In a recent No Jitter post on cloud security vendor Zscaler, UC analyst Zeus Kerravala, of ZK Research, called interest in the company "as hot as the Vegas sun." Why? Because Zscaler has "rethought remote access in the era of cloud," he said.
Indeed, a security rethink is becoming a must for enterprises growing their reliance on cloud-delivered services -- unified communications, collaboration, and contact center among them. Traditional remote access schemes that rely on IPSec or SSL VPNs along with firewalls, intrusion prevention systems, load balancers, and the like, do a great job of protecting access to applications running on internal servers. But they become inefficient when the applications reside in the cloud -- as Kerravala wrote, "technology that routes a user into the network just to send it back out doesn't seem optimal."
That's why interest is intensifying in cloud-first products like Zscaler Private Access, which Kerravala described in his post as having the potential to replace IPSec VPN technology. As he detailed, Zscaler's approach boils down to a few key principles. As cloud becomes the norm, remote users need not ever be placed on the network but rather receive application access via IT policy. Likewise, unauthorized users have no visibility to applications outside of their purview, severely curtailing the impact of any breach. And, with the Internet as the new corporate network, trust no one and encrypt everything.
We see new notions of security percolating elsewhere, too. For example, the standard in transit/at rest definition of end-to-end encryption needs to change for the cloud-oriented world, too, as Kerravala wrote in an earlier No Jitter post. The challenge is in the federated cloud model that many providers use to deliver their software:
... consider the case where a team collaboration vendor builds its tool using a communications platform as a service, and runs it on public cloud infrastructure. It then stores the data on one or more cloud storage drives, and initiates and terminates calls using yet another public cloud. Each of those cloud providers might use multiple cloud providers to build their service. This can cascade out to many levels, creating a large mesh of federated clouds to deliver one service.
If data needs to be unencrypted along each of these hops, then an "end-to-end encryption" label is a bit of a misnomer, Kerravala noted.
Rather, to be truly secure, the provider needs to keep the data encrypted across the entire path. This is done through key management, specifically by placing the key management server on the customer premises, such as providers like Cisco and Symphony do, as No Jitter's Michelle Burbick discussed earlier this week in a piece on team collaboration security. Should data get hacked somewhere along the cloud path -- federated or not -- it remains gobbledygook without access to the premises-stored keys.
New approaches to security are good news for enterprises enabling their users with cloud-delivered UC&C applications. And security as an afterthought has no place in a cloud migration, as Chris Smith, IT director at Grand Canyon University, shared with Burbick in her piece on team collaboration security. "Too often security is an elective, so [when a vendor comes to the table with security in mind] it's a nice consideration that helps the cloud transition go smoother."