Secure Transformation to Cloud

Suryanarayana Grandhi, CIO & Arul Shanmugasundram, Chief, Business Developmentand CTO, TATA Power

In todays, enterprise environment, Cloud solutions are emerging. Many of the organizations are moving from on Premises to Cloud to minimize their overhead costs and high availability. It has become difficult to management secured systems when employees are on move and operating company applications with data. ZSCALAR is one which has Proxy solution on cloud platform.

Implementation of Zscaler Proxy solution on Cloud Platform:

TPSSL has various ILL links terminated at all offices & Remote locations including Project sites with various devicesbeing installed &used to manage at the respective offices.

TPSSL internet access was through on premise web security appliances in all local locations.At Bangalore & Noida office we have a dedicated Cisco IronPort Proxy Solution / appliance to provide the URL, Application filtering for Internet users. For Project sites (approx. 7 numbers) we have a dedicated Cyberoam firewall at each site for managing the URL, application filtering and Gateway Antivirus at the appliance level.

Current challenges which we are facing today at TPSSL:

• There was Inconvenience for the users as each location (Bangalore and Noida office) has a different Proxy address and the users have to change their proxy address when they moved from one office to other.

• We have issues in managing the Bandwidth control for the users who are using the proxy solution at office

• Facing challenges in terms of managing the pac file from the group policy and many of the computers are not getting synced with the group policy.

• TPSSL is expanding geographically on all continents / project sites and we wanted to have a single pane of management for its web security platform that could support its l IT team control Internet access from a single location.

• The combination of setting up appliance high availability, upgrading and managing appliances, coupled with both upgrade overheads and frequent unplanned downtimes, were taking a toll on both employee productivity as well as IT team focus & "Indeed, many offices had to be separately managed which added complexity and extra workloads for the global IT support team,”

• When new offices were opened, there was no straightforward way to deploy IT security. Tools and hardware appliances were purchased and deployed on an ad-hoc basis which added further challenges when it came to management. All Internet traffic was routed via on premise proxy solutions which mainly worked as a URL filtering solution rather than as a true malware detection solution.

• "We were also finding we had to make significant investments to ensure redundancy, even when the offices themselves were quite small, " he says. "We recognized it was time to find an alternative approach to our IT security,”

• As time passed, the overhead of deploying security policies consistently across multiple devices was becoming onerous. Along with the day-to-day complexity of managing a distributed on premise web security solution, The IT team also needed a better option to provide web security for the TPSSL roaming users.

The Solution

• After carefully reviewing a range of potential security tools and services, a decision was taken to adopt Zscaler to monitor and manage all network traffic across the company. During a period of One month, on premise web security gateway devices in each office location were bypassed for certain machines and all network traffic directed to the Zscaler cloud-based security service.

• Zscaler identifies and blocks potential threats. No onsite hardware or software is needed. Processing more than 30 billion requests a day across a network of 100 global data centres for its customers, Zscaler decompresses the entire file and scans it for malicious content before it reaches the end user. There’s no delay. Each time a new threat is detected by any customer it’s immediately blocked for everyone.

• Zscaler checks all web requests and responses, and logs complete transaction details. Collected data is then used to create real-time reports. These provide full visibility of traffic and help determine whether existing controls are effective or counterproductive, and whether additional controls could be advantageous. All user access to Internet is also authenticated using SAML/ADFS services.

Providing required bandwidth for the organization’s business websites was another requirement which was easily handled by deploying Zscaler Bandwidth Control which ensures the company’s network infrastructure is being used in line with corporate guidelines. Bandwidth is reserved to ensure core applications and cloud services always have sufficient capacity for optimal function.

• In addition, SSL Interception of HTTPS sites ensures that no proxy anonymisers can be used to connect to anonymous proxy systems that are on the internet.

The Results

With Zscaler now the standard security platform across the company, overall IT management overheads have been significantly reduced. Rather than needing to monitor and manage hardware appliances in each office location, the global IT team can instead focus on more value-adding tasks such as the recent deployment of Office 365.

In TPSSL with different connectivity options which Zscaler provides enabling high level of flexibility on how policies can be enforced. With this approach, access can get provisioned based on the IP address of the machine or the user ID. Today, 80 per cent of the organization’s Internet traffic is via SSL.

In addition, as a fully-managed service, oversight of internet policies and reporting happens through a single centralised portal.