Architect Internet Connectivity to Improve Security Posture, Reduce Latency, and Save Money

Mark Snodgrassby Mark Snodgrass

During the last 30 years that I have been running global infrastructure it seems as though the network has always been under-provisioned and inflexible, and at the same time too expensive and insecure. Especially for Internet connectivity. Bandwidth was finite and expensive, and latency poor. With Internet connectivity, there was a dilemma between widely distributed local connectivity or backhauling all Internet traffic to Head Office for inspection and control though a central ingress/egress location.

Local connectivity required a plethora of security appliances at multiple locations to protect users and the firm with significant cost and complexity at each point, or skimping on those appliances to avoid cost. In many cases, there was no central control of the perimeter connectivity leading to an inconsistent, and possibly porous and insecure network.

Backhauling involved significant bandwidth expense to route traffic through a limited set of Internet gateways, with the consequent latency and bandwidth constraints giving users a very poor corporate Internet experience, and the company footing a large circuit expense. This is an even more acute problem for companies with widely dispersed locations where data circuits are expensive.

In both cases, local and backhauling Internet connectivity, significant latency was added due to the multiple hops between different appliances in the DMZ, with each appliance performing its inspection and protection in sequence.

As enterprises struggled with this choice, users at home have seen massive increases in available bandwidth for streaming Netflix, Amazon Video and other apps, while wondering why corporate could not seem to manage Internet connectivity properly.

These issues become more acute as companies adopt Cloud-based applications, which drives more traffic through their already stretched Internet gateways. So what should companies do?

Enter ZScaler

ZScaler has a different architecture which allows each local site or user to connect directly to the Internet while still maintaining the visibility and control associated with having local protection appliances - without the appliances. This is important. Each site or user experiences the best bandwidth and latency the local Internet provider can provide, and the corporate controls are maintained. Inspection and control is performed in the Zscaler cloud, which is peered directly to the Internet Exchange.

Bandwidth previously dedicated to back-hauling Internet traffic can be released, reducing network circuit expenses considerably. In addition, with the bandwidth visibility and controls available with ZScaler, companies can control bandwidth allocation to social media sites, ensuring business aligned Internet bandwidth is available to Cloud-based applications when required.

And since Zscaler is a true integrated cloud based platform for Internet Security as a Service, all the other benefits you typically associate with carrier-class cloud services apply:

It is clear that companies moving to the Cloud need to think carefully about their network and adjust their architecture to enable performance and security at a reasonable cost. Hararei can help companies plan and adopt ZScaler and other Cloud Edge solutions. Contact us for a no obligation consultation on how Hararei can help your company transform your network and security to increase performance, improve productivity, and reduce risks and costs.

 Original Article     Hararei Blog