Blog Category Feed https://www.zscaler.de/ Zscaler Blog — News and views from the leading voice in cloud security. de Was Japan und Deutschland in Punkto Transformation gemeinsam haben – oder auch nicht https://www.zscaler.de/blogs/what-japan-and-germany-have-in-common-in-terms-of-transformation Meine erste Reise nach Japan seit Ausbruch der Pandemie hat mir die Augen geöffnet: Deutschland und Japan sind gar nicht so weit voneinander entfernt, wie es auf der Landkarte aussieht, wenn es um die digitale Transformation geht. Kultur und Tradition spielen in beiden Ländern eine entscheidende Rolle für Veränderungsprozesse. Ein Verständnis für die Kultur ist dabei die entscheidende Grundlage für das Ingangsetzen von Veränderungen. Auf meiner Reise durfte ich nicht nur die japanische Pünktlichkeit der öffentlichen Verkehrsmittel erleben, sondern auch die Offenheit, im Zug miteinander ins Gespräch zu kommen. Ein älterer Mitreisender, der lange Zeit in Deutschland für ein japanisches Unternehmen tätig war, sprach mich an und führte mich sukzessive in die interkulturellen Unterschiede und Gemeinsamkeiten beider Länder ein. Sein damaliger Arbeitgeber, bei dem er in international leitender Funktion tätig war, war sein Leben. Einmal einem Unternehmen beigetreten, blieb man der Firma im Laufe des Arbeitslebens treu. Es wurde nicht alle paar Jahre das Unternehmen gewechselt, sondern intern auf der Karriereleiter nach oben gestiegen. Das gleiche Prinzip galt während seiner aktiven Zeit im Berufsleben auch für die Arbeits- und Produktionsprozesse. Diese wurden über viele Jahre kontinuierlich optimiert gemäß dem Credo „Verbessere, was du hast“. Es wurde Schritt für Schritt weiterentwickelt und adaptiert, aber Vorhandenes wurde nicht gänzlich ausgetauscht. Heute ist im Vergleich zu damals vieles anders, und es findet derzeit in Japan ein rasanter Kulturwandel statt, laut seiner Einschätzung. Die jüngere Generation hat eine andere Sicht auf das Leben und die Arbeitswelt und bringt die Bereitschaft zur grundsätzlichen Transformation mit. Für die aufstrebenden Führungskräfte gilt ein anderer Leitspruch, bei dem Vorhandenes abgeschnitten und durch komplett Neues ersetzt wird, um voranzukommen. Adaption führte lange Zeit zur Perfektion des Vorhandenen Das selbstverständliche Festhalten und Weiterentwickeln der eingeführten Vorgehensweisen sind der Grund, warum die vorhandenen Technik, Arbeits- und Handlungsabläufe in Japan so ausgereift sind. Das, was Japan beispielsweise in beeindruckender Weise im Griff hat, ist die Konnektivität. In dem Zug, in dem ich gesessen habe, funktionierte alles perfekt: das Internet, die Technik, die Sitzqualität, der Service. Der öffentliche Nahverkehr bietet einen technisch ausgereiften Arbeitsplatz, ein sehr bequemes Transportmittel, das zudem durch Pünktlichkeit glänzt. Wie in Japan das tägliche Leben abläuft, wie es von Technik in selbstverständlicher Weise unterstützt wird, ist beeindruckend. Diese vorsichtige Vorgehensweise der Optimierung hat allerdings sowohl Deutschland als auch Japan hinsichtlich der digitalen Transformation etwas ins Hintertreffen geraten lassen. Die Produktionshochburg Deutschland setzt auf lange Zyklen der Amortisierung getätigter Investitionen in Produktionsanlagen und ein eher vorsichtiges Taktieren hinsichtlich der Einführung von Innovationen. Erst, was sich in anderen Regionen als tragfähig erwiesen hat, wird hierzulande evaluiert. Das gilt für die Einführung der Cloud und die ganzheitliche Digitalisierung gleichermaßen. Da half auch nicht das Ausrufen der vierten industriellen Revolution im Zuge von Industrie 4.0 schon vor einer Dekade, damit die Innovationstätigkeit hinsichtlich der Digitalisierung in Schwung kommt. Interessanterweise sind die japanischen Niederlassungen im Ausland die Themen der Transformation im Alleingang deutlich schneller angegangen als das Mutterland. Das hängt im Wesentlichen damit zusammen, dass die Zentralen eine komplexe, über lange Jahre gewachsene, IT-Infrastruktur aufgebaut haben. Diese riesigen Legacy-Umgebungen haben japanische Unternehmen daran gehindert, den ersten Schritt der Innovation zu machen – zu lange wurde an der Perfektionierung festgehalten - ähnlich wie die hochkomplexen Produktionsanlagen die Digitalisierung in Deutschland ausbremsen. Darüber hinaus müssen vor allem die großen, traditionsorientierten Konzerne in Japan ihre Prozesse der Mitarbeiterführung adaptieren, um einen kulturellen Wandel herbeizuführen. Es ist beispielsweise nach wie vor eine Herausforderung für einige Unternehmen, das Systeme der Seniorität zu durchbrechen und junge Führungskräfte zu entwickeln. Historisch betrachtet hat Japan schon immer durch Produktinnovationen geglänzt. Allerdings zählen heute die drei Faktoren People, Prozesse und Plattformen als Transformationstreiber für japanische Unternehmen, die sich international behaupten wollen. Transformation ist unumgänglich Doch wenn es die Zeitumstände erfordern, geht auch in Japan sowie Deutschland alles ganz schnell. Noch vor drei Jahren war die Cloud ein Thema, das auf Applikationen beschränkt war auf beiden Seiten des Globus. Dann kamen Corona und die harten Lockdowns, die in Japan viel länger als in Deutschland gedauert haben. Der Druck, aus dem Homeoffice einen sicheren Arbeitsplatz zu gestalten, hat die Umstellung auf moderne und sichere Cloud-Architekturen beflügelt. Die herkömmlichen VPN-Zugänge konnten mit den Anforderungen an performanten und nahtlosen Zugriff für alle Mitarbeitenden oft nicht Schritt halten. Ebenso hat die Pandemie den Mitarbeitenden die Endlichkeit des Lebens nähergebracht. Ähnlich wie in Deutschland fordert die junge Generation an Arbeitskräften heute mehr Flexibilität, denn je. Homeoffice oder hybrides Arbeiten, flachere Hierarchien, mehr Selbstbestimmung und Work-Life Balance stehen ganz oben auf der Liste bei der Wahl des Arbeitgebers. Für sie gehört die Arbeit zwar zum Leben, aber sie ist schon lange nicht mehr das Zentrum ihres Lebens. Heute ist vor allem durch den externen Druck die Erkenntnis in die Unternehmen eingezogen, dass Adaption keine Transformation ist und fehlende Transformation die Unternehmen ins Abseits katapultieren kann. Die aktuelle Situation in beiden Ländern ist vergleichbar: sowohl in Japan als auch in Deutschland ist die Transformation Richtung Cloud und Digitalisierung von Produktionsumgebungen einschließlich flexiblerer Arbeitsweisen in vollem Gange. Sie wurde durch externe Faktoren wie die Epidemie und den dadurch ausgelösten Wandel unumgänglich. Die alten Zöpfe werden von Unternehmen in beiden Ländern heute rasch gekappt. Mehr zum internationalen Vergleich im Hinblick auf die Transformation ist im State of Zero Trust Transformation 2023 nachzulesen. Tue, 06 Dez 2022 01:48:53 -0800 Ismail Elmas https://www.zscaler.de/blogs/what-japan-and-germany-have-in-common-in-terms-of-transformation „Growing together, secured“ als Motto des EMEA Partner Summits war Programm https://www.zscaler.de/blogs/growing-together-secured-was-the-motto-of-the-emea-partner-summit Drei Tage Partner Enablement, Training und Networking auf Mallorca mit der EMEA Partner Community liegen hinter uns und die Eindrücke des Events wirken noch nach. Es war im wahrsten Sinne eine Fiesta, die wir mit rund 150 Partnern bei strahlendem Sonnenschein auf der Insel feiern konnten. Die Passion, Cloud-basierte Zero Trust-Sicherheit zum Kunden zu bringen und sie von den vielfältigen Einsatzmöglichkeiten eines Plattform-Ansatzes profitieren zu lassen, war während des EMEA Partner Summit eindrücklich zu spüren. Das positive Momentum des Marktpotenzials für Sicherheit aus der Cloud können die Vertreter von Service Providern, VARs, Systemintegratoren und Distribution mit in ihrem Vertriebsalltag einbringen. Denn wie Dali Rajic in seiner Keynote zum Ausdruck brachte, wird von Marktauguren erwartet, dass das Wachstum für Investitionen in Cloud-Technologien überdurchschnittlich schnell wachsen wird. Der Markt kommt auf unsere Partnern zu durch die fortscheitende Digitalisierung, die Bedeutung, die Belegschaft von überall aus produktiv arbeiten zu lassen und die Bestrebungen hybride Arbeitsumgebungen sicher zu gestalten. Durch das umfangreiche Portfolio der Zscaler Zero Trust Exchange Plattform finden Partner beim Kunden viele gemeinsame Anknüpfungspunkte, die weit über Sicherheit hinausgehen und bis zum Enabler des digitalen Geschäftsbetriebs reichen. Wachstumschancen durch Zero Trust sichern Das Motto „growing together, secured“ sollte dementsprechend die Möglichkeiten für den Channel aufzeigen, mit Hilfe eines Zero Trust-Plattformansatzes Umsatz zu generieren. Das Enablement für die Partnervertreter sorgt auch für ein Zusammenwachsen beider Parteien im Vertriebsprozess. Deshalb stellte Zscaler im Rahmen des Summits sein neues Programm für die Zertifizierung zum Zscaler Zero Trust Certified Architect (ZTCA) vor. Dieses umfangreiche Schulungsprogramm rund um Zero Trust für Netzwerk. Und Sicherheitsexperten trägt dazu bei, ganzheitliche Expertise rund um den Sicherheitsansatz auf Basis von Zero Trust-Prinzipien aufzubauen. Durch dieses Zertifizierungsprogramm kann beim Kunden die gleiche Sprache gesprochen werden und das volle Potenzial einer Cloud-Plattform platziert werden, die sowohl die Sicherheit für den User, Workloads und IoT & OT-Umgebungen umfasst und für einen agilen und resilienten Geschäftsbetrieb sorgt. Wie wichtig diese gemeinsame Sprache ist, zeigte das Gespräch mit der Banco Sabadell, einer der größten spanischen Finanzinstitute mit Niederlassungen in 14 Ländern weltweit und Banken in Spanien, Großbritannien und Mexico. Im Interview von Ismail Elmas, GVP International bei Zscaler verdeutlichte Marc Segarra, dass die Expertise des Partners im Herstellerportfolio für den Kunden von entscheidender Bedeutung ist, um Vertrauen in den gewählten Lösungsansatz aufzubauen. „Als Kunde müssen wir darin bestärkt werden, dass der Partner mehr Expertenwissen einbringen kann, als wir selbst besitzen und darauf aufbauend die besten Lösungsansätze, Architekturen und Konfigurationen vorschlagen kann,“ so Segarra. „Wir wollen einen Partner, der uns auf unserer Reise mit neuen Technologien begleitet und Ressourcen, Expertise und Services während des gesamten Prozesses einbringen kann.“ Partner Empowerment für die Transformation Dementsprechend stand das Partner Enablement im Mittelpunkt des Summits, um Partner zum Experten in Sachen Transformation zu Zero Trust-basierten Infrastrukturen zu machen. Die Flexibilität eines Cloud-Ansatzes trifft dabei einen Nerv: denn die Transformation von Hardware-basierten Sicherheitsinfrastrukturen zum flexiblen Security Service Edge-Ansatz auf Basis von Zero Trust ermöglicht Unternehmen jeder Größenordnung die sichere und zukunftsorientierte Umgestaltung zu einem Cloud-basierten Geschäftsbetrieb, bei dem Mitarbeitende, Workloads und digitale Produktionsanlagen über eine einzige Plattform abgesichert werden können. Anstelle der Verwaltung komplexer Architekturen tritt ein flexibler Ansatz, der Identitätsbasierten Zugang zu benötigten Applikationen, Workloads oder Geräten auch für Third Parties bietet. Zusätzlich haben Kunden die Möglichkeit, über Managed Security Service Provider ein flexibles Lizenzmodell für die Cloud Security Services zu beziehen, dass die nötige Flexibilität für den Geschäftsbetrieb bietet. Darüber hinaus nutze das gesamte Partner- und Executive-Team von Zscaler die Möglichkeit der Kontaktpflege mit den Partnervertretern. Im Rahmen persönlicher Gespräche auf Boardebene - zum Beispiel bei einer Runde Golf zu Beginn des Summits oder beim Mittagessen- konnte nicht nur die Beziehungen vertieft werden, sondern auch Themen auf Augenhöhe kommuniziert werden, um die Partnerschaften zu vertiefen und gemeinsame Go-to-Market-Strategien zu entwickeln. Dementsprechend gab es viel Lob von den Partnern für die Verfügbarkeit des gesamten Geschäftsleitungs-Teams für 1:1 Gespräche inklusive des Ökosystems an Technologiepartnern, um gemeinsame Vertriebsinitiativen rund um den digitalen Arbeitsplatz zu vertiefen. Auszeichnungen für Zero Trust-Experten Am letzten Abend war die Award-Nacht angesetzt, bei der in festlichem Rahmen die Auszeichnungen für die Partner des vergangenen Geschäftsjahres vergeben wurden. In elf Kategorien wurden Partner aufgrund ihres Commitments zur Zusammenarbeit sowie ihrer Expertise als Zero Trust Experten ausgezeichnet. Die folgenden Partner erhielten den Award zum Partner des Jahres 2022: EMEA Partner of the Year: Telefonica EMEA Service Provider of the Year: Orange Business Services EMEA Systems Integrator of the Year: NTT EMEA Value Added Reseller of the Year: Softcat EMEA International Partner of the Year: Infosys EMEA Transformation Partner oft he Year: BT EMEA North Partner of the Year: HCL EMEA South Partner of the Year: Deutsche Telekom EMEA Growth Partner of the Year: Sirar by STC EMEA Technical Partner of the Year: Xalient EMEA Partner Enablement Innovation: Westcon Es war großartig, während dieser vergangenen drei Tage die Partnerlandschaft noch stärker mit dem Zscaler-Team zusammenwachsen zu sehen. Die Bereitschaft von beiden Seiten in die Partnerschaft zu investieren war deutlich zu spüren. Gemeinsam wollen wir Zero Trust beim Kunden voranbringen und mit Digitalisierungskompetenz zukunftsfähige Geschäftsmodelle absichern – unabhängig von der Firmengröße. Die Botschaft von Zscaler war klar: in Europa besteht ein stärkeres Commitment zum Channel denn je und der Grundstein für das Wachstum in den nächsten Jahren ist gelegt. Tue, 06 Dez 2022 01:49:57 -0800 Kadir Erol https://www.zscaler.de/blogs/growing-together-secured-was-the-motto-of-the-emea-partner-summit Zscaler Debuts Zero Trust Certified Architect (ZTCA) Program to Address IT & SecOps Skills Gap https://www.zscaler.de/blogs/company-news/zscaler-debuts-zero-trust-certified-architect-ztca-program-address-it-secops An increase in large-scale cyber attacks has driven widespread interest for organizations to migrate to a Zero Trust architecture. A Zero Trust architecture is a new, clean architectural paradigm - one that is built to reduce a network's attack surface, prevent lateral movement of threats, and lower the risk of a data breach. This new Zero Trust architecture is based on the core tenet of Zero Trust, in which implicit trust is never granted to any user or device. The Zero Trust security model puts aside the traditional "network perimeter" built with firewalls and VPNs - inside of which all devices and users are trusted and given broad permissions by putting them on a routable network. A Zero Trust architecture eliminates the biggest problem associated with routable networks - lateral threat movement - by preventing access to the network, period. As Zero Trust became popular, the term was hijacked, with every vendor claiming to have a Zero Trust architecture. This is causing widespread confusion for customers and partners. A Zero Trust architecture is a new architecture, and cannot be bolted onto a traditional legacy-based approach. While it’s becoming more widely understood that legacy network-based firewall and VPN models simply cannot protect today’s modern cloud-first and hybrid working enterprise, one of the major pain points that IT and security operators are facing today is a skills gap, both in terms of (a) understanding what is true Zero Trust and how it contrasts with a legacy firewall and VPN-based approach, and (b) learning how to actually implement a Zero Trust architecture. Modern security teams need a specialized set of skills - one that isn’t based on 30 years of legacy networking and security principles - in order to address today’s cloud-first security requirements. To provide the necessary skills required for network and security professionals interested in building a holistic security approach based on Zero Trust principles, Zscaler is introducing the Zero Trust Certified Architect (ZTCA) program. This advanced certification program is designed to provide a comprehensive overview on the fundamentals of a Zero Trust strategy along with practical guidance for the planning, design, implementation and maintenance of a Zero Trust architecture. The course follows NIST’s Zero Trust guidelines, and directly compares and contrasts a Zero Trust architecture with the legacy routable networks and firewall- based approach. We’ve designed the course to help the learner be clear on the pitfalls of a legacy-based architecture, and understand how to implement true Zero Trust. Developed to be relevant and useful in today’s dynamic security environment, the curriculum features custom content that specifically addresses the needs of modern enterprises to secure their hybrid workforce and cloud-based data, applications, and workloads. When I speak with CXOs, they always tell me that the “people element” is the most important part of any digital transformation journey. And it’s no secret that the competition for talent within the IT and security industries continues to be fierce, so we’re pleased to be able to provide a means for network and security professionals to differentiate themselves, while acquiring the necessary skills to lead their organizations’ secure digital transformation. For more details on this exciting new certification program, please visit the ZTCA site. Mon, 14 Nov 2022 17:08:20 -0800 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-debuts-zero-trust-certified-architect-ztca-program-address-it-secops Celebrating 15 Years of Innovation https://www.zscaler.de/blogs/company-news/celebrating-15-years-innovation This year, I’m thrilled to celebrate Zscaler’s 15th anniversary. When we first started the company in 2007, I knew that we had a real opportunity to transform the security industry, especially in light of enterprises’ migration to the cloud - we had a bold idea, bright minds, a solid business plan, and the conviction to make it work. But the journey was not without risk, nor was it always easy. Like many companies, we had our own share of growing pains, but we also shared many moments of discovery, camaraderie, excitement, and accomplishment. These moments are now woven into the fabric of our company’s DNA and are truly what makes me proud when I reflect on how far we’ve come. Fifteen years ago, we signed The Arc Mid-Hudson, as our first, and now longest-standing, customer. They are a not-for-profit organization in New York State dedicated to supporting individuals with intellectual and developmental disabilities and they were looking for a cloud-native security solution that would allow them to provide secure connectivity to employees, while maintaining client data integrity and adherence to strict healthcare compliance mandates. I still remember the excitement we had over winning the account and how great it felt to know that Zscaler technology would be helping them to better serve their community. Today, The Arc Mid-Hudson is still a Zscaler customer and they’re leveraging the power of the Zscaler Zero Trust Exchange to support its transition from a site-based human services provider to a remote and highly mobile service model. The first Zscaler solution slide that was created in 2007 is still relevant today. Since then, we have kept the same focus and mission. It’s extremely satisfying to know that there are customers who have been with us since the very beginning. These relationships are built on trust, openness, and an exceptional level of service. Customers have the confidence of placing their most precious data assets in our care and that’s a responsibility that we take to heart each and every day. It’s what motivates me to continue to develop and deliver solutions that improve our customers’ security posture. Our success as a company heavily depends on our commitment to our customers and we never lose sight of that. Among our current workforce are employees who have been with the company since the very beginning. Recently, we came together to reminisce about how it all started and I jotted down a few memories which I thought really captured the sentiment and entrepreneurial spirit that underpins our company culture today: “It was during dinner at Jay’s house when he first proposed the idea of a cloud security platform. After we spoke, I was so convinced that this is the future, but the problem wasn’t easy to solve from a technology standpoint and it hadn’t been done. After four months of development, discussion and lots of trial and error, it seemed that we had a viable solution.” - Kailash Kailash, Zscaler Co-Founder “Kailash called me up, explained the concept, and suggested we do a workshop and start building something. To be honest, I wasn’t overly convinced that it would work, but Jay was always very clear in his vision of using a cloud-native architecture and that we were not going to build an on-prem solution. The team had conviction, which always kept me motivated.” - Srikanth Devarajan, early Zscaler employee “I think I was at the right place at the right time and I feel fortunate to be a part of this amazing journey. The passion of the founders was inspiring and the early team was very close. We were doing agile development before it became an industry-wide practice, so it was exciting to pioneer new methods while developing new capabilities at a lightning pace. We had the best time!” - Siva Udupa, early Zscaler employee “The time has gone by really fast. I still remember the early morning voice calls with Jay and the software teams, discussing a new feature to implement. By the end of the day, the feature was ready and the process started again the next day. We created our own agile methodology, but it was very exciting!” - Pratibha Nayak, early Zscaler employee The past 15 years has been quite a remarkable journey - what started out as an idea has grown into a company that’s generating in excess of $1B in revenue and is a recognized industry leader in cloud security. As a company, Zscaler has driven growth and innovation that’s constantly adapting to the changing security landscape and our customers’ evolving needs. I couldn’t be prouder of all of our accomplishments to date and I’m looking forward to another 15 years. To see a timeline of notable technology triumphs and significant company milestones, please click here. Thu, 03 Nov 2022 18:12:51 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/celebrating-15-years-innovation Come Visit us at AWS re:Invent 2022 https://www.zscaler.de/blogs/company-news/come-visit-us-aws-reinvent-2022 Zscaler will be at AWS’ premier conference from November 28 through December 2. The conference, located in Las Vegas, is one of the leading technology conferences focused on cloud computing. At the conference, you can visit and chat with Zscaler experts in the Expo at booth #118. There you can learn how you can Secure Your Workloads from build-time to runtime using Workload Communications and Posture Control. In addition, at AWS re:Invent you can View live demos that showcase the benefits and capabilities Zscaler for Workloads can deliver to your organization Have one-on-one meetings with Zscaler product leaders Listen to our talk, Zero Trust CNAPP and cloud workload protection with Zscaler, at the Lightning Theater 1 on November 28th at 6:25PM PST Grab some amazing swag to take home To learn more, please visit our registration page. We hope to see you there! Wed, 02 Nov 2022 20:37:01 -0700 Franklin Nguyen https://www.zscaler.de/blogs/company-news/come-visit-us-aws-reinvent-2022 Zscaler: Celebrating 15 Years of Innovation https://www.zscaler.de/blogs/company-news/zscaler-celebrating-15-years-innovation Zscaler started in 2007 with an idea: transform cloud security in ways we never thought possible. Fifteen years later, with numerous industry firsts, notable technology triumphs, and significant company milestones throughout our history, Zscaler is in the perfect position to support our customers as they continue their digital transformation journeys. We’re beyond excited about the future. Join us as we celebrate 15 years of innovation. Learn more about Zscaler Join the team Wed, 26 Okt 2022 20:07:00 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-celebrating-15-years-innovation Thank You and Best Wishes to my Dear Friend, Amit https://www.zscaler.de/blogs/company-news/thank-you-and-best-wishes-my-dear-friend-amit I am both saddened and pleased to announce that Amit Sinha has decided to pursue a CEO role at a private company. I would like to thank Amit for his contributions to Zscaler in various roles over the past 12 years, most recently as President of Zscaler. I met Amit in early 2005 when I was running AirDefense and CipherTrust in Atlanta. From my first meeting, it was clear to me that this young engineer with a doctorate from MIT and a bachelor’s degree in electrical engineering from IIT was not only a brilliant engineer but had great business acumen. Amit joined me at AirDefense as its CTO and our friendship and partnership continued to grow. He joined me at Zscaler in 2010 at its very early stage to incubate security for mobile devices. I’ve enjoyed watching him grow as a leader and lead multiple functions to help Zscaler grow into the market leader in cloud security. I am pleased that Amit will remain on Zscaler’s Board of Directors as a trusted advisor and strong supporter of Zscaler. Over the next few weeks, Amit will work with us to transition his roles and responsibilities. Amit has been a dear friend and collaborator of mine for over 17 years. While I am sad to see him move on; it is a fact that great companies produce the next generation of CEOs who go on to change the world. We will miss Amit and wish him well. Mon, 10 Okt 2022 13:29:25 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/thank-you-and-best-wishes-my-dear-friend-amit Zscaler Acquires ShiftRight https://www.zscaler.de/blogs/company-news/zscaler-acquires-shiftright I am pleased to announce Zscaler’s entry into security workflow automation with the acquisition of ShiftRight, a leader in closed loop security workflow automation. As a result, ShiftRight’s technology is being integrated into the Zscaler Zero Trust Exchange cloud security platform to automate security management, providing a simple solution that will dramatically reduce incident resolution times. In my discussions with enterprise CIOs and CISOs, a pressing issue for their IT and security teams is not having enough time and resources to respond to and determine the severity of all security incidents. This results in not meeting SLAs, contentious relationships between security and business stakeholders and, most importantly, it introduces major risks to the business when critical security issues fall through the cracks. This challenge is further compounded by the complex and distributed nature by which security is commonly implemented within organizations; that is, while security teams are held accountable for the vast majority of security-related tasks, they are often not directly responsible, which causes confusion, miscommunication, delays and inefficacy. ShiftRight’s technology uses analytics, telemetry data, and intelligence to automate security incident tracking to establish clear lines of responsibility, provide real-time visibility, and foster collaboration amongst teams. ShiftRight’s technology enables: High-level visibility of issues and detailed views for more granular reports Improves efficiency by identifying and assigning teams responsible for resolving a security issue and automatically creating tickets Efficient communication with the various stakeholders to ensure accountability Close tracking of team progress to resolve issues end-to-end As I’ve said before, implementing new security tools is easy relative to changing organizational behavior, but I believe that the integration of ShiftRight’s technology into Zscaler’s portfolio will influence positive organizational change, while strengthening the security posture of our customers. We’re excited to welcome the ShiftRight team to the Zscaler family and I look forward to working with them to drive continued innovation in the security workflow automation space. For more details on the acquisition, please see the news release here. This message includes forward-looking statements. See important information here. Thu, 29 Sept 2022 12:54:21 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-acquires-shiftright Zero Trust for Healthcare https://www.zscaler.de/blogs/company-news/zero-trust-healthcare Cybersecurity has become a strategic imperative for healthcare organizations. Data breaches increased 650% in 2021 and the associated costs increased 29.5%. The rising adoption of telehealth, a mobile workforce, and the emergence of connected medical devices have all contributed to expanding cyber risk, complexity, and cost. As with many critical industries, healthcare delivery is undergoing a digital transformation. Fast and secure access to cloud resources is required, and Zscaler helps securely migrate from on-premises network infrastructure to the cloud using zero trust principles. Trusted by some of the top healthcare systems around the world, Zscaler has now invested in a dedicated practice to help our nation's healthcare systems better protect their data and improve patient outcomes. Check out our new Zscaler for healthcare page for more on how we can help solve the challenges that are unique to health systems today. How can zero trust reduce the threats to your healthcare organization? Let’s look at four key areas: ransomware, infrastructure cost, new care models, and work-from-anywhere user experience. Ransomware The adoption of telemedicine, cloud, and IoT have created new avenues for bad actors to gain access to valuable healthcare data and systems. According to a recent report from the Ponemon Institute, 89% of healthcare organizations surveyed experienced cyberattacks in the past 12 months, with an average total cost for the single most expensive cyberattack at $4.4 million. Further, an average cost of $1.1 million was lost in productivity as a result of these attacks. Zero trust is a highly effective strategy for combating ransomware attacks. The most practical way to keep hackers out of your network is to eliminate the attack surface. If it’s not reachable, it’s not breachable. Zscaler restricts malicious access to a healthcare system’s network by making the internet the network for digital work, or extending the service to your on-premises environment securely. The resulting decrease in attack surface has been proven to reduce the number of malicious attacks by more than 50%. Infrastructure Cost Healthcare organizations must make considerable investments in IT systems at a time when the very care models themselves are evolving. Hybrid cloud architectures are becoming the new standard and extensive industry consolidation is resulting in business and clinical applications migrating to the cloud to improve efficiency and reduce administrative costs. Zscaler helps healthcare organizations connect branches, clinics, care centers, and clinicians to the internet by leveraging multiple network connection types. This optimizes application traffic routing and performance while reducing WAN costs and network operational expenses. Zscaler helps ease this transition by allowing existing systems to remain in place while providing a more secure way to access them. Healthcare mergers and acquisitions (M&A) volume was up 16% in 2021 and the outlook for 2022 is strong. M&A are challenging for IT as the IT team is responsible for ensuring appropriate connectivity to applications and the security of sensitive data while consolidating complex legacy networks and security infrastructure. Zscaler customers experience up to a 70% reduction in overall infrastructure costs and reduce M&A integration timelines from months to weeks. Care-From-Anywhere Healthcare is transitioning to a more accessible model. An “omnicare” or care-from-anywhere approach combines telehealth, in-office visits, remote monitoring, and other modes of treatment to make healthcare more efficient, effective, and affordable. With data dispersed across many different platforms, protecting it is a massive challenge. Add in the increasing number of endpoints created by the internet of medical things (IoMT), and healthcare organizations are finding themselves at risk from extensive unpatched vulnerabilities. The FBI issued a Private Industry Notification on September 12, 2022 that declared that unpatched and outdated medical devices provide cyberattack opportunities. More than 53% of connected medical devices and other IoMT devices in hospitals had known critical vulnerabilities. Leaving such devices insecure makes the entire healthcare facility vulnerable to cyberattacks, endangering patient health and worker safety. The Zscaler Zero Trust Exchange helps healthcare organizations secure and simplify the connectivity brought on by this expanding healthcare model, allowing new applications and devices to be easily added to the enterprise. Customers can increase bandwidth by more than 100%, achieve 99% application availability, and see a 100% reduction in network outages. Work-From-Anywhere Healthcare organizations are increasingly adopting new and innovative approaches to respond to staffing constraints, including the ability to work remotely. A 2022 MGMA Stat poll found that 59% of medical group practices have shifted workers to permanent remote or hybrid work in the past year. This dramatically increases the number of devices connecting to and from your network, potentially expanding the attack surface and opportunities for bad actors. In addition, traditional security architectures require a user to access the network through a VPN with all data backhauled through the data center, creating latency and a poor user experience. Zscaler provides a secure work-from-anywhere experience, enabling access to applications from any location, on any device. Only the right users get access to the right information and systems when they need it. The Zero Trust Exchange provides the ability to decrypt and inspect 100% of all SSL/TLS traffic at scale, keeping data secure at every step and improving employee productivity by up to 80% with near-zero latency. Data Protection Transformed Ransomware, data breaches, and careless user behavior put your data in harm’s way. Zscaler is announcing industry-first innovations that revolutionize how organizations classify and protect data. Join us on Tuesday, October 18 for Zscaler’s Data Protection Transformed event to see how to solve today’s most difficult data protection challenges. Zscaler is trusted by some of the largest healthcare organizations in the world to secure their users and applications. From HIPAA compliance to securing connected medical devices and remote employees, Zscaler sets the standard for digital transformation. Contact us today for more information or to see a live demo. And follow our Zscaler for Public Sector LinkedIn page for regular updates. Thu, 22 Sept 2022 15:33:05 -0700 Ian Milligan-Pate https://www.zscaler.de/blogs/company-news/zero-trust-healthcare New Learning Experiences to Drive Success - September 2022 https://www.zscaler.de/blogs/company-news/new-learning-experiences-drive-success-september-2022 I am a firm believer that Zscaler enables companies to complete their secure digital transformation journey and achieve enterprise-wide zero trust. We’ve built the best in the business, no question about it. However, customers can only complete this journey and reach their goals if they fully leverage and adopt all our platform has to offer. No matter how great our products and teams are, this adoption doesn’t happen magically. It takes focus and investment in time from our customers. Getting administrators, engineers, and architects through the right training at the right time can make all the difference in an organization's success with Zscaler and, ultimately, their ability to achieve secure digital transformation. But customers don’t have to go on this adoption journey alone. Zscaler has built engaging, relevant, world-class learning experiences for our partners and customers that will provide the support, tools, and resources they need to learn and adopt our platform. As a result of our efforts, we have several big announcements today: 1. Zscaler Academy & Customer Success Center - Starting September 15, customers will have access to a new centralized resource hub–the Customer Success Center, and a new learning management system, Zscaler Academy! We launched a new learning platform to partners in March 2022 and now we are extending that amazing experience to our customers. Customers will also have access to Zscaler Ascent, our gamification platform, allowing them to collect points for learning activities and redeem them for prizes. 2. New ZIA Administrator Learning Path and Certification - Also on September 15, both customers and partners will have access to new ZIA Administrator eLearning and a corresponding certification exam. This content explores the ZIA product with helpful scenario-based demonstrations and hands-on practice activities. The content will prepare learners to take the all-new ZIA Admin Certification Exam. This content and exam will take the place of the ZCCA-IA certification. All existing certifications will remain valid until their expiration date (3 years from completion date). As a part of this new content release, we are archiving our TAC and Security Specialist courses. The content from these courses will be rolled into the new administration content. Learners who have already started the courses will have until Dec 31, 2022 to complete the course and the exam. Specializations will continue to be honored until their expiration date. 3. eLearning Now Included for Zscaler Customers - EDU Credits for Exams, Labs, and Advanced Content - Our priority is to ensure customers have what they need to be successful on their journey to zero trust. Starting September 15, all customers will have unlimited access to core eLearning with any active Zscaler product subscription. To simplify things, we have combined lab credits and eLearning credits into a single Education (Edu) Credit and customers can use these credits to purchase live training, labs, and select advanced eLearning content. Customers can purchase EDU credits as separate items or as part of their deployment packages with Zscaler. Customers can also redeem the newly-launched Professional Service Credits for EDU credits at a 1:1 ratio. 4. Increasing Certification Security - To ensure certifications maintain their integrity, we are changing the number of exam attempts per enrollment from unlimited to three. This means customers and partners who enroll in an exam will have three attempts to pass that exam. If they do not pass they can email training@zscaler.com for support. 5. Introducing Zscaler Academy Release Notes - We know our customers and partners have a lot to balance on a daily basis. To make it easier to find and reference changes to Zscaler Academy and our learning programs, check out the new Zscaler Academy Release Notes page available from the Help section on the Partner and Customer Academy sites. We are excited for our customers and partners to explore the new tools at their disposal to learn and grow with Zscaler, and we are eager to hear your feedback. Please email training@zscaler.com with any comments, questions, or concerns. Happy learning! Thu, 15 Sept 2022 11:59:29 -0700 Rick Kickert https://www.zscaler.de/blogs/company-news/new-learning-experiences-drive-success-september-2022 Join Zscaler at CrowdStrike Fal.Con 2022 https://www.zscaler.de/blogs/company-news/join-zscaler-crowdstrike-falcon-2022 Zscaler is thrilled to be a Diamond Sponsor at CrowdStrike Fal.Con 2022, coming up September 19–21 in Las Vegas. This year at Fal.Con, you’ll have the opportunity to be among the first to hear about our newest integration with CrowdStrike as well as attend any of our three speaking sessions to hear more about the Zscaler and CrowdStrike partnership. Visit our booth Drop by Booth #1607 to see our various integrations with CrowdStrike. See for yourself why more and more customers are choosing the combined technological advancements of Zscaler and CrowdStrike to protect their users and applications. Hear from a joint Zscaler and CrowdStrike customer Featured Session - Architecting and Accelerating your Zero Trust Strategy | Sept. 20, 2:30 p.m. Together, Zscaler and CrowdStrike offer an integrated end-to-end security solution that simplifies zero trust adoption for IT teams. Join this breakout session to get firsthand technical advice from industry leaders on architecting your zero trust transformation, and walk away with a complete view of how to seamlessly integrate our best-of-breed platforms. Speakers include: Alex Borhani, Deputy CISO, CSX Amit Raikar, VP of Alliances, Zscaler Chris Kachigian, Sr. Dir., Global Solution Architecture, CrowdStrike Listen to insights in the CrowdXDR Alliance Panel Executive Panel on Cybersecurity Transformation | Sept. 20, 3:30 p.m. Ransomware attacks have risen dramatically alongside the shift to remote work, and they’re showing no signs of slowing. Join this CrowdXDR executive panel to hear from Zscaler, CrowdStrike, ServiceNow, and World Wide Technology (WWT) on ways your organization can fight back against adversaries, what trends to keep an eye on, and how to leverage best-of-breed technologies to protect your users and data. Learn the best place to start with zero trust Building the Economic Rationale for a Zero Trust Transformation | Sept. 20, 11:30 a.m. Zero trust is more than just a buzzword—today, it’s a driving force in the security community. Even so, organizations of all sizes struggle with where or how to start. For many security leaders, securing budget and getting technological consensus from their staff is a major hurdle. However, most leaders agree that building a strong business case is a key first step. In this session, Zscaler business value experts will walk you through how to build a business case for your internal stakeholders with customizable and quantifiable outcomes that match your organization's goals and IT environments. Grab a T-shirt Be sure to pick up your free Fal.Con shirt at check-in! See you there! To learn more about the event and schedule a meeting with Zscaler experts today visit our Zscaler at CrowdStrike Fal.Con 2022 page. Mon, 12 Sept 2022 08:00:02 -0700 Jason Lee https://www.zscaler.de/blogs/company-news/join-zscaler-crowdstrike-falcon-2022 Zscaler is a 2022 Customers’ Choice in the Gartner® Peer Insights™ “Voice of the Customer” Report for Security Service Edge https://www.zscaler.de/blogs/company-news/zscaler-2022-customers-choice-gartnerr-peer-insightstm-voice-customer-report We are excited to announce that Zscaler has been recognized as a Customers’ Choice vendor for 2022 in the Security Service Edge (SSE) category on Gartner® Peer Insights™. This distinction is a recognition of vendors in this market based on feedback and ratings submitted by hundreds of verified end users of our products for an 18-month period ending on May 31, 2022. Overall, reviewers gave us a 4.6 out of 5, (based on (411 reviews as of May 31, 2022) with 93% saying they would recommend Zscaler. In addition, Zscaler was named as a leader in all eight segments in the accompanying “Voice of the Customer” Report for SSE, the only vendor to get this recognition. These recognitions are based directly on unbiased feedback from our customers - the people we’re here to serve - therefore, we believe these recognitions serve as further validation that we are creating security solutions that fit the needs of modern enterprises around the world. The Gartner Peer Insights Customers’ Choice distinction is based on both the number of reviews and the overall user ratings. To ensure a fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate. Here are some comments from customers: ● “This is something I appreciate; it's a terrific method to be entirely compliant. The Zscaler Internet Access Platform is a dedicated SSE solution that focuses on risk mitigation, reliability, and scalability to allow us to deliver our users secure access to our applications while keeping them secure.” – Program Director, Services ●“I have used Zscaler services at multiple companies. The usage of Zscaler truly enables work from anywhere while offering the same security benefits of being in the office. It is a powerful enablement tool for your workforce regardless of location, and simplifies the consumption of cloud based services.” –Associate Director, Network Architecture, Aerospace ● “We have been using ZIA for over a decade now. The capability of the product has only seen upward thrust. We have also subscribed for ZPA since its inception for zero trust capabilities and it’s truly fulfilling. ZDX capabilities are assisting us to troubleshoot EUCI issues during the work-from-home scenarios. Support services and customer focus are overwhelming. Overall, we are very satisfied with Zscaler.” – Enterprise Architecture and Technology Innovation, IT Services You can read more Zscaler reviews here. To all of our customers who submitted reviews - thank you! Your feedback helps us create better products and fuels our drive to keep on innovating. We are committed to earning the trust and confidence worthy of this distinction. To learn more about Gartner Peer Insights Customers’ Choice, or to read the product reviews written by the IT professionals who use them, please see the Security Service Edge page on Gartner Peer Insights. If you have a Zscaler story to tell, we encourage you to join Gartner Peer Insights to share your experiences. GARTNER is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. Wed, 07 Sept 2022 08:00:01 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-2022-customers-choice-gartnerr-peer-insightstm-voice-customer-report Experience your world secured with Zscaler at Black Hat 2022 https://www.zscaler.de/blogs/company-news/experience-your-world-secured-zscaler-black-hat-2022 It’s that time of the year again! Security folks from near and far are gathering in Las Vegas – or making their presence known virtually – for Black Hat to network with peers, learn about the latest security research and threat trends, and check out new innovations. As a proud sponsor of Black Hat 2022, we’ll be there, will you? This past year, the ThreatLabz team has seen a massive uptick in cyberattacks and the use of illusive techniques. Ransomware attacks aren’t going away. In fact, we’ve seen an 80% increase year-over-year with bad actors jumping on the bandwagon with multi-extortion demands, increasing the pressure on companies to pay up. Part of the reason ransomware threat actors are so effective at delivering attacks is because we’ve seen an increase of 314% threats being delivered over HTTPS, an encrypted protocol intended for secure communication. At Zscaler, we are purpose-built to prevent ransomware from the start and stop even the stealthiest attacks. Visit Zscaler at booth #872 in-person or virtually August 10 and 11 to check out our latest innovations and chat with our Zscaler experts and partner presenters. Discover why Zscaler customers trust the world’s largest security cloud to protect their organizations while reducing the attack surface, preventing cyberthreats, eliminating lateral movement, and stopping data loss. How a Zero Trust Architecture Protects Against Ransomware A CxO Fireside chat featuring Zscaler’s Amit Sinha, Patrick Foxhaven, and Deepen Desai Register for this session via the Black Hat attendee portal. In addition to our virtual speaking session, stop by our booth (#872) for nonstop fun from Zscaler experts and partner presenters. Already a customer? Stop by for your free gift! We’re giving away custom MuteMe buttons to customers who visit our booth and exclusive shirts when you sign up for the Zenith Community during the event. Want to meet onsite? Zscaler will have executives and product specialists ready to meet with you and answer your questions. Book a one-on-one meeting with us using the form on our Black Hat event site. See you there! Make sure to follow Zscaler on Twitter and LinkedIn for live updates from the show and to stay updated on all things #ZeroTrust. Visit our Zscaler at Black Hat event microsite to grab details on our virtual speaking session, in-booth presentations, and featured research and partner content. Mon, 01 Aug 2022 12:25:49 -0700 Amy Heng https://www.zscaler.de/blogs/company-news/experience-your-world-secured-zscaler-black-hat-2022 ZIA Achieves Zero Trust Security-as-a-Service FedRAMP High Authorization https://www.zscaler.de/blogs/company-news/zia-achieves-zero-trust-security-service-fedramp-high-authorization I am proud to share that the FedRAMP Joint Authorization Board (JAB) has announced that Zscaler Internet Access (ZIA) achieved High Authority to Operate. This federal government certification represents the first-ever Secure Access Service Edge (SASE) Trusted Internet Connections (TIC) 3.0 solution to achieve FedRAMP’s highest authorization. ZIA now meets the stringent requirements of civilian agencies with high security requirements, as well as Department of Defense (DoD) and intelligence organizations. Given that JAB only selects a limited number of cloud services for review each year based on government-wide demand, our selection validates the strength of our solution and demonstrated ability to help Federal agencies, the Department of Defense (DoD), and the Intel community strengthen cyber defenses using Zero Trust. We’ve seen tremendous digital transformation progress in government over the past few years, and with this transformation, new vulnerabilities are also on the rise. The attack surface is bigger, more complex, and harder to protect. Zscaler is leading efforts to implement Zero Trust solutions across our patented Zero Trust Exchange to make cloud environments safer across Federal Civilian agencies, the DoD, and the Intelligence community. This milestone builds on our announcement that Zscaler Private Access (ZPA) achieved DoD IL5 and more recently, Zscaler’s Digital Experience (ZDX) service achieved FedRAMP authorization. With these achievements, the Zscaler Zero Trust Exchange, which includes ZIA and ZPA, can secure the U.S. government’s data at the moderate and high impact levels. ZIA in action Zscaler Internet Access – Government (Secure Web Gateway – vTIC)™ is a multi-tenant Cloud Security Platform known in the government that meets the Cybersecurity and Infrastructure Security Agency (CISA) TIC 3.0 guidelines. It has been the market leader as agencies work to meet modernization goals of shared services, mobile workforce enablement, improved FITARA scores, and more. Zscaler powers the shift to a modern, direct-to-cloud, Zero Trust architecture, regardless of device or user location. The Zscaler multi-tenant Cloud Security Platform applies policies set by the agency to securely connect the right user to the right application. As a Secure Access Service Edge (SASE) service, the Zscaler Cloud Security Platform is built from the ground up to provide comprehensive network security functions. Unlike traditional hub-and-spoke architectures where traffic is backhauled over dedicated wide area networks via VPNs to centralized gateways, Zscaler routes traffic locally and securely to the internet over any connection or device from anywhere. The Zscaler SASE architecture shifts security functions to focus on protecting the user/device in any location, rather than securing a network perimeter. This ensures that users get secure, fast, and local connections no matter where they connect. Moving to a security-as-a-service model decouples your organization’s security requirements from the responsibilities of maintaining infrastructure and updates. Since achieving FedRAMP Moderate certification in 2018, Zscaler, a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE), a security-specific component in the SASE framework – has completed SSE deployments for more than 100 US federal government and federal systems integrator customers at the moderate impact level. Many of these deployments supported the requirements of the Executive Order 14028, including Zero Trust, and met TIC 3.0 use cases. ZIA Improves security controls – Keeping IT focused on innovation with TIC in the cloud per the President’s Executive Order Federal IT leaders can improve on the who, what, where, when, and how they see, protect, and control user traffic to the internet by moving TIC security controls and other advanced security services to a cloud platform. The goal: immediate remediation on a global scale. This approach offers agencies global internet access and peering with FedRAMP-authorized applications. In addition, agencies can capture extensive log/telemetry data and store all agency data on U.S. soil with citizen-only access. Agencies can also provide the telemetry data to CISA’s Cloud Log Aggregation Warehouse (CLAW). With ZIA at the Moderate and High Baseline levels, agencies will have access to global TIC or more secure U.S.-only TIC solutions. Achieving a Zero Trust model with the Zscaler Zero Trust Exchange Through our Zero Trust Exchange and FedRAMP high solutions, all Federal agencies can achieve the Zero Trust goals mandated in the Cybersecurity Executive Order and implement CISA’s TIC 3.0 guidelines. Most agencies will need to approach Zero Trust in bite-sized chunks, setting priorities based on their unique needs. Check out our Zero Trust Playbook for prescriptive guidance on key steps that can be taken over time, leveraging a security ecosystem to achieve the end goal of Zero Trust. Zscaler ZIA will join with Zscaler ZPA High to offer the Zscaler “Zero Trust Exchange” completely at the High baseline. Zscaler is the first and only ZTA and SASE platform to be offered end to end at both moderate and high baseline. Mon, 01 Aug 2022 05:00:02 -0700 Stephen Kovac https://www.zscaler.de/blogs/company-news/zia-achieves-zero-trust-security-service-fedramp-high-authorization Join Zscaler at AWS re:Inforce 2022 https://www.zscaler.de/blogs/company-news/join-zscaler-aws-reinforce-2022 The re:Inforce conference is one of AWS’s marquee events primarily focused on cybersecurity. At this annual event, you’ll be able to hear from experts in the field, learn best practices, and discover the latest advances in security to protect your organization from cybersecurity threats. Zscaler will be at booth #504. Visit us to learn how Zscaler for Workloads, which includes Workload Communications and Posture Control, can protect your cloud workloads from build-time to runtime. Workload Communications and Posture Control Overview What is Workload Communications? Workload Communications allows organizations to utilize Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for their cloud workloads. With Workload Communications you can connect your cloud workloads to any destination–whether it is to the internet or to another cloud workload located in a different region–with secure connectivity using the Zero Trust Exchange. It will help you eliminate your network attack surface, prevent the lateral movement of threats, and reduce the risk of data breaches. What is Posture Control? Posture Control, our CNAPP solution at Zscaler, reimagines cloud-native application security by using a 100% agentless solution that leverages machine learning to correlate hidden risks caused by the combination of misconfigurations, threats, and vulnerabilities across the entire cloud stack. It empowers security, development, and DevOps teams to efficiently collaborate and discover, prioritize and remediate risks in cloud infra and applications as early as possible in the development lifecycle. What to expect at AWS re:Inforce Zscaler will be providing opportunities to Schedule one-on-one meetings with Zscaler product leaders who are driving the direction of Zscaler for Workloads. View live demos that showcase the capabilities and benefits Zscaler for Workloads can deliver to your organization. Next Steps To learn more and to sign up, please visit our registration page here. We look forward to meeting you at AWS re:Inforce 2022! Wed, 13 Juli 2022 08:00:01 -0700 Franklin Nguyen https://www.zscaler.de/blogs/company-news/join-zscaler-aws-reinforce-2022 Zscaler for IoT & OT Now Sold by Siemens for Industrial Security https://www.zscaler.de/blogs/company-news/zscaler-iotot-now-sold-siemens-industrial-security I am very excited to join forces with Siemens to extend zero trust into OT and disrupt the traditional OT security mindset. Now, Zscaler and Siemens product and sales teams together are taking OT security to the next level, addressing a significant customer challenge to balance factory digitalization with the increasing severity of cyberthreats. You can read more in our press release about the specifics of the joint zero trust OT solutions we built. Why us and why now? Well, we’ve heard from our customers how Zscaler has transformed their IT infrastructure, showing that the firewall-based legacy castle-and-moat architecture is no longer the safest and most secure approach. Many industrial customers who use Zscaler for IT digital transformation asked us if our zero trust approach to security could help them in the factory to improve uptime and increase people and plant safety. Furthermore, as the world leader that empowers industrial giants, Siemens is perfectly positioned to pioneer the OT/IT convergence and accelerate factory digitalization through a path paved with zero trust foundations. Let’s look a little more closely at why customers are having this struggle between preserving security and modernizing their OT network. Typically, regulations like the IEC62443 suggest industrial networks separate themselves completely from the internet. The thought is that a lack of connectivity could prevent hackers from finding OT assets and hijacking them to gain unfettered access to the OT network, moving laterally to high-value assets until they can execute their ultimate objective. However, perpetual isolation from the internet prevents factories from taking advantage of Industry 4.0 initiatives like automation, AI/ML, cloud-delivered products, and other innovations that could help factories produce greater output at lower cost. It does not make sense for industrial companies to stay forever in the dark ages of an air-gapped state. To do so would lead to unacceptable stagnation. Instead, as a leading security company and manufacturing powerhouse, respectively, Zscaler and Siemens feel progress must be made to help factories become globally connected while drastically reducing cyber risk. Through our partnership, customers deploying industrial edge devices from Siemens, like the SCALANCE LPE, can connect to them from anywhere in the world over any network connection using the most secure architecture: zero trust via Zscaler’s Zero Trust Exchange. Powered by 150+ data centers worldwide, our multi-tenant cloud security service creates a fully encrypted connection between user and OT edge device. Each connection is brokered by the corporate policies set in the exchange, and creates a user identity-based micro tunnel between user and asset, rather than placing the user on the OT network. Compared with traditional network-based OT remote access solutions, this fully SaaS-based approach eliminates the attack surface, making it challenging for the bad guys to find and exploit OT assets and then move laterally about the network. In addition, Zscaler has a global cloud that scales much faster than any other OT secure remote access solution in the market today. What’s most exciting is not just the emergence of new security technologies but also new approaches that change the way people think and alter their assumptions. Almost always, customers find when they look at their networks through the lens of zero trust instead of castle-and-moat, they become more secure, users have a better experience, and they can reduce cost substantially, freeing up funds to be spent on growing the business. With technologies like the SCALANCE LPE and Zscaler Private Access, Siemens sellers can offer joint customers a path to OT and IT convergence through strong security. The combined solution helps customers digitally modernize their factories to obtain a higher output and a better bottom line. I invite you to learn more about the solution by visiting the Zscaler Private Access for OT page on our website as well as learn how zero trust can be used as part of a defense-in-depth strategy by reading our whitepaper titled 3 Essential Zero Trust Principles for Reducing Security Risk in OT Environments. Thu, 26 Mai 2022 13:05:01 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-iotot-now-sold-siemens-industrial-security The Top 5 Reasons Zscaler Partners Won’t Want to Miss Zenith Live 2022 https://www.zscaler.de/blogs/company-news/top-5-reasons-zscaler-partners-wont-want-miss-zenith-live-2022 The countdown is on! Zenith Live is back and better than ever - both in-person and virtual! Join technology, channel, and alliance visionaries and industry innovators as we bring together the very best two-day experience for you—our valued partners—no matter what type of partnership you have with us. Here are five reasons why Zenith Live is an event our partners can’t miss: Hear from visionary cloud leaders including Jay Chaudhry, CEO, Chairman, & Founder of Zscaler, and CISOs from organizations, such as Charles Schwab and Equinix, as they share innovations across zero trust, cloud security, and machine learning, as well as real-world use cases, helping organizations of all sizes define a roadmap to accelerate business. Attend our exclusive Partner Summit and learn from Zscaler channel and alliance leaders how we’re investing in our partner ecosystem to accelerate long-term growth—and how we’ll transform together into FY23. Plus, you won’t want to miss special guest Dali Rajic, COO of Zscaler, as he expands on the power of partnerships. Train with the best in the industry through partner-specific training, certifications, and hands-on labs on June 21 and 24 that are designed to elevate your Zscaler knowledge. Learn more and sign up here. Explore the Partner Innovations Expo and meet with our global ecosystem of companies and event sponsors to learn how we’re empowering customers in the cloud and mobile era. Celebrate with Partner Awards where our leaders and special guest speaker will recognize zero trust heroes who have gone above and beyond to expand their partnership with Zscaler. Plus, there will be more than 60 breakout sessions focused on the latest innovations, use cases, and strategies to guide your customers through today’s sophisticated attacks with zero trust. Here are some of our favorite breakout sessions for Zscaler partners: Zscaler Partner Summit: Your Customers, Secured Value Discovery: Methods Specific to Zscaler Solution to Accelerate Your Sales Cycle SASE, SSE, and Zero Trust: Beyond the Hype Case Study: CISO of a Global Organization Talks Cybersecurity Register today Can’t make it to Vegas? Join us virtually. Located in APJ or EMEA? Save the date for our upcoming Partner Summits on tour in your region! APAC: Sydney: September 20, 2022 Singapore: September 22, 2022 EMEA: Week of November 14, 2022 Location TBD Mon, 23 Mai 2022 13:20:45 -0700 Elorie Widmer https://www.zscaler.de/blogs/company-news/top-5-reasons-zscaler-partners-wont-want-miss-zenith-live-2022 Nicht nur mein Werdegang ist eine endlose Transformation https://www.zscaler.de/blogs/company-news/my-journey-sales-engineer-journey-transformation-1 „Nichts ist so beständig wie der Wandel“: Dieses Sprichwort steht nicht nur für den beruflichen Werdegang von Cedric Blöchlinger, sondern können auch beispielhaft für seine heutige Tätigkeit stehen. Als Sales Engineer bei Zscaler ebnet er Unternehmen den sicheren Weg in die Cloud und wandelt dabei herkömmliche IT-Infrastrukturen sukzessive in moderne, Cloud-basierte Arbeits- und Produktionsumgebungen. Das geht oftmals mit tiefgreifenden Veränderungen von bestehenden Sicherheits- und Netzwerkarchitekturen einher. Seinen persönlichen Wandel hat Cedric vom Studium der Biotechnologie mit einem Master in Technology & Economics Management mit einigen Zwischenschritten hin zur IT-Sicherheit durchlaufen. Nach ersten Berufserfahrungen in Unternehmensberatungen entschied er sich während einer Reise-Auszeit sich auf die Sicherheit zu fokussieren und sammelte in einem ersten Schritt Hands-on Erfahrung im Pentesting-Lab. Damit war der Weg als Security Professional bereitet. Allerdings führte ihn die nächste Station seiner Karriere dann erst als Technical Account Manager zu einem SD-WAN-Provider, wo er existierende Kunden betreuen und Rollouts begleiten konnte, so dass die Connectivity der Datenströme im Mittelpunkt stand. Zusätzlich ließ er sich als CISSP zertifizieren, bevor er auf die Vertriebsseite wechselte. „Heute bin ich froh über diesen nicht immer geradlinigen Weg, denn dieser Erfahrungsschatz in verschiedenen Bereichen gibt mir beim Kunden Glaubwürdigkeit. So kann ich auf ein weit gefasstes Verständnis für Netzwerk- und Security-Themen zurückgreifen, die bei der sicheren Transformation von IT-Infrastrukturen zum Tragen kommen. Um Unternehmen auf ihrem Veränderungsprozess in die Cloud zu begleiten, muss man genau wissen, wo die Hebel in der gesamten Infrastruktur anzusetzen sind,“ fasst Cedric Blöchlinger seinen Werdegang zusammen, der ihn schließlich als Sales Engineer zum Cloud Security Spezialisten führte. Bedarf für diese Art der umfassenden Cloud-Beratung gibt es nicht erst seit der Pandemie. Gerade in den letzten zwei Jahren jedoch stand die Einführung von Microsoft 365 mit den damit einhergehenden Collaborations-Tools auf der Tagesordnung vieler Unternehmen. Der Wandel zu hybriden Arbeitsplatzmodellen oder digitalisierten Produktionsumgebungen geht darüber hinaus mit viel Aufklärungsbedarf einher. Haben nicht nur Anwendungen den abgesicherten Unternehmensperimeter verlassen, sondern auch Mitarbeiter, dann stehen die Themen der Konnektivität und der Sicherheit der Anbindung hoch im Kurs. Und auch für die Anbindung klassischer Produktionsstraßen an digitale Steuerungs- oder Fernwartungssysteme geht es nicht mehr ohne moderne Sicherheit aus der Cloud. Denn diese Umwälzungen sind eng miteinander verzahnt und sollten zu ganzheitlichen Transformationskonzepten beitragen. Augen öffnen für neue Ansätze Seine eigentliche Aufgabe sieht der Sales Engineer heute nicht im Verkauf, sondern vielmehr im Aufzeigen von Lösungsansätzen, wie Unternehmen traditionelle Infrastrukturen hinter sich lassen können, um vom vollen Potenzial der Cloud zu profitieren. Das Spannende dabei ist, die Unternehmen genauer kennenzulernen und zu verstehen, welche Themen sie aktuell bewegen. Sie kennen ihre Infrastruktur am besten und wissen entsprechend auch wo es möglichen Änderungsbedarf gibt. Wichtig für ihn ist dementsprechend die Diskussion mit dem Kunden auf Augenhöhe. Er sieht sich dabei als technischer Berater, der den Kunden durch das Vorstellen moderner Lösungsansätze auf neue Ideen bringt. Durch das Aufzeigen der technischen Optionen, die mit einem hochintegrierten Sicherheitsservice aus der Cloud einhergehen, erleben seine Ansprechpartner auf Kundenseite oftmals selbst den Aha-Effekt. Sie sehen die Vorteile, durch Einführung neuer Lösungsansätze angestammte Prozesse hinter sich zu lassen dabei am besten selbst. Hier setzt die Kunst an, wie Innovationen in Unternehmen Einzug halten können: „Mein Erfolgserlebnis habe ich dann, wenn der Kunde selbst merkt, was er von einer angestammten, komplex zu verwaltenden Infrastruktur nicht mehr benötigt, wenn er auf einen Cloud-basierten Sicherheitsservice setzt,“ so Cedric weiter. „Dann merke ich, dass ich etwas gut erläutert habe, ohne dem Kunden direkt zu sagen, auf welche Hardware er zukünftig verzichten kann.“ Jedes Gespräch mit einem Prospect ist dabei anders. Erfahrungen aus dem Mittelstand sind nicht unbedingt auf den Bereich der Großkunden zu übertragen. Je größer das Unternehmen, desto mehr Entscheidungsträger gilt es von einer Transformationsstrategie zu einem fundamental neuen Lösungsansatz zu überzeugen. Mit der Unternehmensgröße steigt die Zahl der Interaktionen mit dem Kunden. Dabei ist für den SE wichtig, dass er als Berater wahrgenommen wird, der ein gutes Verhältnis zum Kunden etabliert. „Was mir dabei hilft ist aufzuzeigen, wie eine Zero Trust-Plattform die jeweiligen Unternehmensziele unterstützen kann. Denn letztlich gilt es, dass die Technologie die Geschäftsstrategie begleitet und dafür sorgt, dass sich die wichtigen Projekte umsetzen lassen.” Der Kunde kann dann sein eigenes Tempo bestimmen und entscheiden, welcher Schritt wann in seine gewählte Transformationsstrategie passt. Die Gespräche gerade bei größeren Unternehmen sind dabei vielschichtig und gehen oft über den technischen Bereich hinaus. Unterschiedlichste Stabsstellen sind in den Entscheidungsprozess involviert und müssen mit ihren Anforderungen und auch Bedenken abgeholt werden. Insbesondere bei den Themen der Compliance und des Datenschutzes können Best Practise Beispiele helfen, auch den Betriebsrat vor der Anschaffung einer Cloud-basierten Sicherheitslösung an Bord zu holen, die die Performance von ganzheitlichem SSL/TLS-Scanning mitbringt. Hier gilt es von der Tragfähigkeit eines Ansatzes zu überzeugen und erprobte Lösungsansätze aufzuzeigen. Letztendlich ist es entscheidend, dass der gesamte Lösungsweg für einen ganzheitlichen Infrastrukturwandel bis in die Führungsebene kommuniziert wird. Nach etwas mehr als einem Jahr als Sales Engineer lautet das Fazit von Cedric, dass er durch den Wechsel zu Zscaler angekommen ist auf seiner Reise durch die Beratungslandschaft. Heute kann er seine Kenntnisse aus verschiedenen Disziplinen miteinander kombinieren und beim technischen Vertrieb für die Zscaler Zero Trust Exchange einbringen. Thu, 19 Mai 2022 16:56:39 -0700 Gregor Keller https://www.zscaler.de/blogs/company-news/my-journey-sales-engineer-journey-transformation-1 My Journey as Sales Engineer is a Journey of Transformation https://www.zscaler.de/blogs/company-news/my-journey-sales-engineer-journey-transformation "The only constant in life is change." This saying doesn't just cover the professional career of Cedric Blöchlinger; it's also a great way of describing his current role. As a Sales Engineer at Zscaler, he paves the way for companies to securely join the cloud, gradually transforming conventional IT infrastructures into modern, cloud-based working and production environments. This often involves radical changes to the existing security and network architectures. Cedric’s own personal transformation has evolved from a biotechnology degree to a Master's in Technology & Economics Management with a couple of interim steps to IT security. After his initial career experiences in management consultancy, while taking a break to travel, he decided to focus on security and gained hands-on experience in a pen testing lab as a first step. That paved the way to his current role as a security professional. However, his next career stops were first as a Technical Account Manager to an SD WAN provider, where he looked after existing customers and supervised rollouts so that the connectivity of the data streams remained the focus. In addition, he was certified as a CISSP before he switched to sales. "Today, I'm very happy that I didn't take a more direct route, as my wealth of experience in different areas gives me credibility with customers. I can draw on a broader understanding of network and security issues that come into play during the secure transformation of IT infrastructures. To support companies on their transformation to the cloud, you need to know exactly where the levers have to be applied in the entire infrastructure," he said, summarising a career which has finally led to him working as a sales engineer for cloud security specialists. The need for this type of comprehensive cloud consultancy is not solely a result of the pandemic. In fact, over the last two years, the introduction of Microsoft 365–with its associated collaboration tools–has been on the agenda of a lot of companies. The switch to hybrid workplace models or digitised production environments also involves a lot of awareness raising. It's not only applications that have left the secure company perimeter, but also employees, making connectivity and secure connections a high priority. And even for connecting conventional production lines to digital control or remote maintenance systems, modern security from the cloud is now required. These radical changes are closely connected to each other and should be part of holistic transformation concepts. Opening eyes to new approaches Today, Cedric does not see his current job as “sales,” but rather an opportunity to demonstrate solutions that can help companies move away from traditional infrastructures to benefit from the full potential of the cloud. “The exciting part is getting to know the company better and understanding what their current issues really are. They know their infrastructure best and therefore know where it might need to change,” he said. Therefore, discussion with the customer as an equal is critical for him. He sees himself as a technical consultant who brings the customer new ideas by presenting modern solutions. By demonstrating the technical options that go hand in hand with a highly integrated security service from the cloud, his customer contact partners often experience the eureka effect. It's best if they discover the benefits of leaving behind traditional processes by introducing new solutions for themselves. The skill here is to show how innovations can find their way into a company: "I get a real sense of achievement when the customer themselves notices that they no longer need a traditional infrastructure that's so complex to manage when they use a cloud-based security service," continues Cedric. "Then I know that I've explained something well, without directly telling the customer which hardware they can get rid of in the future." Every meeting with a prospect is different. Experience with small- and medium-sized business does not necessarily translate to key accounts. The bigger a company, the more decision makers need to be convinced of the need for a transformation strategy for a fundamentally new solution. The bigger the company, the greater the number of interactions with the customer. This makes it important for SEs that they are accepted as consultants, and that a good relationship is established with the customer. "I find it helps to demonstrate how a zero trust platform can support the company goals. Because ultimately, the technology supports the business strategy and ensures that important projects can be implemented," Cedric said. “The customer can determine their own speed and decide which steps are suitable when for their chosen transformation strategy.” Meetings with larger companies are complex and often go beyond the technical department. Highly diverse executive departments are involved in the decision-making process and must be met with their requirements, not to mention their concerns. Particularly when it comes to compliance and data protection, best practice examples can help get the works council on board before the creation of a cloud-based security solution that includes the performance of integrated SSL/TLS scanning. It's a question of convincing employees about the load capacity of an approach and demonstrating tried-and-tested solutions. In the end, it is critical that the entire solution process for a holistic infrastructure change is communicated all the way up to management level. After more than a year as a sales engineer, Cedric believes that he began his journey through the consultancy landscape after moving to Zscaler. Today, he can combine his expertise from different disciplines and contribute to the Zscaler Zero Trust Exchange with technical sales. Thu, 19 Mai 2022 22:00:02 -0700 Gregor Keller https://www.zscaler.de/blogs/company-news/my-journey-sales-engineer-journey-transformation Even the Cloud is Bigger (and More Secure) in Texas https://www.zscaler.de/blogs/company-news/even-cloud-bigger-and-more-secure-texas Zscaler is proud to have been named to the Texas Risk and Authorization Management Program (TX-RAMP) program. Our early entry into the TX-RAMP program gives our Texas customers access to the largest provider of zero trust access solutions in the U.S. In the spirit of FedRAMP and StateRAMP, this program provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process, store, or transmit the data of a state agency. Certifying products under the TX-RAMP umbrella allows for faster acquisition of secure cloud solutions, necessary for the modernization of Texas’ digital government. Being part of the certified products list means that state, local, and higher education customers in Texas have the assurance that Zscaler meets stringent data security requirements. TX-RAMP has reciprocal arrangements with FedRAMP and StateRAMP. Since those certifications can be cost and time prohibitive for many small companies, Texas wanted to offer another option to empower smaller Texas-based companies to pursue contracts with state and local government entities. Requirements for TX-RAMP are based on the same NIST 800-53 framework that StateRAMP and FedRAMP use. Companies are assessed by the Texas Department of Information Resources (DIR) and there is no cost associated with the assessment or program participation. Companies do not have to already have business with the state to participate. Zscaler Private Access (ZPA) and Zscaler Internet Access are certified at TX-RAMP level 2. Both technologies were included on the first authorized list released from StateRAMP and are also part of the FedRAMP program. The State of Oklahoma standardized on Zscaler as a way to strengthen their security posture while also providing their employees the ability to work from anywhere. Today, employees now have the same access and experience whether they are in the office or logging on from a coffee shop. The resulting connection is five times faster than the legacy VPN approach and has dramatically reduced the number of VPN help tickets from hundreds a day to virtually none. The Zscaler solution was up and running for 10,000 users across 90+ state agencies in just days. ZPA is a zero trust solution that connects authorized users directly to agency-approved private applications without being placed on the network, which dramatically reduces cyber risk. This approach significantly improves application performance and the user experience and reduces the attack surface and the associated risk of malware, ransomware, and other threats. The experience is identical whether the agency application is hosted in the government data center, or in destination clouds such as AWS GovCloud, Azure Government, or the Google Cloud Platform. ZPA was granted a Provisional Authorization To Operate (P-ATO) at Impact Level 5 (IL5) and achieved FedRAMP-High JAB Authorization. ZIA is a cloud security service that transforms networks by delivering cloud-based internet and web security that scales to all users, whether they are on- or off-network. ZIA leverages a cloud-native proxy to allow organizations to secure all online and SSL traffic. By securely following all users, applications, and devices, regardless of location, ZIA enables a zero trust approach to SaaS application and website access that helps reduce risk and restore compliance. The solution received Authorization to Operate (ATO) at the Moderate Impact level and achieved FedRAMP “In Process” status at the High Impact level, sponsored by a U.S. Department of Defense (DoD) Command. It is also prioritized for FedRAMP-High JAB Authorization. More information on TX-RAMP can be found here. Mon, 11 Apr 2022 13:38:24 -0700 Ian Milligan-Pate https://www.zscaler.de/blogs/company-news/even-cloud-bigger-and-more-secure-texas The Five Takeaways You Shouldn’t Miss from Zero Trust Live https://www.zscaler.de/blogs/company-news/five-takeaways-you-shouldnt-miss-zero-trust-live We recently wrapped up Zero Trust Live, our premier virtual event for IT and security leaders. In this post, I'll help you digest the key news and highlights from the event which featured an incredible line-up of industry visionaries, zero trust experts, and product innovators. Before I begin, if you missed the event and want more than a recap, you can watch it in full, anytime here. While so much was covered at Zero Trust Live, here are what I believe are the five key takeaways from the event: Zero trust marketing confusion abounds As a product marketer, nothing is more frustrating than seeing zero trust slapped onto everything in the industry (ahem, legacy network security vendors). I think Jim Alcove, Security Advisor & Former Chief Trust Officer, Salesforce, brought so much clarity to the term zero trust with this simple analogy from our keynote session: “If we think about security as a network example, it's about protecting how you're going to get to the thing that's important. So it's not about protecting the bank or the airport. It's about protecting the roads to the bank or the tunnel to the airport.” – Jim Alcove, Security Advisor & Former Chief Trust Officer, Salesforce The big news was next-generation ZTNA In 2016, Zscaler introduced the first-generation of zero trust network access (ZTNA) in response to the massive problem of remote access, and it quickly became the industry standard for VPN replacement. Nevertheless, there was still a compelling problem at stake: what happens if the tenets of identity have been subverted by a compromised user or insider threat? With our latest release, Zscaler Private Access (ZPA) becomes the only ZTNA platform available that securely CONNECTS, SEGMENTS, and PROTECTS users, applications, and devices in a single cloud platform. To learn more about next-generation ZTNA, watch the session here. We introduced three industry-first security service edge innovations First, we revealed how private app protection stops prevalent attacks. While there are massive efforts in the industry to develop more secure code, we still have a long way to go. 60% of organizations have had production applications exploited by OWASP Top 10 Vulnerabilities, according to ESG. While zero trust access reduces the blast radius of an attack by eliminating lateral movement, compromised users and insider threats could potentially steal sensitive data or bring down services if they can infect apps behind ZTNA services. ZPA AppProtection will automatically detect and block the attack to protect your applications. Watch the demo here. Secondly, we dove into how new integrated deception disrupts advanced adversaries. Targeted ransomware, supply chain attacks, nation-state threats, and other attacks that make headline news all have something in common: a thinking, human adversary. The threat landscape has fundamentally shifted from malware-driven to a hands-on keyboard focus which makes threat detection difficult and all the more crucial. An industry first, integrated deception evolves lateral movement detection for advanced attacks with private app decoys deployed seamlessly through Zscaler Private Access. Think of it as the “easy button” for deception. Watch the demo here. Third, we introduced privileged remote access for Industrial IoT and OT systems. Plant operations teams prioritize plant uptime and people safety, which drives the need to allow third-party vendors and service technicians to access production systems which could potentially introduce risk of ransomware, lateral movement, and downtime.. With our newly launched Privileged Remote Access solution for Industrial IoT and OT, we enable fully isolated, clientless access to RDP and SSH systems for employees, vendors, and contractors connecting from untrusted networks and unmanaged devices. As part of this, we’re also proud to be partnering with one of the world’s premier providers of industrial automation solutions, Siemens, who is making Zscaler Private Access available as a native connectivity option for their industrial devices. Watch the demo here. Zero trust is about a better user experience. Nearly every one of our customer speakers stressed that a great user experience was paramount to their success. With zero trust, they removed the friction that a lot of people experience in their daily lives when accessing resources. “ZPA lets people have literally a bookmark style of access to things that otherwise you'd have to do traditional network merges and IP address deconflicts and change DNS settings. It is months and months and months of work that, literally overnight, I didn't have to worry about.” – Steve Williams, Enterprise CISO, NTT DATA Zero trust is a journey, not a destination Most organizations struggle with where to start. During the event, we touched on the importance of figuring out where you can buy down risk, or at a minimum, solve a painful business problem, whether that's performance, cost, or legacy technology incurring technical debt. Once you tackle that, the next step is to expand strategically. Remember, zero trust is not a monolithic effort! To get an actionable playbook for zero trust transformation, watch our best practices session here. And a heartfelt thank you… To all of our speakers, partners, and attendees for making this one of our most successful events of the year: Andy Abercrombie, CISO, Novelis Chris Kachigian, Sr. Director, Crowdstrike Chris Porter, CISO, Fannie Mae Darin Hurd, CISO, Guaranteed Rate Don Freese, SVP & Global CISO, Digital Realty Herbert Wegmann, General Manager, Siemens James Brodsky, Sr. Director, Okta Jim Alkove, Security Advisor & Former CTO, Salesforce Parthasarathi Chakraborty, AVP, Humana Satyavrat Mishra, AVT, Godrej Industries Steve Williams, Enterprise CISO, NTT DATA Services Join us for Zenith Live 2022 You can look forward to even more at our marquee annual user conference Zenith Live 2022 Wed, 06 Apr 2022 16:35:13 -0700 Linda Park https://www.zscaler.de/blogs/company-news/five-takeaways-you-shouldnt-miss-zero-trust-live Zero Trust Live: Industry Leaders https://www.zscaler.de/blogs/company-news/zero-trust-live-industry-leaders Less than a week to go for Zero Trust Live! Zero Trust Live is an exclusive virtual event that aims to educate and enlighten IT and security professionals and provide insight into industry best practices for implementing zero trust. In this premier event, we will reveal new innovations for the Zscaler Zero Trust Exchange including the first and only next-gen zero trust network access (ZTNA) offering. We have an incredible lineup of speakers who have led and executed zero trust strategies in some of the most prominent organizations in the world. We’re excited to announce our speakers for Zero Trust Live Jim Alkove is the Security Advisor and former Chief Trust Officer of Salesforce. As Chief Trust Officer, Jim was responsible for enterprise-wide information security and compliance, as well as information management and strategy to deliver the most secure and trusted enterprise cloud. He led a team with strategic focus on information security, including engineering, operations, assurance, training and awareness, communications, governance, and M&A integration. Jim also serves as an Advisory Board member for the World Economic Forum Centre for Cybersecurity and as the site lead for Salesforce in the Pacific Northwest. Jim will have an in-depth discussion with Jay Chaudhry on building an extended zero trust architecture that spans Zscaler, Crowdstrike, and Okta. Darin Hurd CISO, Guaranteed Rate Chris Kachigian Sr. Director, CrowdStrike James Brodsky Sr. Director, Okta Darin Hurd is a security industry leader with over twenty years' experience in information technology, consulting and financial services. Darin is currently the CISO of Guaranteed Rate, leading their information security, privacy and risk. Darin is a zero trust champion and has successfully implemented zero trust architecture within Guaranteed Rate that was driven by their exponential growth in recent years. Chris Kachigian is the Sr. Director, Global Solution Architecture - Technology Alliances at CrowdStrike. Chris helps CrowdStrike partners deliver better outcomes to customers by solving their security challenges with CrowdStrike’s platform. He has a wealth of experience in cybersecurity architecture, global system integrators, and technical integrations. James Brodsky recently joined Okta to lead global cybersecurity efforts within Okta's Solution Engineering. A veteran of the industry for more than 20 years and formerly a leader at Splunk, Tripwire, IBM, and Resolve Systems, he focuses on bringing innovative solutions to customer security and compliance challenges. Hear from Darin, Guaranteed Rate’s success story on implementing zero trust ecosystem with CrowdStrike and Okta. In this session, Chris and James will be discussing why zero trust is a team sport and demonstrate the integrated partnership that forms the zero trust ecosystem. They will lay out strategies to follow to implement end-to-end zero trust and detail how to simplify the adoption of zero trust within your organization. You will also get an exclusive look at the integrated platform that includes Zscaler, CrowdStrike, and Okta. Chris Porter CISO, Fannie Mae Parthasarathi Chakraborty AVP, Humana Steve Williams CISO, NTT Data Chris Porter is the CISO of Fannie Mae. He is a passionate cybersecurity professional with a proven track record in research, intelligence, and consulting. He is globally recognized as a leader in data breach research with Verizon’s Data Breach Report series and for creating the VERIS Framework. He’s a member of the University of Virginia’s McIntire School of Commerce MSMIT Advisory Board. Parthasarathi Chakraborty is a visionary technology leader, inventor, blogger, and speaker with an exceptional track record of implementing transformational cybersecurity initiatives for fortune 50 financial & healthcare organizations. Parthas has a track record in building inhouse patented cybersecurity solutions. Partha is an executive leader with a sharp business mind and is an "engineer at heart". Steve Williams is the CISO at NTT Data in Plano, where he is responsible for the global advancement of NTT Data's security maturity. In addition, Steve is responsible for instilling a cultural change within the company; knowing that enterprise security is most successful when employees are educated and motivated. Steve has more than 30 years of IT experience, mostly focused on large global enterprises and Fortune 500 companies. Join security leaders to learn about how they replaced their old clunky hardware for a modern zero trust approach. Chris, Partha, and Steve share best practices and learnings from their zero trust adoption journey to help you speed up and simplify your journey. Learn about their motivations to get started on their zero trust journey and how they were able to lead their organizations into successfully transitioning from legacy hardware to the modern workplace. We hope you have your calendars marked and look forward to seeing you virtually! Register now. Fri, 18 März 2022 14:00:02 -0700 Kanishka Pandit https://www.zscaler.de/blogs/company-news/zero-trust-live-industry-leaders Announcing Zscaler’s New XDR Partnership with SentinelOne https://www.zscaler.de/blogs/company-news/announcing-zscalers-new-xdr-partnership-sentinelone Register for our webinar discussion on Thursday, March 3rd to hear directly from customers and product leaders about the Zscaler + SentinelOne integration. Zscaler’s customers rely on us as the leader in zero trust to limit their security risks as they expand their organization’s digital footprints to new globally distributed devices, application stacks, and infrastructures. Anyone who has undergone any level of zero trust deployment knows that the central credo is ‘assume breach.’ Architect your IT and security systems as though there are already malicious actors in your system, then disrupt their ability to operate. Security operations teams play a critical role in zero trust. If we’re ‘assuming breach,’ then we’d better be hunting and investigating those threats. Our new integration with SentinelOne allows SecOps teams to do that with even greater confidence and efficiency. Breaking security silos with XDR Most enterprise security stacks contain an array of disjointed point products that each have their own security controls, and that offer little or no meaningful correlations between them. When security operations teams see something suspicious in their logs, they have to pivot between various tools and manually piece together information to understand the scope of the threat. Remediation is the same: each security control often must be updated individually. The net result is far from ideal. It takes 280 days, on average, to mitigate a threat. And this inefficient pivoting is a waste of analysts’ critical time. Zscaler and SentinelOne are tackling this challenge head-on. With integration into SentinelOne Singularity XDR, logs from the Zscaler Zero Trust Exchange —the world’s largest security cloud—are ingested into SentinelOne's Scalyr back end where they can then be queried and faceted, allowing security operations teams to quickly triage and respond to attacks. This joint solution empowers security operations to take policy-driven actions across platforms that remediate threats automatically before an endpoint compromise results in cloud data exfiltration or other damage. Analysts can trigger automatic and manual response actions from SentinelOne into Zscaler such as revoking access or quarantining users or moving them into a more restrictive group, based on which access policy to selective applications can be applied. This automatically limits an attacker’s ability to infiltrate and launch an attack. Zscaler + SentinelOne integration Key use cases Extended visibility and accelerated remediation SentinelOne consumes both Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) logs for expanded visibility, and enables security analysts to configure flexible response policies right from the SentinelOne console. These logs add context to help triage and investigate threats without needing to pivot from the SentinelOne console, where analysts can also quickly and automatically mitigate threats by limiting user access, quarantining a user, blocking access to one or a group of critical applications, or restricting access to specific applications with browser isolation. Zero trust conditional access SentinelOne continuously checks policy and enforces compliance in accordance with Zscaler policies. When an endpoint attempts to access a corporate application, Zscaler first performs a posture check to ensure that SentinelOne is installed and running before granting access. The SentinelOne and Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) integration enables seamless conditional access, ensuring that the trusted identity on a trusted device can directly access authorized corporate applications without exposing the network. Extending best-of-breed zero trust for faster investigations and better response Extended detection and response (XDR) and zero trust are two sides of the same coin, both fundamentally seeking to simplify and reduce the risk of digital transformation by increasing visibility and reducing the attack surface. Zero trust defines the architecture, policy, and strategy; XDR provides the analytics and drives the SecOps workflows. Zscaler is excited to partner with SentinelOne to take both zero trust and XDR to the next level, extending our platform from the cloud to the endpoint with shared telemetry and coordinated response actions. This powerful integration is only the start of the many benefits we expect to bring to our joint customers. If you’d like to learn more, download our solution brief – or better yet, join us for our upcoming webinar on March 3rd, where you can hear directly from product leaders and customers about this integration and what it means for you. Mon, 14 Feb 2022 06:00:02 -0800 Mark Brozek https://www.zscaler.de/blogs/company-news/announcing-zscalers-new-xdr-partnership-sentinelone Zscaler Named a Glassdoor Best Place to Work for Second Year https://www.zscaler.de/blogs/company-news/zscaler-named-glassdoor-best-place-work-second-year The last two years have been difficult for us all in many ways; individually, professionally, and globally. Zscaler has made a point to address these challenges that may be weighing on our workforce, and has proactively maintained open communication, prioritized the health and safety of employees, and shown compassion, both internally and externally, resulting in a subsequent explosion of growth. Because of these efforts and a focus on an inclusive and supportive workplace culture, Zscaler has been recognized by Glassdoor, for the second year in a row, as one of the 100 Best Places to Work. To determine the award’s winners, Glassdoor evaluates all company reviews shared by employees over the past year. What’s more, Glassdoor ratings are not based on self-nomination or application, but rather compiled solely from feedback shared voluntarily and anonymously by Zscaler employees, so we want to give a heartfelt and sincere thank you to everyone in the Zscaler family who have taken the time to review Zscaler on Glassdoor. Ranking number 38 with an overall company rating of 4.4 in the U.S. and 4.6 worldwide, we at Zscaler do not take this recognition lightly, and are incredibly honored and humbled by the opportunity to be included in this highly-coveted list, and intend to accomplish even more in the coming year. Zscaler is built upon five core values that we believe contribute to our overall success and employee happiness: Teamwork We intentionally build and nurture healthy work relationships. We celebrate together, solve complex problems together, and openly share information. We move as one, with a unified common goal. Open communication When it comes to discussing what’s right, what’s wrong, and what we can do better, nothing is off the table. Although we have and continue to grow at a rapid pace, we continue to foster an environment where our people feel safe sharing their opinions with others. Passion We are fiercely passionate about our work, our company, our colleagues, our customers, and our partners. As an incredibly diverse company, we understand that the passions of our employees may differ, however, this is what continues to make us successful. Innovation We are driven to not only innovate cloud transformation through our products but to also innovate in our jobs, whether as an engineer, marketer, salesperson, or lawyer. Customer obsession We are, above all else, obsessed with the success of our customers. I see us consistently succeeding at this by how we treat customers as partners—not prospects. These key tenets, coupled with a reputation for accountability and following through, have positioned Zscaler as not only a leader in the industry, but also as a great place to work. Interested in joining our team? We’re actively hiring company-wide and are seeking smart, motivated, creative people to join the Zscaler family to help us reach new heights in 2022. Search open job opportunities and learn more by visiting our careers page. Wed, 12 Jan 2022 08:00:01 -0800 Victoria Palmer https://www.zscaler.de/blogs/company-news/zscaler-named-glassdoor-best-place-work-second-year Zscaler schützt Cloud-Workloads mit Zscaler Zero Trust Exchange™ https://www.zscaler.de/blogs/company-news/zscaler-secures-cloud-workloads-zscaler-zero-trust-exchange Zscaler hat sich bei seiner Gründung dem Schutz seiner Kunden verschrieben – eine Maxime, der das Unternehmen bis heute treu geblieben ist. In den ersten zehn Jahren konzentrierten wir uns intensiv auf den sicheren Anwendungszugriff. Zunächst sicherte Zscaler Internet Access (ZIA) den Zugriff auf das Internet und SaaS-Services, später folgte Zscaler Private Access (ZPA) für private Anwendungen. Beiden Technologien liegt ein Zero-Trust-Ansatz zugrunde. Unsere Arbeit in diesem Bereich war von Erfolg gekrönt und wir werden auch weiterhin Innovationen vorantreiben, die User, Workloads, Geräte und Daten schützen. Doch am besten funktioniert Zero Trust im Rahmen einer ganzheitlichen Strategie, die sich nicht nur auf die User, sondern auf das gesamte Unternehmen, einschließlich Workloads in der Cloud, erstreckt. Unsere Vision für Cloud-Sicherheit richtet sich auf den Schutz aller Workloads – ob herkömmliche VMs oder Cloud-native Anwendungen – mit einer breiten Palette von Lösungen, die durch die Zero Trust Exchange möglich gemacht werden. Diese Angebote basieren auf unseren Stärken in den Bereichen Cloud-Posture, Berechtigungen, Schutz vor Datenverlust und Bedrohungen sowie Workload-Kommunikation. Mit der heutigen Einführung von Workload Communications liefern wir einen wichtigen Baustein, der unsere Kunden dabei unterstützt, auch ihre Workloads in der öffentlichen Cloud mithilfe eines Zero-Trust-Ansatzes zu schützen. Immer mehr Unternehmen verfolgen Multicloud- und Hybrid-Cloud-Strategien, doch der Aufbau von Multicloud-Netzwerken durch die simple Erweiterung des unternehmenseigenen WAN erhöht das Risiko und führt zu betrieblicher Komplexität. Da Workloads in mehreren Regionen über mehrere Cloud-Anbieter hinweg bereitgestellt werden, werden diese Mesh-Netzwerke immer kostspieliger sowie schwieriger zu implementieren, zu skalieren und zu verwalten. Viele Organisationen verfolgen beim Schutz der Cloud einen Festung-mit-Burggraben-Ansatz. Dabei kommen jedoch Legacy-VPN- und Firewall-Lösungen zum Einsatz, durch die sich die Angriffsfläche vergrößert und eine laterale Ausbreitung von Bedrohungen ermöglicht wird. Für Unternehmensdaten und -anwendungen ist dies ein Risiko. Eine Zero-Trust-Sicherheitsarchitektur ist Netzwerksicherheit überlegen. Anstatt sich auf ein routingfähiges Netzwerk mit Firewalls zu verlassen, werden die richtigen Entitäten über einen sicheren Austausch verbunden. Anhand von Identität und Kontext verbindet die Zscaler Zero Trust Exchange Entitäten wie User, Geräte und Anwendungen direkt miteinander und sorgt so für eine reibungslose und sichere Nutzererfahrung. Zscaler hat mit der Zero Trust Exchange den Weg bereitet, um User ortsunabhängig und sicher mit Anwendungen zu verbinden. Ich freue mich, heute bekannt zu geben, dass Zscaler mit Workload Communications Zero Trust auf die öffentliche Cloud ausweitet. Auf Basis der Zscaler Zero Trust Exchange dehnt Workload Communications die Funktionen von ZIA und ZPA auch auf Clouds aus. Dadurch können Workloads mit anderen Workloads in jeder Region eines jeden Cloud-Anbieters kommunizieren – über jedes Netzwerk. Zscaler ist Partnerschaften mit großen Cloud-Anbietern wie AWS und Microsoft Azure eingegangen und liefert eine netzwerkunabhängige Zero-Trust-Struktur, die über Internet, Direct Connect und Express Routes funktioniert. Zscaler erfüllt damit die spezifischen Kommunikationsbedürfnisse von Cloud-Workloads in einzelnen Clouds und Multicloud-Umgebungen. Wir freuen uns sehr über die Rückmeldungen unserer Kunden, welche die Zero-Trust-Lösung von Zscaler für Cloud-Workloads bereits eingeführt haben. Bei unserem Event Zero Trust Your Cloud Workloads zur Produkteinführung, das Sie live in Ihrer Region oder on demand mitverfolgen können, erfahren Sie mehr über den Erfolg unserer Kunden und über die Lösung selbst. Weitere Informationen finden Sie außerdem auf der Seite Workload Communications auf unserer Website. Tue, 07 Dez 2021 21:42:42 -0800 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-secures-cloud-workloads-zscaler-zero-trust-exchange Ramping Up Secure Cloud: Zscaler Testimony to Senate Committee https://www.zscaler.de/blogs/company-news/ramping-secure-cloud-zscaler-testimony-senate-committee At a U.S. Senate Homeland Security and Governmental Affairs Committee roundtable this week, I was honored to be selected to testify on behalf of Zscaler in support of bipartisan legislation to improve the FedRAMP program. FedRAMP promotes cloud adoption across the federal government by providing standardized security and risk assessments for cloud service offerings based on a “certify once, use many times” approach. Zscaler’s FedRAMP authorizations allow agencies to use our cloud security tools with confidence in knowing that they meet federal security requirements. Senator Gary Peters (D-MI) chaired the roundtable and previously introduced bipartisan FedRAMP legislation to “make sure that agencies can procure cloud-based technology quickly, while ensuring these systems – and the information they store – are secure.” Senator Rob Portman (R-OH), the top-ranked Republican on the panel, noted that FedRAMP is “the conduit for a standard approach to assessing the security issues regarding cloud services” and probed participants for suggestions on how to improve the program and efficiencies. David Shive, CIO, General Services Administration (GSA) likewise affirmed the program’s role, “We are relying on FedRAMP to help implement the President's executive order on cybersecurity, to support agencies as they migrate to a zero trust architecture and generally to accelerate the adoption of modern cloud tools that improve agency efficiency, and ultimately the public's experience with their government.” Ashley Mahan, Acting Assistant Commissioner, Technology Transformation Services, GSA also discussed how the FedRAMP program has continued to evolve and progress through the implementation of automation tools and modernizing its processes. In my testimony, I emphasized the importance of FedRAMP, and the role the program played during COVID response by enabling the government to more quickly shift to adopting cloud services, which have already been proven and accredited by Federal security standards. Zscaler supports the Federal Secure Cloud Improvement and Jobs Act (S. 3099) and companion legislation that has already been approved by the U.S. House of Representatives. Importantly for cloud service providers, the legislation encourages reuse and reciprocal treatment by agencies of CSPs’ existing security authorizations. The FedRAMP bill would also boost resources for a small GSA program whose importance for agencies and industry partners has grown significantly as cloud adoption has accelerated across government. Zscaler’s mission is to make the cloud a safe place to do business and empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications anywhere, from any device. Like the FedRAMP program, Zscaler was born and built for the cloud. Two hundred billion transactions a day run across our platforms, and we make more than 200,000 updates each day to defend against new cyberattacks identified around the world. That is why we view FedRAMP as an important initiative and built our Zero Trust Exchange on two FedRAMP-High and Moderate-authorized platforms, as well as a Department of Defense Impact Level (IL) 5 certification. We are proud to be a champion of the FedRAMP program and are grateful for the opportunity to share our experience and support efforts to move modernization forward securely. Find more information and archived video of the Senate roundtable here. Thu, 02 Dez 2021 17:07:43 -0800 Stephen Kovac https://www.zscaler.de/blogs/company-news/ramping-secure-cloud-zscaler-testimony-senate-committee Innovation to Protect the World https://www.zscaler.de/blogs/company-news/innovation-protect-world As I reflect on Zscaler’s journey and progress over the last 14 years, it is clear that our solutions, which help organizations become more secure and agile in the cloud world, are having a positive impact on our customers. I know this will continue as we expand our services and customer reach globally, and I believe that our impact will extend beyond customers to benefit our rapidly changing society. Those who have followed our company’s journey are aware of the high standards we set for ourselves to seek out the right solutions. I firmly believe that the way we operate—with deep expertise rooted in the highest levels of integrity and responsibility—will continue to drive innovation that serves our customers, our business, and our society. As Zscaler enters a new stage of growth, it is important to share our approach to managing our environmental, social, and governance (ESG) focus areas with our customers, partners, investors, and broader communities. This transparency will help ensure that we build on our progress and continuously challenge ourselves to make an even greater longer-term impact. At Zscaler, we are passionate about creating meaningful change to address the challenges before us. As our company grows, we are presented with an immense opportunity and responsibility, and we stand committed to delivering value to our customers with digital solutions that allow them to operate more sustainably. The way people work and the way the world does business has been redefined, and our solutions provide customers with the flexibility to design their own modern workplaces by providing their employees with the same world-class cybersecurity protection and digital experience wherever they may be located. Our cloud-delivered solutions optimize computing resources, resulting in unprecedented levels of efficiency. Not only are our customers protected against real-time threats, but they’re also benefiting from an innovative and modern architecture that is an inherently environmentally conscious approach—with fewer servers and appliances, less rack space, and dramatically reduced power and cooling needs—compared to legacy approaches. As we help customers achieve their sustainability goals, we are committed to further minimizing our own impact on the planet with environmental objectives, and we are working towards setting greenhouse gas goals aligned with climate science. Our success is a direct result of the hard work and ingenuity of our employees. I am proud of our collaborative environment in which our employees embrace teamwork and are aligned in achieving our mission. We believe in rolling up our sleeves, acting on our convictions, questioning the status quo, and tackling tough problems head-on. Therefore, it is essential for us to invest in our people, let their passions come through, and encourage open dialogue that can lead to meaningful change. We do our best to attract, train, and elevate the best people possible while embracing diversity in our company and the communities where we live and work. I am deeply thankful to work alongside a team that embraces and champions these values and shares a vision of creating a safer, more sustainable world. I am proud of what we have accomplished so far, and I am eager to continue our shared journey to build a generational company. Additional information on our impact and approach can be found on our new ESG site. Thu, 04 Nov 2021 12:20:48 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/innovation-protect-world Siemens und Zscaler kooperieren bei der Entwicklung einer Zero-Trust-Lösung für industrielle Automatisierungsumgebungen. https://www.zscaler.de/blogs/company-news/siemens-and-zscaler-partner-extend-zero-trust-security-industrial-edge-smart-de Zscaler ist stolz, eine strategische Partnerschaft mit Siemens als globalem Innovationsführer im Bereich industrieller Automatisierung und Digitalisierung bekannt zu geben, um gemeinsam Cyberbedrohungen gegen industrielle Infrastrukturen und Herausforderungen des Remote-Zugriffs zu adressieren. Durch den Einsatz des Cloud-basierten Zero Trust Network Access-Services in Kombination mit der leistungsstarken lokalen Verarbeitungsplattform von Siemens lässt sich die Cybersicherheit für industrielle IT-, OT- und Automatisierungsumgebungen stärken. Die Lösung gewährleistet schnellen, nahtlosen und sicheren Remote-Zugriff auf Systeme und Maschinen in Fabrikhallen durch Mitarbeiter und externe Drittparteien, z. B. Anlagenbetreiber und Wartungstechniker. Existierende Systeme können durch Cloud-basierte Sicherheit erweitert werden, indem der Private Access App Connector von Zscaler als Docker-Container in SCALANCE LPE – der lokalen Verarbeitungsengine von Siemens – implementiert wird. Die Verbindung nach dem Zero-Trust-Prinzip ermöglicht zwischen authentifizierten Nutzer, Geräte und Anwendungen einen hochgradig gesicherten Zugriff auf industrielle Automatisierungsumgebungen. Damit wird der sichere Remote-Access so einfach möglich, wie nie zuvor. Die gemeinsame Lösung erweitert das Zero-Trust-Konzept auf OT- und IoT-Umgebungen und beschleunigt die OT/IT-Konvergenz und Sicherheitsreife für Unternehmen mit kritischen Fertigungs- und Produktionsumgebungen. Im Rahmen der gemeinsamen Markteinführung ist die Lösung ab sofort bei Zscaler und Siemens erhältlich. Ein neuer Ansatz für den sicheren Remote-Zugriff auf OT-Systeme Anlagenbetreiber und Eigentümer von OT-Systemen arbeiten aktuell an der Modernisierung ihrer industriellen Netzwerke und der Erweiterung der Konnektivität für externe Mitarbeiter, um Produktivitätsgewinne zu erzielen. Durch die Vernetzung der Werkshallen mit IT-Systemen lassen sich neue Geschäftspotenziale erschließen. Zugleich entstehen aber auch Schwachstellen, die nicht nur ein erhöhtes Risiko schwerwiegender Betriebsstörungen durch Cyberbedrohungen, sondern im schlimmsten Fall eine Gefahr für die Mitarbeiter bedeuten. Darüber hinaus können ungeplante Ausfallzeiten aufgrund von Cybersicherheitsvorfällen oder Netzwerkausfällen Anlagen und Mitarbeitern schweren Schaden zufügen, was wiederum Umsatzeinbußen und Rufschädigung nach sich ziehen kann. Bisher werden Mitarbeiter und externe Drittparteien zumeist über Virtual Private Networks (VPN) mit OT-Umgebungen verbunden. Diese Methode hat zwei entscheidende Nachteile. Zum einen leidet die User Experience, wenn der Zugriff über einen Rendezvous-Server und Jumphost erfolgt. Zweitens vergrößert sich dadurch die Angriffsfläche des Unternehmens. Gegen ein Festhalten an diesen herkömmlichen Ansätzen spricht außerdem, dass sie dem stetig zunehmenden Bedarf an Remote-Verbindungen zwecks virtueller Zusammenarbeit in IT/OT-Umgebungen sowie der wachsenden Verbreitung des Industrial Internet of Things (IIoT) schlichtweg nicht gewachsen sind. Der Bedarf für Zero Trust Früher waren OT-Umgebungen durch Air Gaps isoliert vom Internet aufgebaut. Doch heute erodiert diese Isolation zunehmend, und weit verbreitete VPN-Lösungen geraten ans ihr Limit, so dass neue Technologien zur Sicherung unternehmenskritischer Ressourcen erforderlich sind. Zero Trust bietet eine zukunftsfähige Alternative zum herkömmlichen VPN. Der zunehmende Trend zu dezentralen und hybriden Arbeitsmodellen ist mit nachhaltigen Veränderungen verbunden, die einzelne Unternehmen ebenso betreffen wie ganze Branchen. Dazu zählt insbesondere auch die Modernisierung der Sicherheitskonzepte, zumal Legacy-Technologien unter heutigen Vorzeichen keinen sicheren Remote-Access mehr gewährleisten. Voraussetzung für die Modernisierung von OT-Netzwerken zur Beschleunigung des Umstiegs auf sicherere Remote-Access-Implementierungen ist ein Zero-Trust-Ansatz. Maximale Produktivität bei minimalen Ausfallzeiten Durch die Kooperation zwischen Zscaler und Siemens können OT-Sicherheitsbeauftragte künftig hochgradig sicheren Remote-Zugriff auf industrielle Netzwerke für Mitarbeiter und externe Parteien gewährleisten. So wird maximale Produktivität bei minimalen Ausfallzeiten ermöglicht. Mit Zscaler Private Access kann befugten Mitarbeitern jederzeitiger Remote-Zugriff auf Bereiche mit Zugangsbeschränkungen (Produktionsanlagen, Testlabore usw.) gewährt werden. Jede Verbindung ist auf die jeweils benötigte Maschine und ihren Bereich beschränkt und wird unter Einhaltung von definierten Zugriffsrichtlinien und Frameworks zur Gewährleistung der Cybersicherheit hergestellt. Konkret bedeutet das, dass vorhandene Anlagen in systemrelevanten Fertigungsindustrien durch die Prinzipien des Zero-Trust-Konzepts verstärkt werden. Die Cloud-basierte Zero Trust Network Access-Lösung gewährleistet weltweit reibungslosen und unkomplizierten Remote-Zugriff auf OT-Netzwerke. Zugleich wird durch eine verkleinerte Angriffsfläche das Risiko von Cyberangriffen substanziell verringert. Vorteile der Zscaler-Lösung in Kombination mit dem SCLALANCE-Gerät von Siemens: Konnektivität – sicherer, flexibler und granularer Zugriff auf dezentrale Infrastrukturen, da das Unternehmen kontrolliert, welche User und Workloads mit den OT- und IoT-Edge-Netzwerken verbunden werden Schnell und zuverlässig – User werden auf dem kürzesten reibungslosen Pfad mit dem OT-Netzwerk verbunden; die Zscaler Cloud gewährleistet hochgradige Verfügbarkeit bei geringer Latenz Unkompliziert – eine einzige Software für den sicheren Remote-Zugriff auf alle OT- und IT-Ressourcen (Geschäfts- und Produktionssysteme sowie Cloud-basierte Daten und Anwendungen). Geringere Kosten und Komplexität – keine VPN-Infrastruktur mehr erforderlich; reduzierte Anforderungen an die Konnektivität und Firewall-Regeln durch festgelegte Internet-Breakouts Sofort einsatzbereit – SCALANCE-Produkte unterstützen die Zscaler-Technologie ohne weitere Anpassungen Legacy-Integration – genehmigte und authentifizierte Kommunikation auch mit Legacy-Geräten mittels Zero Trust-Gateways Konvergenz zwischen IT und OT Diese Innovation auf dem Gebiet der Cybersicherheit bedeutet einen wichtigen Schritt in Richtung der Konvergenz zwischen OT- und IT, die in der Branche mit Spannung erwartet wird. Eine Konvergenz, die die Kontrolle von OT- und IT-Netzwerken vereinheitlicht, trägt nicht nur zur Optimierung der IT-Ausgaben von Unternehmen, sondern insbesondere auch zur Modernisierung von OT-Sicherheitsprinzipien bei. Gerade dieser Aspekt ist angesichts der quasi täglich zunehmenden Gefährdung von Fertigungs- und Produktionsumgebungen durch Ransomware und andere Angriffe an Dringlichkeit kaum zu überbieten. Mit Hilfe von Zscaler wird Unternehmen die Integration von Sicherheitskonzepten zwischen OT und IT-Domänen ermöglicht. Durch den Einsatz von Trust für alle User in allen Netzwerken wird der sichere Remote-Access auf die benötigten Daten ermöglicht – unabhängig vom eigenen Standort und der jeweils verwendeten Netzwerkanbindung. Das Architekturdiagramm veranschaulicht die neue umfassende Lösung: Mitarbeiter an Remote-Standorten, in Zweigstellen und in der Unternehmenszentrale erhalten ebenso wie externe Drittparteien sicheren Zugriff auf die Anwendungen, Systeme und Geräte des Unternehmens und können auf alle Daten zugreifen, die sie im Rahmen ihrer Arbeit, für Wartungs- und Instandhaltungsaufgaben benötigen. Lösungen für den Schutz und der Arbeit von überall aus. Heute mit Zero durchstarten. Mit der gemeinsamen Entwicklung von Lösungen für sicheren Remote-Zugriff auf industrielle Umgebungen haben Zscaler und Siemens ein spannendes neues Kapitel in der Geschichte der Cybersicherheit aufgeschlagen. In enger Zusammenarbeit mit Experten für IT- und OT-Sicherheit sollen dadurch die Maßnahmen zur Abwehr von Cyberangriffen gestärkt und die IT und OT Transformation beschleunigt werden. Unsere Experten und Tools unterstützen Unternehmen aller Größen und Branchen beim erfolgreichen Umstieg auf Zero Trust. Partner-Information lesen Termin für ein Meeting vereinbaren Anfragen bitte an Siemens@zscaler.com richten Kostenlosen Test zur Bewertung der Angriffsfläche durchführen Links zum Thema Webseite: Was ist OT-Sicherheit? Webseite: Zscaler-Lösung für sicheren Zugriff auf OT-Systeme Pressemitteilung: Siemens and Zscaler Partner on Integrated Zero Trust Security Solutions for OT/IT Über Siemens Die Siemens AG (Berlin und München) ist ein Technologieunternehmen mit Fokus auf die Industrie, Infrastruktur, Mobilität und Gesundheit. Ressourceneffiziente Fabriken, widerstandsfähige Lieferketten, intelligente Gebäude und Stromnetze, emissionsarme und komfortable Züge und eine fortschrittliche Gesundheitsversorgung – das Unternehmen unterstützt seine Kunden mit Technologien, die ihnen konkreten Nutzen bieten. Durch die Kombination der realen und der digitalen Welten befähigt Siemens seine Kunden, ihre Industrien und Märkte zu transformieren und verbessert damit den Alltag für Milliarden von Menschen. Siemens ist mehrheitlicher Eigentümer des börsennotierten Unternehmens Siemens Healthineers – einem weltweit führenden Anbieter von Medizintechnik, der die Zukunft der Gesundheitsversorgung gestaltet. Darüber hinaus hält Siemens eine Minderheitsbeteiligung an der börsennotierten Siemens Energy, einem der weltweit führenden Unternehmen in der Energieübertragung und -erzeugung. Im Geschäftsjahr 2020, das am 30. September 2020 endete, erzielte der Siemens-Konzern einen Umsatz von 55,3 Milliarden Euro und einen Gewinn nach Steuern von 4,2 Milliarden Euro. Zum 30.09.2020 hatte das Unternehmen weltweit rund 293.000 Beschäftigte. Weitere Informationen im Internet unter www.siemens.com. Tue, 19 Okt 2021 04:18:30 -0700 Nicole Bucala https://www.zscaler.de/blogs/company-news/siemens-and-zscaler-partner-extend-zero-trust-security-industrial-edge-smart-de Zscaler’s Stephen Kovac Named Vice Chair for Alliance for Digital Innovation Board of Directors https://www.zscaler.de/blogs/company-news/zscalers-stephen-kovac-named-vice-chair-alliance-digital-innovation-board Zscaler is honored to announce that Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, was named Vice Chair of the Alliance for Digital Innovation (ADI)’s 2021 Board of Directors. Kovac will represent Zscaler alongside board members from EXCELLACORP, Salesforce, Amazon, Palantir Technologies, Splunk, Strongbridge LLC, Johnson Controls, VMware, Google, and NuAxis Innovations. ADI is a non-profit association of commercial companies helping to shape innovation in government and technology and drive IT modernization. ADI members are leaders who focus on innovation and emerging technologies within the government, often in the realm of artificial intelligence, cybersecurity, cloud computing, and mobile technologies. Kovac’s role underscores Zscaler’s commitment to supporting federal modernization. “Zscaler is committed to collaboration to drive modernization progress,” said Kovac. “I look forward to representing Zscaler as a voice for change and am honored to work alongside top industry leaders who share the same goal.” We have believed in the ADI mission since the beginning, and I look forward to driving the agenda and helping to grow ADI membership and impact into the future.” Zscaler is committed to enabling zero trust-based secure access, to keep Federal employees secure and productive. Steps over the past year include: The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) named Zscaler a collaborator on its’ Zero Trust Architecture Project – which focuses on developing approaches to implementing zero trust within government and industry The Pentagon’s Defense Innovation Unit (DIU) issued Zscaler a success memo for completion of Secure Cloud Management (SCM) prototypes The FedRAMP Joint Authorization Board (JAB) prioritized Zscaler Internet Access (ZIA) for authorization at the High Impact Level. ZIA and Zscaler Private Access (JAB authorized at the High Impact Level) are the core of the Zscaler Zero Trust Exchange For more information on ADI and its efforts, visit the website here. Tue, 19 Okt 2021 08:00:02 -0700 Josie Smoot https://www.zscaler.de/blogs/company-news/zscalers-stephen-kovac-named-vice-chair-alliance-digital-innovation-board Zscaler Internet Access (ZIA) und CrowdStrike: Zero-Trust-Zugangskontrolle basierend auf der Device Security Posture https://www.zscaler.de/blogs/company-news/zscaler-internet-access-zia-and-crowdstrike-zero-trust-access-control-based Das herkömmliche Sicherheitsperimeter wird durch die Zunahme der mobilen Arbeit immer weiter obsolet. Am besten lässt sich diese neue Normalität durch die Einführung eines Zero-Trust-Modells schützen. Zero Trust wird oft als perimeterlose Sicherheit bezeichnet, da keinem User oder Gerät automatisch vertraut wird. Jedes Gerät, das eine Verbindung zum Netzwerk herstellt, muss authentifiziert werden und über eine Berechtigung für den erforderlichen Zugang verfügen. Zusammen vereinfachen CrowdStrike und Zscaler die Einführung von Zero Trust. Die Einführung von Zero-Trust-Sicherheit  Bild: Zscaler Die frühere Integration von Zscaler Private Access (ZPA) und CrowdStrike erwies sich für unsere Kunden als äußerst wertvoll. Sie umfasste Funktionen wie kontinuierliche Zero-Trust-Kontrollen, bedingte Zugangskontrolle für Endgeräte und Gewährung eines privilegierten Zugriffs auf private Applikationen im Rechenzentrum oder in der öffentlichen Cloud auf der Grundlage der Identität des Users und der Security Posture des Endgeräts. Eine umfassende Sicherheit von Gerät zu Anwendung wurde dadurch gewährleistet, dass ausschließlich autorisierte User Zugriff erhielten und Geräte im Fall einer mit Malware infizierten Appliance isoliert werden konnten. Diese Funktion wurde nun auf den Zugriff auf Internetanwendungen erweitert.  Zero Trust mit der Integration von Zscaler und CrowdStrike  Zscaler Internet Access (ZIA) liefert einen vollständigen Security-Stack als Cloud-Service und trägt so zum Schutz von Internet- und SaaS-Verbindungen bei. CrowdStrike Falcon ZTA (Zero Trust Assessment) unterstützt Falcon Zero Trust durch die Bereitstellung kontinuierlicher Sicherheits- und Compliance-Kontrollen für Endgeräte in Echtzeit. Gemeinsam bieten diese Technologien eine leistungsstarke End-to-End-Sicherheitslösung.  Mit dieser Integration erfolgt vor der Gewährung des Zugriffs auf Internetanwendungen eine Beurteilung der Device Posture und des Gesundheitszustands des Geräts durch CrowdStrike. Kunden beider Unternehmen erhalten mit dieser integrierten Lösung eine adaptive, risikobasierte Zugangskontrolle mit optimierter Abwehr, da nur gut geschützte Geräte eine Verbindung zu diesen SaaS-Anwendungen aufbauen dürfen. ZIA + CrowdStrike gibt Unternehmen die Möglichkeit zur Erstellung von Zugangskontrollen und -richtlinien auf der Grundlage der Präsenz eines CrowdStrike-Agents auf dem Endgerät und zusätzlich auf der Grundlage der ZTA-Gesundheitsbewertung, die für jedes Gerät berechnet wird. Die Gesundheitsbewertung liefert weitere Erkenntnisse über die Device Posture. ZIA nutzt diese Informationen, um dem Gerät den Zugriff auf Internetanwendungen zu erlauben oder zu verweigern. Die ZTA-Bewertung wird bei jeder Verbindungsanfrage ermittelt. Dadurch passt sich der bedingte Zugang an den Zustand des Geräts an, der sich im Laufe der Zeit verändert. Unternehmen können auf Basis der CrowdStrike Posture benutzerdefinierte Vertrauensgruppen für Geräte erstellen und so einen bedingten Zugang erteilen, wie unten dargestellt.   Wie profitieren die Kunden von dieser Funktion? Gemeinsamen Kunden von Zscaler und CrowdStrike bieten sich folgende Vorteile: Kontinuierliche Beurteilung der Sicherheitslage und Compliance-Kontrollen der Endgeräte in Echtzeit. Gewährleistung, dass nur sichere Geräte Zugriff auf Internetanwendungen haben. Festlegung von Richtlinien für SaaS-Anwendungen auf der Grundlage der Posture und des Status aus der API von CrowdStrike. Die Integrationslösung aus ZIA und CrowdStrike ermöglicht Usern einen sicheren und nahtlosen Zugriff auf Internetanwendungen – von jedem Standort und jedem Gerät aus. Tue, 12 Okt 2021 07:26:27 -0700 Ranjani Ramamurthy https://www.zscaler.de/blogs/company-news/zscaler-internet-access-zia-and-crowdstrike-zero-trust-access-control-based Siemens and Zscaler Partner to Extend Zero Trust Security to the Industrial Edge for Smart Factories https://www.zscaler.de/blogs/company-news/siemens-and-zscaler-partner-extend-zero-trust-security-industrial-edge-smart Zscaler is proud to announce a new strategic partnership with Siemens, the global powerhouse in industrial automation and digitalization, to address emerging cyber threats posed to industrial infrastructure and remote collaboration challenges for discrete and process industries. Together, Zscaler and Siemens strengthen cybersecurity for industrial environments by combining Zscaler’s cloud-delivered zero trust network access service with Siemens’s powerful local processing platform. The solution provides fast, seamless, and secure remote access to factory-floor systems and machines for employees and third parties, such as plant operators and maintenance technicians. With cloud-delivered security, you can dynamically expand existing systems by running the Zscaler Private Access App Connector as a Docker container on Siemens’ SCALANCE LPE local processing engine to provide highly secure access to industrial automation environments via a zero trust connectivity method. Deployment of secure remote access has never been easier. Our joint solution extends zero trust to OT and IoT environments and accelerates OT/IT convergence and security maturity for enterprises with critical manufacturing and production environments. This offering is now available to customers through joint Zscaler and Siemens go-to-market efforts. Solving the OT remote access challenge Today, plant operations and OT system owners are modernizing their industrial networks and expanding connectivity for their remote workforce to boost productivity. While interconnecting the factory floor to IT systems unlocks business value, it also creates vulnerabilities and increases the risks of cyber threats critically disrupting your operations – or worse putting workers in danger. In addition, unplanned downtime from cyber security incidents or network outages can cause serious harm to plants and personnel, resulting in revenue loss and reputational impact. Traditionally, employees and third parties are connected to OT environments via virtual private networks (VPN). There are two challenges with this that need to be considered. First, the cumbersome user experience [hop through rendezvous server and jump host]. Second, the expanded attack surface. In the traditional approach, employees and third parties are connected to OT environments via management systems for virtual private networks (VPNs. However, due to the increasing amount of required remote connections for IT/OT collaboration or IIoT, these traditional solutions are being stretched to their limits. The need for zero trust OT environments were once islands, air-gapped from the internet. These air gaps are eroding and no longer enough. Since even VPN solutions widely used in the past will reach their limits, we need a new paradigm for industry cybersecurity. Enter zero trust. As today’s work-from-anywhere society reshapes companies and industries in lasting ways, it is important to modernize security concepts, especially as legacy technology that is unable to support secure remote access in the most secure manner. Our future calls for a zero-trust approach when modernizing OT networks in order to accelerate the move to more secure remote access implementations for OT. Preventing operational disruption and downtime Together, Zscaler and Siemens provide OT security teams with highly secure remote access to their industrial networks for employees and third-party users, maximizing productivity and uptime. With Zscaler Private Access, you can allow employees to continuously and remotely access restricted areas (e.g. manufacturing areas, restricted labs). The connection is limited to the concerned machine network and restricted area, and complies with cybersecurity rules and frameworks. In this way, critical manufacturing and production industries can now empower existing automation networks with Zero Trust principles. Choosing fully cloud-delivered OT zero trust network access solutions provides seamless, easy access from anywhere in the world, while eliminating the attack surface and significantly reducing the risk of a cyberattack. Joint benefits of Zscaler and Siemens SCALANCE device: Connectivity – Control who and what connects to your OT and IoT edge networks for secure, flexible, granular access to distributed operational infrastructure Fast, Reliable – Users get the shortest, frictionless path to the OT network. Zscaler cloud designed for high availability and low latency Simplicity – One software for secure remote access to OT and IT business, production and cloud resources. Reduces cost and complexity – Eliminates the need for VPN infrastructure. Reduced connectivity demands and firewall rules by means of specified internet breakouts. Out of the box – SCALANCE products support Zscaler technology out of the box Legacy integration – authorized and authenticated communication also with legacy devices by means of zero trust gateways IT/OT convergence I am particularly excited about this new innovation in cybersecurity because it is a major step forward in OT/IT convergence, which the industry has been long anticipating. A convergence in controls of the OT and IT networks not only simplifies enterprise IT spend, but it also helps modernize OT security principles, which becomes more critical every day given the ransomware and other mounting threats against manufacturing and production environments. Now, with Zscaler, an enterprise can leverage integrated security concepts between OT and IT domains, leveraging zero trust for all users in all networks to securely and remotely access the data they need to do their jobs, no matter where they are, or what network connection they use. This comprehensive architectural diagram below cleanly depicts the now encompassing solution that enables remote workers, branch office workers, corporate headquarter workers, and third party partners to access applications, systems and devices where they may need to access data to perform employment functions, conduct servicing and maintenance, or other duties: Protect and empower your anywhere workforce. Start with zero today. Introducing Zscaler and Siemens’ joint industrial secure remote access solutions is very exciting for us. We’re working with OT and IT security professionals to help strengthen their arsenal of cyber defenses and accelerate their OT and IT transformation. Take advantage of our experts and tools designed to help you succeed in your zero trust journey. Learn more: Read the Zscaler and Siemens partner brief Set up some time to meet with us Contact us at Siemens@zscaler.com Take our free attack surface assessment Related Links Webpage: What is OT Security? Webpage: Zscaler Secure Remote Access for OT Systems Press Release: Siemens and Zscaler Partner on Integrated Zero Trust Security Solutions for OT/IT About Siemens Siemens AG (Berlin and Munich) is a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation as well as advanced healthcare, the company creates technology with purpose adding real value for customers. By combining the real and the digital worlds, Siemens empowers its customers to transform their industries and markets, to transform the everyday for billions of people. Siemens also owns a majority stake in the publicly listed company Siemens Healthineers, a globally leading medical technology provider shaping the future of healthcare. In addition, Siemens holds a minority stake in Siemens Energy, a global leader in the transmission and generation of electrical power. In fiscal 2020, which ended on September 30, 2020, the Siemens Group generated revenue of €55.3 billion and net income of €4.2 billion. As of September 30, 2020, the company had around 293,000 employees worldwide. Further information is available on the Internet at www.siemens.com. Thu, 23 Sept 2021 08:00:01 -0700 Nicole Bucala https://www.zscaler.de/blogs/company-news/siemens-and-zscaler-partner-extend-zero-trust-security-industrial-edge-smart Zscaler is First and Only Cloud-based SaaS Security Company to Achieve StateRAMP Ready Status https://www.zscaler.de/blogs/company-news/zscaler-first-and-only-cloud-based-saas-security-company-achieve-stateramp-ready This week, Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) achieved StateRAMP Ready status, underscoring Zscaler’s commitment to securing state and local government employees and data. The newly announced StateRAMP Authorized Vendor List gives state and local government IT and procurement officials confidence in their cloud service provider’s data security capabilities and provides a central location for sourcing service providers using or offering infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), and/or platform-as-a-service (PaaS) solutions that process, store, and/or transmit government data. The program aims to drive consistent cybersecurity defenses across vulnerable state and local government organizations. It is modeled in part after FedRAMP, and is based on a “certify once, use many” concept that saves time and reduces costs for both service providers and government agencies. Like FedRAMP, StateRAMP relies on independent third-party assessment organizations (3PAOs) to conduct assessments. “StateRAMP will help state and local government agencies improve their cybersecurity posture and drive more consistent cyber defenses. With the ever-increasing cyber threats, attacks, and breaches, participation and expertise from companies including Zscaler is critical to success,” said David Cagigal, Former CIO of Wisconsin. “It is encouraging to see government and industry come together and continually evolve to better serve constituents across the country.” “Zscaler is committed to partnering with government agencies to improve cyber defenses and secure the public sector. We were involved with FedRAMP from the beginning and are very encouraged to see and support the 'certify once use many’ approach that FedRAMP coined being adopted at the state level,” said Stephen Kovac, Chief Compliance Officer at Zscaler. “FedRAMP and now StateRAMP are excellent examples of how policy driver compliance programs can be incredibly efficient, speed up innovation, and build upon the partnerships between private industry and the government.” “Zscaler was a fantastic partner to conduct testing the StateRAMP Fast Track process. Their documentation, system information, and audit results were professional, accurate, and provided in a well organized and easy to review structure,” said Noah Brown, PMO Director, StateRamp. “The PMO thanks the Zscaler team for the communication, attention to detail, and for working diligently to answer our questions as we worked through this process.” As hybrid work continues, state and local governments continue to accelerate digital transformation initiatives. But transformation also increases risk with a dramatically expanded attack surface that must be protected. ZPA and ZIA are the core of the Zscaler Zero Trust Exchange, providing innovations that help customers accelerate digitalization with confidence. “We’ve completely changed the cybersecurity posture of the State of Oklahoma, with Zscaler playing an integral part of our transformation,” said Matt Singleton, CISO, Office of Management and Enterprise Services, State of Oklahoma. “We now have unprecedented visibility into the environment. We can respond faster and forecast where we may have issues and address those areas before they become a problem.” ZPA is a zero trust solution that connects authorized users directly to agency-approved private applications without being placed on the network, which dramatically reduces cyber risk. This approach significantly improves application performance and the user experience and reduces the attack surface and the associated risk of malware, ransomware, and other threats. The experience is identical whether the agency application is hosted in the government data center, or in destination clouds such as AWS GovCloud, Azure Government, or the Google Cloud Platform. ZIA is a cloud security service that transforms networks by delivering cloud-based internet and web security that scales to all users, whether they are on or off network. ZIA leverages a cloud-native proxy to allow organizations to secure all online and SSL traffic. By securely following all users, applications, and devices, regardless of location, ZIA enables a zero trust approach to SaaS application and website access that helps reduce risk and restore compliance. For more information on StateRAMP, visit https://stateramp.org/ Tue, 14 Sept 2021 09:30:59 -0700 Ian Milligan-Pate https://www.zscaler.de/blogs/company-news/zscaler-first-and-only-cloud-based-saas-security-company-achieve-stateramp-ready Zscaler Launches Partner Demand Center to Support Partner Demand Gen Efforts https://www.zscaler.de/blogs/company-news/zscaler-launches-partner-demand-center-support-partner-demand-gen-efforts Did you know that Partner co-marketing efforts that leverage digital channels see four times the pipeline of non-digital partnerships? But digital marketing is often easier said than done, right? At Zscaler, our Global Partner Marketing team wants to make it as easy as possible for you to generate quality leads through digital co-marketing and build brand affinity online with your customers, no matter your marketing skillset, organization, or budget size. That's why today we are excited to announce the launch of the Partner Demand Center (PDC), a self-service and easy-to-use platform designed to help our Partners execute turn-key digital marketing activities at no cost. The PDC enables you to: Create demand and build pipeline with ready-to-launch email campaigns around zero trust, cyber threats, ransomware, and more! Launch microsites and website syndication with the latest zero trust content–no coding experience required. Strengthen your social selling skills through one-click social syndication on your personal or company pages Easily access searchable, diverse, and co-brandable Zscaler content Access valuable lead details, campaign measurement, and analytics tools We are excited to help our Partners achieve their digital co-marketing goals with the Partner Demand Center. To learn more, please join us for Partner RevUp LIVE next week where we will go into more detail and share a live demo of the platform. Date: Sep 22, 2021 07:00 AM PST Register Here To explore the PDC today, log in to the Partner Portal and click the “Marketing” tab in the toolbar. If you do not have an existing Partner Portal account you can easily apply here. For help logging in to the Partner Portal, please contact PartnerPortal@Zscaler.com for assistance. Thu, 16 Sept 2021 07:00:01 -0700 Elorie Widmer https://www.zscaler.de/blogs/company-news/zscaler-launches-partner-demand-center-support-partner-demand-gen-efforts Zscaler Executives Honored to Receive Federal 100 Awards https://www.zscaler.de/blogs/company-news/zscaler-executives-honored-receive-federal-100-awards Zscaler is honored to share that Stephen Kovac, Vice President of Global Government and Head of Corporate Compliance, and Drew Schnabel, Vice President, Federal, were honored as Federal 100 Awards winners at a ceremony on August 27—celebrating both 2020 and 2021 awardees. The Federal 100 Awards are the most prestigious awards in the federal IT industry, celebrating government and industry leaders who have gone above and beyond to demonstrate the innovative ways technology is transforming government—something both Kovac and Schnabel continue to exemplify. Drew Schnabel, a 2021 winner, was selected for his tireless efforts as a vocal advocate for zero trust security. Schnabel understands the value of industry/government collaboration and has been instrumental in bringing the Department of Defense (DoD) SkillBridge program to Zscaler, which gives military service members the opportunity to participate in industry-sponsored positions, gaining experience and training as they transition into the civilian workforce. Stephen Kovac, a 2020 winner, was honored for his relentless work to remove roadblocks to Federal cloud adoption, raising awareness, and educating policymakers and Federal IT leaders about opportunities for progress. He is the industry’s most vocal advocate for Trusted Internet Connection (TIC) reform, a significant barrier to cloud in government, in addition to supporting Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) reform efforts. Zscaler is committed to improving the nation’s cybersecurity posture and helping federal IT leaders embrace a cloud-delivered approach to enabling zero trust and delivering fast, seamless, and secure access across the entire ecosystem. Over the past year, Zscaler has taken a series of important steps, moving us closer to this goal: Zscaler was named a collaborator on the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) by implementing a zero trust architecture project which brings government and industry together to demonstrate various approaches to building a zero trust architecture. Zscaler joins 17 other technology companies on the project, underscoring the critical importance of collaboration between the public and private sectors. Zscaler received a success memo from the Pentagon’s Defense Innovation Unit (DIU) for successfully completing Secure Cloud Management (SCM) prototypes as part of a year-long process where the DIU evaluated service offerings that deliver fast, secure, and controlled access by DIU users to software-as-a-service (SaaS) apps directly over the internet. Zscaler Prioritized Joint Authorization Board (JAB) and FedRAMP certification for Zscaler Internet Access (ZIA) at the High Impact Level through the FedRAMP Connect program. ZIA, combined with Zscaler Private Access (ZPA), are the core of the Zscaler Zero Trust Exchange. ZPA is JAB authorized at the High Impact Level. The full list of 2020 winners is here and 2021 winners are here. Tue, 07 Sept 2021 12:21:49 -0700 Josie Smoot https://www.zscaler.de/blogs/company-news/zscaler-executives-honored-receive-federal-100-awards For Australian Enterprises of All Sizes, the Future Starts with Zero https://www.zscaler.de/blogs/company-news/australian-enterprises-all-sizes-future-starts-zero I am thrilled to announce that Zscaler has selected Orca Tech to be our exclusive distributor for Australia and New Zealand (ANZ). Orca Tech is the only value-added distributor in the region solely focused on cybersecurity and analytics, and, like Zscaler, the company has been a disruptor since its founding. As a result of the company’s security focus and the expertise of its dedicated teams, Orca has grown by a staggering 1,059 percent over the past three years. To help companies in the ANZ region transform securely for the modern, cloud-enabled world, Orca is exactly the right kind of partner for Zscaler. Customers across the region are looking for innovative solutions to help them secure all their connections, regardless of where employees may be working or where the applications and data may be hosted. Zscaler has many enterprise customers in the region who are relying on our technology to securely connect users, devices, and applications. For some, Zscaler has played a central role in their ability to support a 100 percent remote workforce early in the pandemic, including National Australia Bank (NAB). But the new partnership with Orca will enable Zscaler to expand its ability to meet the needs of the region’s small to medium enterprise prospects. We’re particularly excited to be able to support ANZ partners that are more aligned to businesses with fewer than 1,000 users. Now, through Orca Tech's partner network, those partners will be able to offer small and medium companies the capabilities of the Zscaler Zero Trust Exchange, the platform on which all Zscaler services are built. These companies, like enterprises of all sizes around the world, need to modernize their infrastructures and security to enable today’s mobile and hybrid workforce and cloud workloads. The Zscaler platform, built on the principles of zero trust, is the unified solution to meet modern business needs. Zscaler’s disruptive cloud-native architecture enables enterprises to break free from legacy approaches to networking and security that are as costly as they are complex and replace them with a zero trust approach that provides a great experience for users while blocking cyberattacks and preventing data loss. Unlike legacy, disjointed, on-premises security products, Zscaler’s proxy-based architecture unifies all security and access control services, with end-to-end visibility so that any performance issues can be spotted and remediated immediately. Our internal team will be working closely with Orca Tech to support customers throughout Australia and New Zealand with their secure digital transformation initiatives. Additional resources: Case study: Kubota Australia Website: Orca Tech Case study: Salmat Case study: GHD Case study: Cenitex Thu, 02 Sept 2021 09:28:05 -0700 Foad Farrokhnia https://www.zscaler.de/blogs/company-news/australian-enterprises-all-sizes-future-starts-zero Tauchen Sie jetzt in Zero Trust ein https://www.zscaler.de/blogs/company-news/tauchen-sie-jetzt-zero-trust-ein Der Gartner Zero Trust Market Guide 2020 sagt voraus, dass in nur zwei Jahren 80 Prozent der Unternehmen über Zero Trust Network Access (ZTNA) adaptiert und so auf ihre internen Applikationen zugreifen werden. Nach dem Report werden darüber hinaus ZTNA-Sicherheitslösungen schon bald herkömmliche Sicherheitslösungen, wie Virtual Private Networks (VPN) verdrängen, die für Remote Mitarbeiter oder Drittparteien beim Fernzugriff eingesetzt werden. ZTNA und andere Cloud-basierte Sicherheitsansätze rücken aus zwei Gründen in den Mittelpunkt der IT-Planungen: Herkömmliche Lösungen unterstützen Initiativen zur Transformation von Unternehmensnetzwerken nicht adäquat. Große, auf hardwarebasierte Sicherheit ist oft teuer und skaliert nicht, um dem zusätzlichen Datenverkehr Herr zu werden, der durch die Cloud entsteht. Im vergangenen Januar hätte ich Gartners optimistischer Einschätzung der ZTNA-Akzeptanz zugestimmt. Dann kam die COVID 19-Krise. Unternehmen verlagerten ihre Anstrengungen auf die Aufrechterhaltung ihres Geschäftsbetriebs. In Zeiten großer Unsicherheit wurde dabei auf bekannte Technologien zurückgegriffen, so dass Unternehmen mit der Erweiterung bestehender VPN-Systeme auf die besondere Situation reagierten (auch wenn es sich dabei nicht unbedingt um den besten Lösungsansatz handelte). Aber als ganze Organisation zu Work-from-Home (WFH)-Szenarien übergingen, wurde die Umsetzung langfristiger und strategischer Sicherheitspläne zugunsten taktischer Initiativen ausgesetzt. Nach dem „Tag eins“ der Krise nahmen die Business-Continuity-Pläne (BCP) im weiteren Verlauf drei verschiedene Wege: Unternehmen agierten entweder vorsichtig, bedächtig oder couragiert. Dabei möchten wir hier den Vergleich mit dem Sprungturm im Schwimmbad ziehen, bei dem sich die drei Kinder auf drei unterschiedlichen Ebenen des Sprungbretts wiederfinden: auf dem Ein-Meterbrett, auf drei und auf fünf Metern Höhe. Vorsichtig Das erste Kind auf der niedrigsten Höhe - dem Ein-Meterbrett - springt direkt ins Wasser: geringes Risiko, geringe Bedenken. Dies ist der „vorsichtige“ Ansatz. Im Kontext der Unternehmenssicherheit beinhaltet der Business-Continuity-Plan mit der Metapher des Sprungbretts die Aufstockung von VPN-Kapazität, um den aktuellen „Work-from-Home“-Anforderungen gerecht zu werden. Solange auf die erforderliche Kapazität aufgestockt wurde, können konsistent agierende Unternehmen mit geringen Einschränkungen im laufenden Betrieb oder auf die Produktivität wie bisher weiteroperieren. Der vorsichtige Ansatz bietet unterbrochenen Anwendungszugriff ohne neue Tools oder Systeme. Längerfristige Pläne zur Umgestaltung des Netzwerks werden nicht beeinträchtigt, und der Geschäftsbetrieb läuft weiter wie bisher. Es gibt nicht genug (oder gar keine) Schmerzen, um einen Wechsel zu einer Zero Trust-Strategie einzuleiten. Im Hinblick auf die Sicherheit verlieren diese Unternehmen allerdings, denn die inhärenten VPN-Risiken steigen exponentiell an. WFH erhöht das Risiko für das Netzwerk. Eine größere Anzahl von VPN-Usern erhöht die Angriffsfläche des Netzwerks: Perimeter-basierte Sicherheit muss jede einzelne Remote-Netzwerkverbindung umschließen (Jeder Remote-Mitarbeiter kann quasi als neue Zweigstelle betrachtet werden). Diese erweiterte Angriffsfläche bleibt so lange bestehen, bis sich die Umstände ändern. Und Bedrohungsakteure setzen genau dort an, wie beispielsweise der REvil-Angriff auf ungepatchte VPN-Server belegt. Wenn es um den Schutz der „Kronjuwelen“ eines Unternehmens geht, können weiterhin Legacy-Lösungen wie Virtual Routing and Forwarding (VRF), Firewalls oder Network Access Control (NAC) eingesetzt werden, um zu kontrollieren, wer auf was im Netzwerk zugreift. Unternehmen sollten sich jedoch darüber im Klaren sein, dass diese Legacy-Lösungen teuer in der Implementierung und komplex in der Verwaltung sind. Alles in allem ein Ansatz, welcher die Problematik (durch Corona ausgelöst) gelöst, allerdings nicht gemeistert hat, geschweige denn ist das Unternehmen IT-technisch in der Umsetzung neuer Modelle weitergekommen. Die Unternehmen liegen eher zurück und binden sich durch Legacy Modelle vertraglich für die nächsten Jahre. Hohe Kosten und Komplexität sind die Folge. Bedächtig Das nächste Kind klettert auf das Drei-Meterbrett: höheres Risiko, und etwas mehr Bedenken. Dies ist vergleichbar mit einem bedachten Unternehmenskurs. Organisatorisch stellen sich solche Unternehmen schnell auf die neue Krisenrealität ein. Die Erweiterung der Kapazität von Legacy-Systemen, um Remote-Mitarbeiter funktionsfähig zu machen, würde intensive (und wahrscheinlich kostspielige) Anstrengungen erforderlich machen. Bei der Evaluierung erkennt die Unternehmensführung, dass veraltete Netzwerksicherheitstechnologien eine Einschränkung für die Flexibilität bedeuten. In diesem Fall stellt die Pandemie ein Anwendungsszenario dar, um Zero Trust als Lösung für die Netzwerktransformation auf den Prüfstand zu stellen. Es bietet sich die Chance für Testgruppen, um die Funktionalität von ZTNA mit VPNs zu vergleichen. (Für die Einführung einer ZTNA-Lösung empfiehlt Gartner Research den Einsatz einer Pilotgruppe, um Transformationslösungen im Vergleich zu Legacy-Netzwerken zu evaluieren.) Die Unternehmung entscheidet sich für eine kurzfristige Beantwortung der Krisenrealität auf Basis von Legacy, hat allerdings sich strategisch mittel bis langfristig auf Zero Trust festgelegt. An einer ganzheitlichen Transformation sind in der Regel zahlreiche Interessengruppen im Unternehmen beteiligt. Das bedeutet, dass Unternehmen vielfältige architektonische Risiken und Bedenken berücksichtigen müssen. Während die Pandemie den Adoptionsprozess vermutlich beschleunigte, hängt das Fortfahren mit einem Zero Trust-Ansatz auch von dem Erkennen der damit einhergehenden Vorteile ab. Außerdem wurden durch einen Testlauf weitere (z.B. vertragliche oder finanzielle) Verpflichtungen deutlich, die mit Legacy-Architekturen verbunden sind. Jetzt ist es an der Zeit, Auswertungen des Tests von Zero Trust gegenüber Legacy-Lösungen zu evaluieren. Durch diese Erkenntnisse kann das Interesse anderer Teams und Geschäftseinheiten im Unternehmen geweckt werden. Unternehmen sollten sich dafür Unterstützung von Zero Trust-Anbietern oder vertrauenswürdigen Beratern und internen Champions holen. Couragiert Das dritte Kind klettert bis auf das Fünf Meter-Sprungbrett: hohes Risiko, große Bedenken vor dem Sprung. Das Fünf-Meterbrett mag auf den ersten Blick Respekt-einflösend wirken und dadurch Unsicherheit oder sogar Angst auslösen. Bei dieser Option ist Courage gefragt. Das couragierte Unternehmen hält nicht an überkommenen Architekturen fest oder nimmt die Transformation halbherzig vor, sondern startet sofort mit seiner Transformationsstrategie durch. Dieser Ansatz birgt ein Risiko in sich. Die Einführung einer neuen Transformationstechnologie bei gleichzeitiger Bewältigung der Pandemie geht mit Herausforderungen in Bezug auf Ressourcen, Kosten und Reaktionsfähigkeit einher. Der Ersatz von Legacy-VPN-Systemen durch eine Zero Trust-Lösung ist dennoch ein geeigneter erster Schritt. Das IT-Team ermöglicht daher erst einmal Zugriff zu Anwendungen auf welche die Benutzer zugreifen (ähnlich wie mit dem Legacy VPN). Hierdurch erfährt man die Sichtbarkeit wo sich die Anwendungen befinden (in einem internen Rechenzentrum oder in einer Cloud-Umgebung). Die schiere Anzahl von Anwendungen mag IT-Administratoren angesichts der Verbreitung von Schatten-IT überraschen (und oft überrascht ebenso der fehlende vorhandene Überblick in den Datenverkehr der User zu diesen Apps). Sobald die Sichtbarkeit gewonnen ist, kann der Kontext hergestellt werden und die IT kann die Richtlinien festlegen, welche Benutzer auf welche interne und externe Anwendungen zugreifen dürfen. Ein umfassendes Audit zu den Datenströmen und zum Applikationsinventar bringt einen guten Einblick sowohl in den Netzwerkverkehr des Unternehmens als auch in das Verhalten der User im Netzwerk. Das Festlegen von Richtlinien in einer Zero Trust-Architektur kann - zumindest am Anfang - wie eine entmutigende Aufgabe erscheinen. Aus diesem Grund entscheiden sich viele Unternehmen dafür, von einem niedrigeren Sprungbrett aus in den Transformationspool zu springen. Sie befürchten, dass die Richtlinien die Produktivität der Mitarbeiter behindern (zu restriktiv) oder die Angriffsfläche des Netzwerks vergrößern (zu freizügig). Aber mit dem höheren Risiko kommt auch die größere Belohnung: couragierte Unternehmen profitieren von den unmittelbaren Vorteilen einer Zero Trust-Lösung, wie höhere Sicherheit und bessere Leistungsfähigkeit, und schaffen eine agile Konnektivitätsumgebung, die sich an Veränderungen anpassen kann. Zero Trust unterstützt die Art der Netzwerktransformation, die Unternehmen Wettbewerbsvorteile und bessere Kundenerfahrungen verschafft. (Und diese Auswirkungen werden wichtig sein, wenn wir die aktuelle Krise überwunden haben). Eintauchen in Zero Trust Die drei Antwortstrategien auf die Pandemie sind wie unsere drei Turmspringer: Sie können alle einen sauberen und sicheren Sprung in den Transformationspool hinlegen, ohne harten Aufprall. Die Geschäftskontinuität während der Pandemie erforderte einen Herkules-artigen Kraftakt, egal welchen Weg ein Unternehmen wählte. Der Unterschied liegt darin, wie die Unternehmen aufgestellt sind, wenn die Krise überwunden ist. „Vorsichtige“ Unternehmen werden letztlich genauso weitermachen wie bisher. Dabei hinken sie in ihrer Transformation allerding der Konkurrenz einen Schritt hinterher. „Bedächtige“ Unternehmen werden über aussagekräftige Daten verfügen, die sie für die Weiterentwicklung ihrer Strategiepläne nutzen können. Und „couragierte“ Unternehmen werden die Nase vorn haben, da die Vorteile einer ganzheitlich umgesetzten Transformation ihre Geschäftsziele voranbringen. Es gibt viele Diskussionen über die Frage, was nach der Pandemie passieren wird. Werden wir jemals zu einem Normalzustand zurückkehren oder hatte die Pandemie Katalysatorfunktion? Meiner Meinung nach werden WFH-Richtlinien und -Praktiken ein fester Bestandteil der Unternehmenskultur werden, eine „Go-to“-Strategie als Teil der Business Continuity-Planung und letztlich ein Einstiegspunkt für die Netzwerktransformation selbst. Der Bedarf an flexiblem, skalierbarem und sicherem Anwendungszugriff bleibt bestehen. Deshalb ist jetzt ein guter Zeitpunkt mit der Netzwerktransformation zu beginnen und auf das höchste Sprungbrett zu klettern. Tue, 17 Aug 2021 03:58:12 -0700 Kevin Schwarz https://www.zscaler.de/blogs/company-news/tauchen-sie-jetzt-zero-trust-ein National Cybersecurity Center of Excellence (NCCoE) Selects Zscaler as Technology Collaborator for Implementing a Zero Trust Architecture Project https://www.zscaler.de/blogs/company-news/national-cybersecurity-center-excellence-nccoe-selects-zscaler-technology Strengthening the nation’s cybersecurity requires more — and better — collaboration between the public and private sectors. That’s why we are honored to announce that the National Institute of Standards and Technology (NIST)’s National Cybersecurity Center of Excellence (NCCoE) has selected Zscaler as one of its partners in a new Zero Trust Architecture Project. Zscaler will work alongside the NCCoE and other top Federal IT vendors on different approaches for implementing zero trust architectures. “We received an overwhelming response from the vendor community on this important project,” said Natalia Martin, acting director of the NCCoE, in the announcement. “Implementing a zero trust architecture has become a Federal cybersecurity mandate and a business imperative.” Top industry leaders will come together to demonstrate various approaches to implementing a zero trust architecture. These approaches will use a diverse mix of products and capabilities — and the effort will provide valuable "how to" guidance and lessons learned. As Federal employees continue to work from anywhere, and more and more applications move from inside the data center to outside the network perimeter, network and security teams are shifting their focus from securing the network to protecting users, devices, and business resources. As we like to say at Zscaler, zero trust is a team sport — and the NIST NCCoE is taking the initiative to bring together best-of-breed zero trust leaders. We’re committed to collaborating with customers and partners to demonstrate different, practical approaches to implement a zero trust architecture. As we know, no one solution fits every situation. Zscaler is honored to be a part of this coalition working side by side to realize the opportunity for zero trust to strengthen every agency’s cyber defenses. For more information, see NCCoE’s press release. Tue, 27 Juli 2021 07:00:02 -0700 Stephen Kovac https://www.zscaler.de/blogs/company-news/national-cybersecurity-center-excellence-nccoe-selects-zscaler-technology Zscaler Partners with Nozomi Networks to Extend Zero Trust Security to the Industrial Edge https://www.zscaler.de/blogs/company-news/zscaler-partners-nozomi-networks-extend-zero-trust-security-industrial-edge Zscaler is proud to announce a new partnership with OT/IoT security leader Nozomi Networks to address the emerging cyber threats to industrial infrastructure and remote connectivity challenges for the manufacturing, pharmaceutical, and energy industries. Our joint solutions extend zero trust to OT and IoT environments with a complete set of industrial cybersecurity controls, including network visibility, threat detection, remote access, and operational insights. Solving the OT remote access challenge Today, plant operations and OT system owners are transforming their networks to modernize operations and provide seamless and secure connectivity for their remote workforce. In the traditional approach, employees and third parties are connected to OT environments via virtual private networks (VPNs), which introduce significant security risks and complexity. In addition, unplanned downtime from cyber security incidents or network outages can cause serious harm to plants and personnel, resulting in revenue loss and reputational impact. As today’s work-from-anywhere world reshapes companies and industries in lasting ways, the old paradigm of building castle walls and a moat around your resources with legacy technology will soon become obsolete. Our new reality calls for a zero-trust approach when modernizing cybersecurity and accelerating the move to more secure remote access implementations for OT. Preventing operational disruption and downtime Together, Zscaler and Nozomi Networks provide OT security teams with highly secure remote access to their industrial networks for employees and third-party users, maximizing productivity and uptime. With Zscaler Private Access, you can remotely access the full Nozomi Networks solution including Guardian sensors and Vantage cloud-based management console. Choosing fully cloud-delivered OT security monitoring and zero trust network access solutions provides seamless, easy access from anywhere in the world, while eliminating the attack surface and significantly reducing the risk of a cyberattack. Sample Nozomi and Zscaler deployment architecture Joint benefits of Zscaler and Nozomi Networks: Connectivity – Control who and what connects to your OT and IoT edge networks for fast, seamless, and secure access to distributed operational infrastructure Visibility – See all assets and behavior on your OT and IoT networks, yielding unmatched contextual awareness ]Inspection – Detect cyber threats, vulnerabilities, risks, and anomalies with actionable analytics for faster response Integration – Unify security, visibility, and monitoring across all your assets for improved resiliency Protect and empower your anywhere workforce. Start with zero today. Introducing Zscaler and Nozomi Networks' joint industrial security solutions is very exciting for us. We’re working with OT and IT security professionals to help strengthen their cyber defenses and accelerate their digital transformation. Take advantage of our experts and tools designed to help you succeed in your zero trust journey. Read the partner brief Set up some time to meet with us Take our free attack surface assessment Related Links Webpage: What is OT Security? Webpage: Zscaler Secure Third Party Access for OT Systems Webpage: Nozomi Networks Solution Overview Blog: Nozomi Networks and Zscaler Deliver Zero Trust Remote Access Solution About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com Tue, 10 Aug 2021 06:00:01 -0700 Nicole Bucala https://www.zscaler.de/blogs/company-news/zscaler-partners-nozomi-networks-extend-zero-trust-security-industrial-edge Defense Innovation Unit Issues Success Memo to Zscaler https://www.zscaler.de/blogs/company-news/defense-innovation-unit-issues-success-memo-zscaler Today, we are proud to share that the Department of Defense (DoD) Defense Innovation Unit (DIU) announced that Zscaler successfully completed a Secure Cloud Management (SCM) prototype. The project launched in May 2020, and the evaluation confirms Zscaler can deliver fast, secure, and controlled access to SaaS cloud services directly over the Internet, simplifying DIU’s ability to engage with non-traditional technology vendors. A third party assessed the prototype using Defense Information Systems Agency (DISA)-developed criteria. DIU then issued a success memo to Zscaler, enabling Department of Defense (DoD) organizations to contract with vendors without needing to re-compete. “These solutions simplify engagement with non-traditional technology vendors by allowing DIU users to collaborate in real time. The solutions provide equivalent security and control to the DoD’s Cloud Access Point (CAP) while delivering real-time performance, which is critical for such things as videoconferencing and file sharing,” said John Chen, interim CIO for DIU. Zscaler is focused on giving customers access to modern, mission-critical applications, including those that require the most stringent security and work in some of the world’s most remote and challenging environments. “The DoD is working to strengthen cyber defenses on many fronts. DIU is exploring and testing new innovative approaches in security architecture. CMMC is in its final stages to improve security consistency to all contractors working with the federal government," said Patrick Perry, Director of Emerging Technology, Zscaler. "But, we have to approach things differently than in the past. Government as a whole can transform security by taking a user-centric approach, where the first priority is to protect the data, then provide secure access once contextual validation occurs, and finally applying appropriate security based on risk scoring – whether accessing the internet or applications that reside in an on-prem data center or using a cloud service." The Zscaler Zero Trust Exchange is consistent with the May 2021 Executive Order on Improving the Nation’s Cybersecurity, and with DISA’s recently published Zero Trust Reference Architecture. The DIU anticipates the project’s results will help inform DoD entities as they formulate their own zero trust plans. The Zero Trust Exchange platform includes Zscaler Private Access (ZPA), a FedRAMP-High JAB authorized network access service that connects trusted users directly to trusted cloud applications; and Zscaler Internet Access (ZIA), the first secure internet gateway solution to earn FedRAMP certification. ZIA is currently prioritized for FedRAMP-High JAB authorization. Benefits include: Zero attack surface – apps are never exposed to the internet; you can’t attack what you can’t see Direct connections to an app, not a network – segment of one, no exposure of any additional resources or data, no ability to move laterally or connect to C&C servers Proxy architecture, not passthrough – full content inspection including SSL; holds and inspects unknown files before reaching the endpoint Multitenant architecture – cloud-native, multi-tenant design; continuous security updates Secure Access Service Edge (SASE) – policy enforced at the edge in 150 DCs (SASE), peering in internet exchanges, hundreds of apps This project underscores the Pentagon’s continued modernization commitment. Maximum telework accelerated change and today, workforce expectations and needs continue to evolve. Cyber-adversaries continue to seek new ways to take advantage of vulnerabilities. Zero trust-based secure cloud access is core to the foundation for mission success. For more information, see the DIU’s press release here. Thu, 01 Juli 2021 17:22:54 -0700 Drew Schnabel https://www.zscaler.de/blogs/company-news/defense-innovation-unit-issues-success-memo-zscaler The Asia-Pacific Region is Moving Full Cloud Ahead https://www.zscaler.de/blogs/company-news/asia-pacific-region-moving-full-cloud-ahead Zenith Live APJ marks the end of what I believe was our most extensive and possibly our best Zenith Live to date. First of all, thank you to all our attendees, customers, partners, and speakers across the Asia-Pacific region whose enthusiasm and insights made this event as successful as it was. Zenith Live APJ featured two days of real-world accounts of business transformation, with keynotes, panels, demos, and training, leaving us all with a lot to explore further as we move forward together on our transformation journeys. With that in mind, I wanted to share a quick summary of this year's Zenith Live APJ so you can catch up on anything you may have missed. Let's begin with day one. Day one highlights Kicking things off was Zscaler CEO Jay Chaudhry, who started the conference by acknowledging how challenging last year was for IT teams around the globe. Yet, perseverance and quick thinking kept organizations running and employees working. He also touched on how the pandemic expedited the need to build modern infrastructures around zero trust. In Jay's words, "IT has proven time and again its resilience in not just adapting to change but being the catalyst for change." Continuing, he detailed how our cloud-native platform, the Zscaler Zero Trust Exchange, assisted countless customers in quickly transitioning to work-from-anywhere, while enabling new capabilities for the returning hybrid workforce. He highlighted the three ways the Zscaler platform is helping businesses transform. They include modernizing the workplace to enable work from anywhere, eliminating the attack surface to reduce risk by transforming security so that it can be everywhere, blocking cyberattacks, preventing data loss, and stopping lateral threat movement. You can watch Jay's keynote and many of the other sessions on-demand: zenithlive2021.com. Insights from APJ CXO panel Following Jay's opening remarks, I took the digital stage with top APJ CXOs, including Mohit Kapoor of Mahindra Group and Lucious Lubo of Tech Mahindra. During this CXO panel, I had the pleasure of chatting with both leaders about how they securely leveraged the power of the cloud to modernize their businesses, offer more products and services, and drive innovation, all while streamlining their digital footprints. Mohit and Lucious both cited security built around zero trust as a critical factor in their ability to modernize at the speed they did, allowing them to quickly scale secure app access for employees, partners, and customers. Moreover, both Mohit and Lucious spoke to me about the very real threats to their supply chain, factories, and manufacturing processes with the recent uptick in these sorts of attacks. With Zscaler, not only can they better protect these systems, but they can also identify and recover from threats in real time. Leading change: Women in IT Also, on day one was our fireside chat, Women in IT: Expanding Influence and Leading Change. Tanya Graham, Executive General Manager of Strategic Programs at Healthscope, joined Zscaler's Kavitha Mariappan for a candid conversation about C-level attainment and making an industry-wide impact by leveraging emotional intelligence, mentoring others, and conviction. During this session, both leaders touched on how you can advocate for inclusion by using your career story to inspire a new generation of leaders—and how all leaders can champion the creation of supportive and equitable workplace communities. Day two highlights Day two began with part two of "Innovating at the Speed of Cloud," with Amit Sinha, Steve House, and Tony Paterra. This session covered enhancements across the Zscaler platform, including inline and out-of-band CASB for better data protection and compliance. Moreover, they shared insight into security innovations, including more robust threat protection and expanded Cloud Browser Isolation capabilities in ZIA and ZPA services to isolate users and devices from potentially risky content. Customers provided powerful insights The morning continued with insights from Rasik Vekaria of BP, David Branik of DHL, and Andrew Baker of Absa group. During these inspiring sessions, all three leaders addressed how they improved business agility and resiliency despite the pandemic.. Each customer exec shared how they are using zero trust to successfully modernize their companies and deliver enhanced user experiences and improved security to their employees—regardless of location. All of us here in APJ are grateful to all the customers who joined us and spoke at Zenith Live in keynote sessions, panels, and technical breakout sessions. Thank you! ThreatLabZ keynote: Insights from the front lines of the world's largest security cloud Zscaler ThreatLabZ experts presented research into emerging attacks discovered and analyzed with our world's largest security cloud. The panel dissected recent attacks while sharing best practices on securing your enterprise from sophisticated threats targeting your software, supply chain, Microsoft Exchange servers, and more. That said, this session wasn't all doom and gloom. Deepen Desai detailed how Zscaler's disruptive protection suite unifies our industry-leading threat intelligence, world-class experts, and innovative technology to give you peace of mind from the most advanced attackers. Partners highlighted their commitment to secure transformation Creating a robust ecosystem of partners whose technologies complement the Zscaler Zero Trust Exchange is critical for successfully helping customers become more secure, agile, and resilient in the APJ region. Today's partner summit celebrated precisely that—a group of technology evangelists and leaders joining forces to continue the digital transformation momentum over the next year and beyond. This concludes Zenith Live APJ 2021 and what an event it was. On behalf of Zscaler, I would like to thank you for making this our best Zenith Live yet! We hope you found our speaker sessions, training, panels, and workshops informative and relevant as you continue moving full cloud ahead. If you missed Zenith Live, be sure to view sessions on demand: zenithlive2021.com We hope to see you next year! Wed, 23 Juni 2021 13:32:28 -0700 Scott Robertson https://www.zscaler.de/blogs/company-news/asia-pacific-region-moving-full-cloud-ahead Introducing New Partner Certifications and Learning Formats! https://www.zscaler.de/blogs/company-news/introducing-new-partner-certifications-and-learning-formats Introducing New Partner Certifications Zscaler is pleased to announce new pre-sales certifications featuring all-new content and interactive learning opportunities. These courses were specifically designed to give partners the chance to roll up their sleeves and uncover new ways to grow their business with Zscaler. At Zscaler, we believe our partners are crucial to our success. We recognize we must work in conjunction with our partners to spread the word about the possibilities of adopting a zero trust security model. Zscaler Certified Associate (ZCA) Zscaler Certified Associate overviews the goals and vision of Zscaler, including what we do, the value we offer customers, and our mission for future network and security transformation. Partners will learn how Zscaler is uniquely positioned to disrupt the status quo of hub-and-spoke network security and how to join us on the incredible journey. ZCA serves as a prerequisite for both the Zscaler Certified Sales Professional (ZCSP) and the Zscaler Certified Sales Engineer (ZCSE) certifications and replaces the existing Zscaler Certified Sales Specialist (ZCSS) certification. Zscaler Certified Sales Professional (ZCSP) Zscaler Certified Sales Professional is designed to familiarize partner sellers with how to best position Zscaler as the market’s leading network and cloud security solution. In this certification, partners will learn how to identify and qualify opportunities as well as the technical integrations we have in place to help you position Zscaler as part of a holistic solution. Partners will also dive into the four core product areas for the Zero Trust Exchange platform. The new ZCSP certification is valid for two years upon completion. Zscaler Certified Sales Engineer (ZCSE) This certification is built for those in pre-sales technical roles, specifically designed to get participants up to speed on how to best showcase Zscaler’s technical value and differentiation. In this certification, partners will take a deep dive into Zscaler’s core product offerings to understand the key capabilities of the zero trust platform and how customers can realize the benefits in their unique environments. Participants will also catch a glimpse into a security administrator’s experience, including policies, reporting tools, technical integrations, and the end-user experience. The new ZCSE certification is valid for two years upon completion. What are the Benefits of Becoming Zscaler Certified? Zscaler certifications are designed to arm partners with the most up-to-date information about our products, strategies, and thought leadership so they can effectively communicate the value of our end-to-end zero trust security platform. By becoming Zscaler certified, partners will increase their credibility with customers by helping them accelerate their highest priority IT initiatives, all while reducing cost and simplifying their environments. With Zscaler, partners can expect to expand their book of business by providing the holistic and integrated solution packages their customers want and need. If you are a partner looking to enroll in Zscaler Training & Certifications, log in to our Partner Portal at partners.zscaler.com and click on the Enablement tab. Tue, 22 Juni 2021 07:00:01 -0700 Rick Kickert https://www.zscaler.de/blogs/company-news/introducing-new-partner-certifications-and-learning-formats We’re Pleased to Announce our 2021 Partner Award Winners https://www.zscaler.de/blogs/company-news/were-pleased-announce-our-2021-partner-award-winners This year we’re celebrating our very first Zscaler Partner Awards, honoring our “zero trust heroes” who’ve gone above and beyond in their partnership with Zscaler to help our mutual customers embrace digital transformation. Who’ll be taking home the trophies? Let’s find out! Americas Partner of the Year Like all of the awards announced, selecting a winner is the result of in-depth deliberation. With that said, the Americas Partner of the Year winner leads with transformation and leverages this principle to build strong customer relationships with advisory consulting. This partner also is being recognized for approaching zero trust with a focus on identity-based security policies rather than network. Therefore, we’re happy to announce that OPTIV is the Zscaler Americas Partner of the Year. APJ Partner of the Year Our APJ Partner of the Year winner signed a global contract with Zscaler in 2018, and the level of executive and field engagement continues to be outstanding, significantly contributing to Zscaler’s reach and success in this region. With the highest number of Zscaler certifications globally, this partner delivers strong partner-sourced performance in Japan by landing both domestic and global accounts. Our APJ Partner of the Year is NTT Communications Corporation. EMEA Partner of the Year Our EMEA Partner of the Year was entirely self-sufficient from pipeline generation through proof-of-value. By investing in Zscaler Certifications to up-level their technical expertise, and by hosting quarterly webinar campaigns yielding an average of ten new leads per quarter, Avantec AG has been selected as our EMEA Partner of the Year. Public Sector Partner of the Year With a focus on new business meetings and consistently executing interlocks and integrated field engagements, our Public Sector Partner of the Year consistently exceeds business objectives—especially when delivering Zscaler services to key strategic accounts. Our Public Sector Partner of the Year is ThunderCat Technology. Global Solution Integrator Partner of the Year As one of our most prominent end-user customers, this partner leverages ZIA and ZPA to enable their employees to work securely from anywhere. In addition, Zscaler is this partner’s exclusive GTM partner for web security and zero trust, and closed several large new logos across several verticals last year. As an outstanding partner in Central Europe with expansion plans to other regions, Zscaler’s Global System Integrator Partner of the Year is Tata Consultancy Services. Services Partner of the Year Over the last year, this partner has subcontracted and delivered on a large number of projects and offers a robust set of U.S. federal and commercial expertise. More notable is that most of this partner’s deployments are completed in 90 days or less, with consistently high customer satisfaction ratings. Our Services Partner of the Year is Ridge IT. Service Provider Partner of the Year This year’s winner is our second-largest global partner for new sourced business, growing even more in 2020 and delivering balanced performance across all regions. This partner also landed two of our five largest sourced ZIA deals. Our Service Provider Partner of the Year is Verizon. Zero Trust Technology Partner of the Year Microsoft has been out in front of the industry in its call for the adoption of zero trust to enable the modern workplace, close security gaps, and accelerate digital transformation. It is closely aligned with Zscaler in the belief that zero trust isn’t a single solution, but rather a strategy that should extend across a company’s digital estate. Microsoft is on its own zero trust journey, applying the principles of least-privileged access, explicit authentication, and the prevention of lateral movement across its ecosystem, while educating customers about these key requirements to help them improve their security postures as they move to the cloud and support a mobile workforce. Congratulations to Microsoft, our Zero Trust Technology Partner of the Year. The Go-to-Market Technology Partner of the Year One of our top GTM Technology Partners, this partner helps us deliver incredible value to large global organizations. This award recognizes our relentless focus on securing work beyond the perimeter and co-developed innovations, enabling our customers to seamlessly and securely shift to remote and hybrid work. Congratulations to our Go-to-Market Partner of the Year, CrowdStrike. Customer-Centric Technology Partner of the Year This award recognizes our shared commitment to customer obsession and improving customer experiences, which is reimagining how businesses can drive successful outcomes and reduce costs, while balancing security with user experience. Congratulations to the team at AWS. Congratulations to all of our winners! Thank you for your continued partnership and driving success with our joint customers. For more information on our Summit partner program visit partners.zscaler.com and watch the replay of Partner Summit at Zenith Live. Mon, 21 Juni 2021 08:40:53 -0700 Punit Minocha https://www.zscaler.de/blogs/company-news/were-pleased-announce-our-2021-partner-award-winners Zenith Live EMEA is a Wrap! https://www.zscaler.de/blogs/company-news/zenith-live-emea-wrap Another Zenith Live is in the books, and we’re proud to say this was our biggest event and arguably our best one yet. While we wish we could have gathered together in person, the sense of community, engagement, and enthusiasm displayed by attendees, customers, partners, and speakers brought this event together. Two days of real-life transformation stories, keynotes, panels, demos, and training leave us all with a lot to unpack and take with us as we move forward together on our transformation journeys. With that in mind, we wanted to share a quick summary of this year’s Zenith Live so you can catch up on anything you may have missed. (Many sessions are available on demand here.) Day one highlights Zscaler CEO Jay Chaudhry opened the conference by congratulating the entire IT community for its heroic work last year, keeping their organizations operating and employees working, while highlighting how the pandemic accelerated the need for a modern digital infrastructure based on zero trust. In Jay's words, "IT has proven time and again its resilience in not just adapting to change but being the catalyst for change." He explained how the Zscaler Zero Trust Exchange, our cloud-native platform that powers all Zscaler services, helped many customers through the transition to work from home and is now enabling new capabilities. The Zero Trust Exchange is helping customers accelerate transformation in three ways: by modernizing the workplace to enable work from anywhere, by eliminating the attack surface to reduce risk, and by transforming security so that it can be everywhere, blocking cyberattacks, preventing data loss, and eliminating lateral threat movement. You can watch Jay’s keynote and many of the other sessions on demand: zenithlive2021.com Following his opening remarks, Jay was joined by Karl Hoods, Chief Digital Information Officer at the UK’s department for business, energy, and industrial strategy, for the CIO Perspective Panel. They discussed how CIOs are tasked with transforming all aspects of the business and are now empowered to lead a range of initiatives. Karl also explained some of the challenges his organization faced when tasked with quickly and securely providing efficient work-from-anywhere experiences. In another illuminating discussion, Gulay Stelzmullner of Allianz Technology, Petek Ergul of HSBC, and Alissa Choong of Shell joined Zscaler EVP Kavitha Mariappan for the Women in IT panel. In this fireside chat, they discussed what truly lies beyond C-level attainment, including creating and mentoring tech leaders, championing diversity and inclusion, and making an industry-wide impact. All four leaders shared personal stories of how they used their conviction to succeed in the transformative roles they hold today. Day two highlights Day two opened with the second installment of “Innovating at the Speed of Cloud," with Amit Sinha, Steve House, and Tony Paterra describing enhancements across the Zscaler platform. Some of them included inline and out-of-band CASB for better data protection and compliance. Security innovations include the first zero trust solution to include active defense, an exciting approach to cybercrime prevention, and we have expanded Cloud Browser Isolation capabilities in both the ZIA and ZPA services to isolate users and devices from potentially risky content. Customers provided powerful insights The morning continued with a CISO panel featuring Andrew Vautier of Accenture and Angelique Grado of Technip FMC, who joined Zscaler’s Yogi Chandiramani to address how today’s new hybrid work model may continue indefinitely, and what this means for security teams. In an enlightening discussion, the CISO panel cited the alignment of security and business objectives as a must—in other words, the role of the CISO needs to evolve to straddle both the technical and operational aspects of leveraging zero trust to support new business initiatives and deliver tangible success. The conversation around elevating IT as a key business enabler continued with the CTO panel. An underlying theme of this year's Zenith Live was embracing zero trust to improve business agility and resiliency to support the needs of today's hybrid workforces. According to our expert panel, including Zscaler's Nathan Howe, Mondi Group's Thomas Vavra, and Richemont International's Eduardo Grilo, the CTO's job is to create a fast, secure user experience for employees both returning to the office and working remotely. Our customer keynotes included four leaders whose companies have built resilience and agility within their businesses despite COVID-19 setbacks. Claude Pierre of Engie, Alain Delava, also of Engie, Sebastian Kemi of Sandvik, and Andrew Baker of Absa Group shared differing stories but their insights were similar, particularly when it came to the use of zero trust to successfully modernize their companies to enable modern workforce with a great user experience and enhanced security. We are grateful to all the customers who joined us and spoke at Zenith Live in keynote sessions, in panels, and in our technical breakout sessions. Thank you! Dear partners, Zenith Live wouldn’t be Zenith Live without you By joining with technology leaders whose services are complementary to the Zscaler Zero Trust Exchange, we can provide customers with integrated solutions that enable them to become more secure, resilient, and agile. With our partners, we have formed a strong ecosystem of future-forward thought leadership, strategy, and technology. Today’s partner summit celebrated exactly that—a group of technology evangelists and leaders joining forces to continue the digital transformation momentum over the next year and beyond. That’s all folks, see you at Zenith Live 2022! This concludes Zenith Live EMEA 2021, and what an event it was. Zscaler thanks you for making this our best Zenith Live yet! We hope you found our speaker sessions, training, panels, and workshops informative and relevant as you move full cloud ahead. If you missed Zenith Live, be sure to view its illuminating sessions on demand. zenithlive2021.com We hope to see you next year! Thu, 17 Juni 2021 12:43:27 -0700 Ismail Elmas https://www.zscaler.de/blogs/company-news/zenith-live-emea-wrap What our Latest Glassdoor Award Means to Zscaler https://www.zscaler.de/blogs/company-news/what-our-latest-glassdoor-award-means-zscaler I just learned that Zscaler’s CEO, Jay Chaudhry, has been named one of the Top 100 CEOs by Glassdoor. The award is based on a rating system submitted by employees and, for that reason, above all, I am thrilled for Jay. But I’m not all that surprised. This company has grown a lot, especially in the last year, but the company’s culture and its values that were defined by Jay more than a dozen years ago continue to inform our practices every day. What I’ve found inspiring about these values is that they are dynamic, helping us grow during changing times while staying true to our corporate ethos. As it can be said for most companies, these past 15 months have provided a case study in change. There was the rapid switch to remote work, of course, but between March 2020 and now, we also doubled our staff size, welcoming more than 1,500 new employees to the company. And while things were moving fast on multiple levels—especially supporting our customers as they transitioned their employees to remote work—Zscaler leaders paid close attention to our employees—connecting, listening, and learning about how they were feeling. We developed a range of programs to support them, help them engage with others through resource groups, and take breaks for exercise, games, or meditation. And we instituted occasional company-wide days off. We have also developed a self-service management microsite with training and skills development in partnership with Coursera and other platforms. This program, Leading at Z, is well underway, helping managers at any stage of their careers enhance their skills and develop new ones. Another program is under development for all Zscaler employees, called Succeeding at Z, to support everyone in their professional growth, so they can achieve their own definition of success. We’ve learned a lot from employees and we’ve tried to introduce programs and practices that address their concerns about work-life balance, mental and physical health, and the importance of family time and time off, and the benefit of upward mobility. It’s gratifying to see the company’s efforts reflected in employees’ reviews of Jay as the company’s leader. I’m coming up on my first-year anniversary at Zscaler and, even in this timeframe, I can see a more mature company emerging. It has a lot to do with growth, but I believe it has even more to do with the leadership team, which has always been closely aligned on the vision of building a great and lasting company. Realizing this vision requires the hiring and retention of exceptional people across the company who are excited to be here and are passionate about what we are all trying to achieve on behalf of our customers. Though the company is changing, its founding values have never changed. I believe that is why Jay is being recognized now as a top CEO, and why Zscaler will, indeed, become a great and lasting company. Here are those values: Teamwork: We celebrate together. We openly share information. We move as one. We value serving others over personal prestige. We value humility over ego by showing respect and recognizing the truth in all situations. Humble leadership empowers our employees to speak their mind and innovate. Open communication (candor over politics): We have open discussions about what’s right and what’s wrong. Put another way, we don’t enable politics. We value real feedback and relationships built upon honesty and trust. Passion (over self-interest): We are fiercely passionate about our work, our company, our colleagues, our customers, and our partners. We put grit over image, that unique combination of passion, courage, and long-term perseverance over innate talent and intelligence. Innovation: We are driven to not only innovate cloud transformation through our products but to also innovate in our jobs, whether an engineer, marketer, salesperson, or lawyer. Customer obsession: We are, above all else, obsessed about our customers’ success. Everything we do is about helping our customers succeed in their business transformation to the cloud. Part of this, too, is valuing results over activity. Join us! Zscaler continues to seek people who share these values. Please visit our careers page to learn more. Thu, 17 Juni 2021 08:01:08 -0700 Sandi Lurie https://www.zscaler.de/blogs/company-news/what-our-latest-glassdoor-award-means-zscaler Zscaler Customers Are Moving Full Cloud Ahead https://www.zscaler.de/blogs/company-news/zscaler-customers-are-moving-full-cloud-ahead What an incredible conclusion to day one of our fourth annual Zenith Live virtual conference! It was an honor to share the stage with my colleagues, guest luminaries, and our marquee multinational customers, BP and DHL. We reached a new record with more than 15,000 registrants committing two days to learn how organizations globally are adopting zero trust to rapidly secure work-from-anywhere, prevent cyberthreats and data loss, and improve the digital experience for users everywhere. Zero trust is accelerating transformation The cloud and mobility have been agents of change, empowering organizations to harness the speed and agility they need to remain competitive. The pandemic didn’t change this trajectory, but it did accelerate it. As organizations scaled remote access for most of their employees, those that had the greatest success had already begun their zero trust journeys. It was inspiring to hear customers describe how zero trust helped them through the crisis, and is now empowering their businesses to speed the development of new products and services, become more productive and collaborative, and protect their data, all in a way that simplifies IT. That, to me, is the definition of a modern organization. In my keynote, I described how the Zscaler Zero Trust Exchange, our cloud-native platform that powers all Zscaler services, is helping customers accelerate transformation in three critical ways. The first is by enabling workplace modernization, which means that employees can work from anywhere, securely, with a fast, streamlined user experience. The Zero Trust Exchange also enables network transformation with fast, secure, direct-to-cloud connections that simplify branch connectivity and eliminate costly wide area networks. And it powers security transformation to prevent cyberthreats, prevent data loss, and eliminate the risk of lateral threat movement. Customers provided the most inspiring moments at Zenith Live When customers get up and talk about their experiences, we know that’s when audience members pay especially close attention. Our customers can speak to the types of challenges each attendee is likely to face at one point or another. I am so grateful for all the customers who are participating this year in Zenith Live keynotes, CXO panels, our Women in IT exchange, and the many who joined in our technical breakouts to discuss their Zscaler implementations and experiences with our services. For BP, IT is building a more agile company This morning I spoke with Rasik Vekaria of BP, a company with 70,000 employees and operations in 120 countries. He described BP’s journey to zero trust. “For me, a zero trust architecture was critical to what we do from a security standpoint. This means, I don't care if you're on the network, in the network, around the network, over the network—we treat everything as if it’s compromised.” That approach, that mindset, is the crux of zero trust. If you assume that everything is compromised, you won’t let anything on your network. You inspect all traffic, coming and going, even if it’s encrypted, to prevent attacks and data loss. And you make your applications invisible to the internet to eliminate the attack surface. DHL is making every connection fast, simple, and secure Later in the morning, Zscaler’s VP of Emerging Technology, Nathan Howe, spoke with DHL’s VP and Head of Telecoms, David Branik. DHL has operations in almost every country, with third-party partners around the world, remote employees using a range of devices, customers accessing their data in real time, creating an incredibly complex task for the IT team. David spoke of the need to make access fast and simple for every type of user: “It's almost like...when you go and plug in something into the wall circuit, you expect that the electricity is there. You don't want to think about what's behind it. And I think, from a network perspective, it's virtually the same thing.” At Zscaler, we agree that the experience for any type of user should be frictionless, and it should be the same no matter where the user is connecting. User experience must be a business imperative. See you tomorrow for more announcements, demos, and customer stories Tomorrow, I look forward to hearing from Bruce Lee of Centene, a company that has grown tenfold—from 8,000 employees to 80,000—in ten years. With much of that growth through mergers and acquisitions, I know that Bruce will touch on the complexity the company faced, and how zero trust is enabling them to accelerate M&As from years to months to weeks. In case you missed any of today’s sessions, we will make recordings available soon. And Zenith Live 2021 (Americas) continues tomorrow at 8:30 AM PDT, while day one of Zenith Live in the European (EMEA) region kicks off at 8:30 BST. There is much more in store for Zenith Live day two. In addition to Wednesday’s keynotes, customer panels, executive panels, and guest speakers, the virtual conference continues with architecture workshops, technical deep dives, and countless other opportunities to roll up your sleeves and go full cloud ahead. I hope to see you there. Tue, 15 Juni 2021 20:13:46 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/zscaler-customers-are-moving-full-cloud-ahead A Powerful Combination: Active Defense, the Bridge to Zero Trust https://www.zscaler.de/blogs/company-news/powerful-combination-active-defense-bridge-zero-trust The end of May marked a monumental juncture for Zscaler as we continued to extend the company’s cybersecurity reach with our intent to acquire Smokescreen Technologies, a leader in active defense technology. This week, I am excited to report that the Smokescreen deal has closed, and we are proceeding to integrate its leading-edge active defense capabilities into the Zscaler Zero Trust Exchange. In contrast to traditional network traffic analysis tools, which are noisy and prone to false positives, active defense uses elaborate decoys and honeytraps to block the most sophisticated threats with high accuracy as attackers attempt to traverse corporate networks. The appeal of active defense is how it turns the tables on would-be attackers. Security teams don’t have to hunt for network threats, rather the bad actors are lured to honeytraps, dramatically slowing their progression in order for security teams to quarantine the threats. While the ultimate answer is to migrate to a zero trust architecture, thus eliminating the risk of network access, active defense is founded on the similar concept of trusting nothing and assumes that the network is already breached. This offers organizations a pragmatic path to zero trust and provides a simple yet effective way for them to identify and remove attackers who may already be expanding laterally and compromising resources on the corporate network. I invite you to learn more about Smokescreen’s active defense technology at Zenith Live 2021. The Zscaler ThreatLabZ experts will also share in-depth research into emerging attacks, dissect recent attack chains, and provide clear guidance on how to better secure your enterprise from sophisticated threats targeting your software supply chain. You’ll also get an exclusive preview into Zscaler’s protection suite, which unifies our threat intelligence, cybersecurity experts, and innovative technology to help defend your organization against the most advanced attackers. Forward-Looking Statements Blog posts on this site may contain forward-looking statements that are based on beliefs, assumptions and on information currently available to our management. These statements, including but not limited to statements relating to our products, customers, business development activities and business results, are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. You can identify these forward-looking statements by terminology such as “will,” “expects,” “believes,” “anticipates,” “intends,” “estimates” and similar statements. A significant number of factors could cause actual results to differ materially from statements made in blog posts on this site. Additional risks and uncertainties are set forth in our filings made with the Securities and Exchange Commission (“SEC”), which are available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in these blogs are based on the limited information currently available to Zscaler as of the date thereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Mon, 07 Juni 2021 12:44:09 -0700 Jay Chaudhry https://www.zscaler.de/blogs/company-news/powerful-combination-active-defense-bridge-zero-trust Zscaler is the 2021 Zero Trust Champion at Microsoft’s 20/20 Partner Awards Ceremony https://www.zscaler.de/blogs/company-news/zscaler-2021-zero-trust-champion-microsofts-2020-partner-awards-ceremony In my previous blog, I was proud to share that Zscaler was nominated for two awards from the Microsoft community, including the Zero Trust Champion of the year. On May 12, Microsoft announced the award winners at its 20/20 Partner Awards ceremony, a prestigious event recognizing industry excellence in a number of key areas. I couldn’t be more grateful to the Microsoft community to announce that Zscaler has won the Zero Trust Champion of the Year award, beating out a strong field of competitors. This award validates our forward-looking vision and the significant innovation behind our zero trust architecture, which is reimagining how leading enterprises safeguard their digital business in today’s mobile and cloud-first world. This recognition comes on the heels of the landmark Executive Order on Federal Cybersecurity from the Biden Administration that puts zero trust at the forefront of both public and private efforts to transform security to become more agile, resilient, and significantly reduce risk. We believe wholeheartedly in three fundamental principles of zero trust: Zero trust has generated a massive amount of noise across the industry for good reason—it’s the only way to disrupt the attack equation and get ahead of highly intelligent, rapidly evolving adversaries. With users, data, and applications everywhere, there needs to be a different approach; one that is cloud-native, optimized for the needs of the modern enterprise, and adaptable to the ever-changing threat landscape. Zscaler believes a true zero trust architecture must be built on the following three tenets: Zero network access: connect users to apps, not corporate networks to prevent lateral movement. Zero attack surface: make apps invisible so they can’t be attacked. Zero passthrough connections: deny all privileges; utilize a proxy architecture for better cyberthreat prevention and data protection. It has become evident that legacy network security architectures can’t deliver on the promise of zero trust, as adapting traditional solutions to this new era introduces massive complexity and cost without improving security. The Microsoft Zero Trust Champion of the Year award recognizes Zscaler’s approach to delivering a comprehensive zero trust architecture, one made all the more meaningful by being selected by the Microsoft Intelligent Security Association (MISA) members who were solely responsible for voting on this year’s winners. Together with Microsoft, we will continue to deliver exceptional security outcomes to our customers, built on a foundation of the industry’s leading zero trust architecture, the Zscaler Zero Trust Exchange. Thank you to the MISA members and Microsoft for this honor. Recognition amongst our peers in the industry is humbling, and we are grateful for your confidence in our strategy and execution of providing zero trust to our customers. Don’t miss our joint breakout session at Zenith Live In a few weeks, Zscaler will be hosting its virtual Zenith Live conference, with this year’s theme being Full Cloud Ahead. In our joint session, you will hear from experts at Zscaler and Microsoft about actionable cloud-based zero trust solutions and crucial strategies to stay ahead of today’s most advanced threats. Our experts will discuss the strategies and technologies required for a true zero trust architecture and how you can make zero trust a reality for your organization. Register for Zenith Live here: zscaler.com/zenithlive We hope to see you there! Thank you again to Microsoft and the Microsoft Intelligent Security Association for this opportunity and recognition. Mon, 17 Mai 2021 15:07:00 -0700 Punit Minocha https://www.zscaler.de/blogs/company-news/zscaler-2021-zero-trust-champion-microsofts-2020-partner-awards-ceremony The New Cybersecurity Executive Order https://www.zscaler.de/blogs/company-news/new-cybersecurity-executive-order The Biden Administration’s new Executive Order on Federal Cybersecurity underscores a growing understanding of cyber vulnerabilities and IT’s vital role in every Federal program and mission. The EO outlines a number of actions, including a significant directive for the Department of Homeland Security to develop a federal cloud security strategy that moves the federal government closer to a true centralized enterprise model based on the principles of zero trust. We had Cloud First, and then Cloud Smart. The new Executive Order moves us into the era of Cloud Secure. Under the new EO, CISA will develop a federal cloud service governance framework; CISA and FedRAMP will together establish a framework to coordinate and collaborate on cybersecurity and incident response activity related to cloud services. And, the new EO includes steps to ensure new levels of software supply chain security -- requirements Zscaler already meets -- that collectively will reduce risks to federal programs, infrastructure, and national security. We are encouraged to see the focus on developing cloud security strategies, technical reference architectures, cloud governance security frameworks. Additionally, we strongly agree that zero trust is a critical and urgent need for effective cybersecurity in the face of evolving threats. It is also critical that we embrace the important cloud security frameworks that FedRAMP and CISA have built, including the Trusted Internet Connection (TIC) 3.0 guidance, as they will shepherd us into the new Cloud Secure era. Zscaler’s Zero Trust Exchange is a powerful tool for agencies as they move forward with their zero trust plans, supporting efforts to work-from-anywhere and access data from anywhere, whether in a sanctioned or unsanctioned environment by securely connecting users, devices, and applications. Core components currently supporting more than 100 federal agencies and federal integration partners include: Zscaler Private Access (ZPA™) which has achieved FedRAMP-High JAB Authorization Zscaler Internet Access (ZIA™) which has achieved FedRAMP “In Process” status at the High Impact level, sponsored by a U.S. Department of Defense (DoD) Command and prioritized for Joint Authorization Board (JAB) authorization currently (authorized at the Moderate Impact Level) Zscaler’s Zero Trust Exchange enables dynamic, context-based access controls to secure cloud transformation and change how agencies defend against modern attacks. Unlike legacy network security approaches that expose applications and open the door for lateral movement, Zscaler: Connects users and devices to apps, not networks, to eliminate lateral threat movement. Makes applications and users invisible to the internet, thus reducing the attack surface. Uses a proxy architecture, not a passthrough firewall, enabling full content inspection and security, including encrypted traffic. We are also encouraged to see the call for improved endpoint detection and response. You can’t manage what you can’t see, and this step is a critical foundation to enabling improved threat information sharing. Zscaler partners with Crowdstrike, a leader in cloud-delivered endpoint protection. CrowdStrike’s AI-powered Threat Graph integrates with Zscaler’s cloud security platform to provide customers with real-time threat detection and automated policy enforcement. Over the past ten years, private industry has spent billions of dollars securing the cloud. And, we’ve seen CISA and FedRAMP take advantage of industry partners and knowledge. The public sector can build on this foundation (rather than re-creating the wheel on programs like TIC 3.0, CMMC, etc.) -- it’s great to see the focus on collaboration. Federal digital transformation dramatically accelerated through the pandemic, and we now have an urgent need to accelerate cybersecurity modernization, including industry best practices like Zero Trust Security. The goals set forth in the EO are ambitious, but we can meet them with strong public/private collaboration and coordination across government as we enter this new Cloud Secure era. We applaud the Administration for launching this all-of-America effort. Join us for our webinar “Strategies for Creating Your Agency’s Zero Trust Playbook” on Wednesday, May 19th to learn actionable steps that you can take to advance your organization’s Zero Trust strategy and deployment. We’ll also be sharing several frameworks to help achieve the targets of the executive order at Zscaler’s upcoming virtual Zenith Live event - register for free today. Thu, 13 Mai 2021 08:22:19 -0700 Stephen Kovac https://www.zscaler.de/blogs/company-news/new-cybersecurity-executive-order Partnership with Steel Root to Support CMMC Requirements for Defense Contractors https://www.zscaler.de/blogs/company-news/partnership-steel-root-support-cmmc-requirements-defense-contractors In an effort to strengthen federal supply chain security, it will be necessary for more than 300,000 defense contractors to meet Cybersecurity Maturity Model Certification (CMMC) requirements over the next five years, demonstrating they can protect Controlled Unclassified Information (CUI). While CMMC launched prior to the SolarWinds attack, the massive breach underscores the hard requirement to improve and normalize cyber requirements for the organizations that support federal missions. Not only will CMMC be required on all new DoD contracts, but the DoD will also leverage third-party assessments and certifications to ensure these requirements are being met. This contrasts with the status quo, in which contractors are expected to protect CUI on their own accord, meeting their own internal compliance standards. Steel Root, a leading cybersecurity services firm specializing in compliance for the U.S. Defense Industrial Base, and Zscaler recently announced a partnership to help defense contractors prepare for CMMC certification. Commenting on this partnership, Steel Root Managing Partner Mike Nestor says, “Zscaler is a disruptive force in cloud-based security and has been validated year over year as the only leader in Gartner’s Magic Quadrant for Secure Web Gateways.” He continued, “When the FedRAMP authorization for Zscaler Internet Access was announced in 2020, we immediately recognized the solution as a required component in the cloud-native systems we design and implement. It’s the only zero trust secure access solution in the market that can meet our clients’ compliance requirements.” As the only SASE solution provider to meet the defense industry's most stringent security requirements (FIPS 140-2, validated cryptography, and FedRAMP authorization for cloud services), Zscaler is focused on bringing the most secure cloud-based security services to DoD organizations and the larger defense industrial base community. Steel Root understands the importance of a cloud-first, future-ready strategy, and provides highly effective guidance and implementation services supporting defense contractors as they prepare for CMMC—which is why our partnership with Steel Root furthers our commitment to helping federal organizations improve their cybersecurity posture. As DoD contractors proactively consider how their organizations can achieve the highest level of cloud accreditation through CMMC, they should look to leverage cloud security platforms that have already achieved FedRAMP-High authorization, such as Zscaler’s FedRAMP-High Zero Trust Exchange. Together, Zscaler and Steel Root provide both guidance and implementation services for defense contractors as they prepare for CMMC. As, a result, contractors can focus on supporting DoD missions—and together, the defense community can take steps forward to mature cyber defenses. Mon, 26 Apr 2021 08:00:01 -0700 Drew Schnabel https://www.zscaler.de/blogs/company-news/partnership-steel-root-support-cmmc-requirements-defense-contractors Achieve True Zero Trust with Zscaler and Splunk https://www.zscaler.de/blogs/company-news/achieve-true-zero-trust-zscaler-and-splunk Zscaler is proud to announce our zero trust partnership with Splunk, giving security analysts more ways to incorporate telemetry from our world-class Zero Trust Exchange into their workflows and strategies. Together, our tightly integrated, best-of-breed cloud security and security analytics platforms deliver unmatched zero trust capabilities for the modern, cloud-first enterprise. Zero trust is based on the notion that a breach is inevitable or has likely already occurred, and therefore any and all access to resources should be limited to the least amount possible for users to be able to do their jobs. This involves segmentation, risk-based access controls, continuous authentication and monitoring, and dynamic coordination between security controls. Citing guidance from the National Security Agency (NSA), “to be fully effective to minimize risk and enable robust and timely responses, zero trust principles and concepts must permeate most aspects of the network and its operations ecosystem.” Zscaler and Splunk work together to do just that. Zscaler’s cloud-native proxy architecture eliminates unnecessary exposure and provides rich data and increased visibility for the SecOps team. With a direct-to-cloud architecture, security teams can ensure that policy is being applied across every transaction; meanwhile, they get boosted insight into users, data, and apps. The zero trust benefits of Zscaler include: Zero attack surface – apps are never exposed to the internet; you can’t attack what you can’t see Direct connections to an app, not a network – segment of one, no exposure of any additional resources or data, no ability to move laterally or connect to C&C servers Proxy architecture, not pass-through – full content inspection including SSL; holds and inspects unknown files before reaching the endpoint Multi-tenant architecture – cloud-native, multi-tenant design; continuous security updates Secure Access Service Edge (SASE) – policy enforced at the edge in 150 DCs (SASE), peering in internet exchanges, hundreds of apps Splunk, meanwhile, provides SecOps teams with centralized log ingestion and analytics to monitor and correlate activities across the entire security environment – including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards – and provides visibility into zero trust with a zero trust analytics dashboard. Further, Splunk Phantom can orchestrate policy, allowlist/denylist, and remediation actions using Zscaler’s API. Splunk delivers: Logging, normalization, correlation, and enrichment of data from your entire security infrastructure in Splunk including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards Robust analytics including Risk Based Alerting (RBA) and User and Entity Behavior Analysis (UEBA) to identify suspicious/malicious behaviors A centralized single pane of glass to remediate incidents Zero trust analytics dashboards that incorporate data from multiple sources, including Zscaler, to provide end-to-end visibility Automation and orchestration of triage, investigation, and response to stop threat actors before they can do damage Centralized security controls and policy management, which can be used to enact changes to the Zscaler platform in addition to other tools Accelerate time-to-value with Cloud NSS log streaming Cloud NSS is Zscaler's innovative new cloud-to-cloud data streaming service that makes it even faster and easier to deploy, manage, and scale log ingestion from Zscaler to Splunk Cloud. This service enables native ingestion of Zscaler’s rich cloud security telemetry to enrich investigation and threat hunting for cloud-first organizations – and is configurable in a matter of clicks. Splunk Cloud correlates the Zscaler telemetry with an organization’s other high-value data sources, providing full visibility into actionable data for investigations within one centralized console. Zscaler’s cloud-native security architecture dramatically reduces the attack surface and provides full inline scanning and analytics, and sends high-resolution telemetry logs directly to Splunk using the cloud-to-cloud log streaming service. The Zscaler app for Splunk further allows for SecOps teams to visualize Zscaler’s threat protection with detailed dashboards and prebuilt queries. Customers benefit from: Fast, reliable integration: Get immediate visibility with pre-built integrations. Splunk and Zscaler work together seamlessly, with high-resolution telemetry data normalized and ingested directly into Splunk. Increase reliability and scalability by sending all logs directly to Splunk via the Splunk HTTP Event Collector with no middleware. Simplified Management: No additional appliances to manage for logging. Direct cloud-to-cloud integration is managed by Zscaler and Splunk. Let your analysts spend more time on preventing, investigating, and mitigating threats and less time on administering logging pipelines. We are extremely excited to offer our customers the benefits of this partnership with Splunk, and look forward to continued collaboration on zero trust. To learn more, check out the Zscaler + Splunk solution brief. If you're already a Zscaler and Splunk customer, download the Zscaler App for Splunk from Splunkbase today. Mon, 26 Apr 2021 09:00:01 -0700 Mark Brozek https://www.zscaler.de/blogs/company-news/achieve-true-zero-trust-zscaler-and-splunk