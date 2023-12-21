The public cloud imperative

For many organizations, regardless of size or industry, the public cloud has become an essential resource for critical operations. One reason is that public cloud has proven to be 40x more cost-effective. 1 Moreover, the public cloud is easy to use and is extremely scalable. However, securing the cloud traffic from these workloads is a complex task, as cloud adoption increases, and the number of mission-critical workloads spread across multiple cloud providers. One of the most significant areas that organizations are revisiting is secure cloud and workload connectivity. With an ever-evolving threat landscape that capitalizes on an expanding attack surface, we’re seeing a substantial rise in the number of security breaches and threats that negatively impact businesses. Protecting these complex environments and connectivity with the right approach has become a necessity.

Many organizations rely on legacy security architectures to secure their cloud workloads. They often use a combination of:

Cloud native security solutions offered by cloud service providers Multiple security tools (firewall, VPN, TLS/SSL inspection, DLP, etc.) Backhauling to on-premises network security infrastructure for inspection and protection

But relying on legacy security architectures amplifies lateral movement, increases operational complexity, and provides inconsistent threat and data protection.

To address these challenges, organizations need a simple and automated approach based on zero trust architecture to deliver robust security as dynamic workloads move across on-prem data centers and multi-cloud environments.

Zscaler’s innovative approach to securing workloads Zscaler recently announced significant advancements to the Zero Trust Exchange (ZTE) platform and Workload Communications to simplify cloud workload security. The innovations radically simplify and improve cloud workload security by eliminating lateral movement, reducing operational cost and complexity, and ensuring consistent threat and data protection.

Fig 1: Zscaler Zero Trust Cloud Connectivity.

The latest advancements include:

Real-time resource discovery enables native integration with AWS to automatically locate VPCs, subnets, and EC2 resources. This eliminates the need for manual configurations and enterprise organizations can now effortlessly integrate security definitions based on cloud attributes.

Workload segmentation using user-defined tags allows organizations to create custom security groups based on user-defined tags and native attributes on AWS. This helps customers reduce the operational complexity associated with managing security policies based on IP Addresses, FQDNs, and CIDR blocks.

Multi-session VDI security that inspects all ports and protocols for multi-session, non-persistent VDI deployments in the public cloud. It helps to enforce granular threat and data protection policies per individual user session and maintain consistent security policies across all environments.

Comprehensive cloud coverage supporting major CSPs including support for Google Cloud Platform (GCP), Azure China Regions, and AWS GovCloud with FedRAMP certification. Enterprises can now confidently extend their deployments and effectively enforce consistent security and segmentation policies.

The new enhancements bring significant benefits to security teams seeking robust cloud workload security at cloud scale and speed

Recent enhancements enable enterprises the ability to:

Secure mission-critical cloud applications

Reduce cost and complexity by eliminating site-to-site VPNs, DC/Cloud DMZs

Enforce consistent threat and data protection policies

Secure cloud virtual desktop infrastructure

