Architect Internet Connectivity to Improve Security Posture, Reduce Latency, and Save Money
by Mark Snodgrass
During the last 30 years that I have been running global infrastructure it seems as though the network has always been
under-provisioned and inflexible, and at the same time too expensive and insecure. Especially for Internet connectivity.
Bandwidth was finite and expensive, and latency poor. With Internet connectivity, there was a dilemma between widely
distributed local connectivity or backhauling all Internet traffic to Head Office for inspection and control though a
central ingress/egress location.
Local connectivity required a plethora of security appliances at multiple locations to protect users and the firm with
significant cost and complexity at each point, or skimping on those appliances to avoid cost. In many cases, there was
no central control of the perimeter connectivity leading to an inconsistent, and possibly porous and insecure network.
Backhauling involved significant bandwidth expense to route traffic through a limited set of Internet gateways,
with the consequent latency and bandwidth constraints giving users a very poor corporate Internet experience, and
the company footing a large circuit expense. This is an even more acute problem for companies with widely dispersed
locations where data circuits are expensive.
In both cases, local and backhauling Internet connectivity, significant latency was added due to the multiple hops
between different appliances in the DMZ, with each appliance performing its inspection and protection in
As enterprises struggled with this choice, users at home have seen massive increases in available bandwidth for streaming Netflix,
Amazon Video and other apps, while wondering why corporate could not seem to manage Internet connectivity properly.
These issues become more acute as companies adopt Cloud-based applications, which drives more traffic through
their already stretched Internet gateways. So what should companies do?
ZScaler has a different architecture which allows each local site or user to connect directly to the Internet while still
maintaining the visibility and control associated with having local protection appliances - without the appliances. This is
important. Each site or user experiences the best bandwidth and latency the local Internet provider can provide, and the
corporate controls are maintained. Inspection and control is performed in the Zscaler cloud,
which is peered directly to the Internet Exchange.
Bandwidth previously dedicated to back-hauling Internet traffic can be released, reducing network circuit
expenses considerably. In addition, with the bandwidth visibility and controls available with ZScaler,
companies can control bandwidth allocation to social media sites, ensuring business aligned Internet
bandwidth is available to Cloud-based applications when required.
And since Zscaler is a true integrated cloud based platform for Internet Security as a Service, all the other
benefits you typically associate with carrier-class cloud services apply:
- No CapEx, reduced TCO, delivered as a service (allows IT to shift focus to critical objectives),
dynamic scaling, flexibility (access from anywhere, any location on any device),
utility service (pay per user subscription based model)
- Guaranteed consistent Internet access policies across the entire enterprise - Single portal for setting policies,
administration, and reporting
- And cannot mention enough - integrated cloud based platform - replaces the plethora of prem-based appliances for:
- Content and URL filtering
- Inline Anti-virus and anti-spyware
- Advanced Threat Protection
- Cloud Sandboxing
- Web Access Control
- Cloud Application Visibility and Control
- Data Loss Prevention
- Bandwidth Management
- Cloud Firewall
- Guest Wifi
It is clear that companies moving to the Cloud need to think carefully about their network and adjust their
architecture to enable performance and security at a reasonable cost. Hararei can help companies plan and adopt ZScaler and
other Cloud Edge solutions. Contact us for a no obligation consultation on how Hararei can help your company transform your
network and security to increase performance, improve productivity, and reduce risks and costs.