities, reports that Zscaler’s solution has reduced network costs and improved security. Financial institutions such as IIFL Finance Ltd. also benefit from consistent security across data centers and cloud environments, which reduces the risk of lateral threat movement and simplifies operations.
“Our solution allowed organizations to uniformly secure workloads and ensure they were not susceptible to lateral movement,” Lazear told me. “By standardizing security across these diverse environments, we could reduce complexity and strengthen defense against sophisticated threats.”
Some final thoughts
Zscaler’s Zero Trust Segmentation addresses a growing need for enhanced security and cost efficiency in distributed environments. “It’s about giving customers the ability to simplify security and reduce attack surfaces across environments that were once too complex or costly to manage holistically,” Agrawal said. “This shift is essential for businesses that want to stay secure and agile in today’s landscape.”
By replacing traditional infrastructure with a cloud-based, zero-trust model, Zscaler aims to enable organizations to secure remote locations, segment vulnerable devices, and protect multi-cloud environments without adding the complexity of extensive hardware. This approach could help organizations streamline network security, though adoption will ultimately depend on their requirements and existing infrastructure.