Secure cloud workloads and data against ransomware and cyber threats (SEC212)

Zscaler's Cloud Security Approach: Protecting Workloads and Data

Networking Perspective

  • Zscaler has expanded its portfolio beyond just protecting users as a proxy in the cloud.
  • Securing workloads and servers in the cloud from a networking perspective is crucial, along with protecting data.
  • Networking is only half the puzzle, as there are out-of-band API calls that can't be solved from the networking perspective.
  • Securing workloads from a networking perspective can help with transformation.

Challenges in the Cloud

  • In the cloud, organizations have multiple cloud vendors and regions, with hundreds or thousands of micro data centers or VPCs.
  • Connecting these networks together creates a complex, routable network, making it difficult to control and secure.
  • There's a potential for human error, as developers can spin up resources in different VPCs without proper security controls.

Zscaler's Approach: Zero Trust Exchange

  • Zscaler's Zero Trust Exchange acts as a global security footprint, handling the heavy lifting of security policies and inspections.
  • Customers deploy lightweight connectors that establish inside-out connections to Zscaler's cloud, allowing for granular policy control without a routable network.
  • This approach focuses on brokering application connectivity instead of network connectivity, making the environments "dark" and "invisible" to each other.

Macro Segmentation vs. Micro Segmentation

  • Macro segmentation is about segmenting at the site or location level (VPC, VNet, etc.).
  • Micro segmentation is more granular, focusing on specific workloads within a VPC, such as EC2 instances.
  • Zscaler believes micro segmentation should be applied to "crown jewel" workloads, while macro segmentation can be used more broadly across the enterprise.

Data Security Perspective

  • Networking security alone doesn't prevent all threats and vulnerabilities. Data security is also crucial.
  • Zscaler's Data Security and Protection Management (DSPM) solution complements the networking security approach.
  • DSPM focuses on three key areas:
    1. Finding and classifying sensitive data
    2. Analyzing identity and access permissions
    3. Providing context on the level of risk exposure

DSPM in Action

  • DSPM can discover sensitive data in AWS services, map and track risks, and provide predefined policies to prioritize and remediate the most critical issues.
  • It provides human-readable guidance on the risks and recommended policy changes to address them.
  • The goal is to simplify the process of identifying, prioritizing, and remediating data security risks in the cloud.

Conclusion

  • Zscaler's approach combines networking security and data security to provide a comprehensive cloud security solution.
  • The Zero Trust Exchange and DSPM work together to secure workloads, minimize the attack surface, and protect sensitive data in the cloud.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us