When Schneider Electric decided to undergo a digital transformation initiative, they knew their approach to security would also need to transform. As their apps moved to the cloud and their users left the network, the Schneider team needed a way to deliver consistent security controls across a globally dispersed workforce of 140,000 users.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
Â
Schneider electric powers security transformation with one simple app copy
1. Š2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1
Schneider Electric Powers Security
Transformation with One Simple App
Yohann Royer | Internet Service Line Manager at Schneider Electric
David Creedy | Senior Product Manager at Zscaler
WEBCASTS
2. Š2018 Zscaler, Inc. All rights reserved.2
To ask a question
⢠Type your questions into the chat box in the Webex
panel or email us at communications@zscaler.com
⢠Weâll try to get to all questions during the Q&A
session. If we do not get to your question, weâll make
sure to follow up afterwards
⢠At the end of the webcast â please let us know how
we did!
Š2018 Zscaler, Inc. All rights reserved.
Ask your question hereâŚ
3. Š2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3
Enterprise Customers
2,800 CUSTOMERS
Over 200 of the Fortune Global 2000
Global Partners
100
Data centers
50B
Daily requests
185
Countries served
Cloud Scale
Conglomerates
3 of the top 3
Oil and gas operations
3 of the top 4
Beverage
5 of the top 7
Apparel and accessories
2 of the top 4
Specialized chemicals
2 of the top 3
Food retail
6 of the top 12
The Pioneer in Cloud Security
5. Global specialist in energy
management and automation
Located in Over 100 countries (1000+ locations)
Over 170,000 employees.
130,00 Internet facing employees
Four Businesses
Buildings & Partner
Infrastructure
Industry
IT
Four principal markets:
Non-residential & residential buildings,
utilities & infrastructure,
industry & machine manufacturers
data centers & networks
6. Challenges at Schneider
Mobile Users
Traveling users connecting
to wrong
GEO based breakout
Performance and internet
experience was terrible
Policy Management
Securing a Distributed
workforce requires strong
policy control
Difficulties in managing policy
across all users on and off
network
User Authentication
Access to cloud applications
like Office 365
Location of users â Off or On
network & split tunneling
7. Microsoft
Edge Node
Exchange Online
Schneider Tenant
Amsterdam | Dublin
St. Louis
Open Internet
Non-trusted
IP
Tunnel Schneider Network
VPN traffic at destination
to internal IP Addresses
Outlook traffic at destination
to Microsoft Cloud
Dealing with Untrusted Networks
Cloud Apps like Office 365 are accessed over the Internet.
Authentication and VPN split tunneling added a challenge for Schneider users
9. Š2018 Zscaler, Inc. All rights reserved. / Confidential
Zscaler App â Always On across all devices
Minimal User
Impact
GRE GRE
No Need to Enable
and Disable
Knows When to
Forward Traffic
Supports Bypass
Configuration
Z App
10. Zscaler App for both Internet and Private Access
Access to private
apps from anywhere
⢠No VPN Required
⢠No Internal Network
Visibility
⢠No Network Lateral
Movement
⢠No Inbound Ports Required
⢠Mutually Authenticated
Secure Tunnel
⢠Transparent Application
Access for Users
⢠Trusted Network Detection
⢠Compatible with other
forwarding methods
⢠Works with existing Zscaler
Policies
⢠No backhauling traffic
through corporate network
⢠Strict Enforcement
Zscaler Private Access Zscaler Internet Access
Secure internet access
from anywhere
11. Centralized view of all Devices
Single Portal for Z App Endpoint Management
Traffic Forwarding
⢠Trusted Network Detection
⢠VPN Interoperability
⢠Geographic Routing
Client Policy
⢠Control Access to App Functions
⢠Privacy Compliance
⢠Control App Disabling and
Removal
Version Control
⢠Download App Versions
⢠Control Application Auto-Updates
⢠Version and Status Reporting
12. Š2018 Zscaler, Inc. All rights reserved. / Confidential
TraditionalVPN
Browser
C:WindowsSystem>
OS
Kernel
Packet
Filters
Z App
Networking
Browser
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x
Network Routing Table
Isolated connectivity
Limits lateral movement
and resource exposure
Open Connectivity
Resource exposure and
lateral movement available
ZscalerApp vs
Z App Compared to a traditional VPN
13. Š2018 Zscaler, Inc. All rights reserved. / Confidential
TraditionalVPN
VPNTunnel
Traditional VPN Overhead
MOBILE
Internet System Resources
Maintaining a VPN Tunnel has a large resource
footprint
Data Cost
Whether the user is sending traffic or not, a VPN will
use data to maintain the tunnel
Battery Life
A VPN maintaining a tunnel will continue to drain
battery with or without traffic.
User Experience
Users are trained to turn the VPN on and off as needed
14. PAC Management Handled by Z App
Non Proxy Aware App Traffic
Location Aware PAC Changing
Additional Client Policy
Visibility Into Devices
Transparent Authentication
Zscaler App
PAC Management External (GPO)
Only Gets Proxy Aware Traffic
PAC Is Static
No Additional Policies, only Forwarding
No List of PAC Only Devices
Cookie Based Authentication
Without Zscaler App (PAC)
Advantages of using Zscaler App
16. The Deployment
⢠ZAPP was distributed in âpushâ
mode by using SCCM
⢠Deployed over six months,
⢠Piloted and deployed
region by region
⢠Deployed to 70,000 employees
⢠2000 users per deployment
⢠NA â 20,000 users in 10 weeks
17. Zscaler App Deployment Results at Schneider
Mobile Users
Transparent App with
minimal impact to the
user base
Policy Management
Security policy is now
centralized and unified
across all users
on and off network
User Authentication
Simplified across all cloud
and network apps. User
experience and performance
vastly improved
18. Š2018 Zscaler, Inc. All rights reserved. / Confidential
Zscaler Benefits
Complimentary, Free Agent
Z App comes with no additional cost, and leverages existing subscriptions.
Multiple Platform Support
Z App is available on Windows, macOS, iOS and Android. User experience on all
platforms is the same.
East to test and deploy
Z App is simply another way to forward traffic. Typically can be deployed with no
additional firewall rules or infrastructure changes
Intelligent Network Detection
Users donât need to turn Z App on or off. Just leave it running and it knows when to
forward traffic or send direct.
19. Why Zscaler App?
Simple deployment at large scale with no infrastructure dependencies
Configure Deploy Report
⢠Define Trusted
Network Criteria
⢠Identify Groups and
Policies
⢠Define ZPA Apps
and ZIA Policy
⢠Distribute Z App using
existing client
management tools
⢠Pre-configure to simplify
user experience
⢠Leverage ZIA and ZPA
consoles for access and
policy logging
⢠Zscaler App Portal for
fleet status
21. Š2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION.
Thank You!
Questions and Next Steps
21
Yohann Royer
Internet Service Line Manager
Schneider Electric
Get an Office 365 experience
your users will love
Wednesday, October 10th, 2018
Americas 08:30 am PDT (16:30 pm UK, 17:30 pm CET)
David Creedy
Senior Product Manager
Zscaler
Learn more about Zscaler
Other Upcoming Webcasts
Three Ways Zero Trust Security
Redefines Partner Access
Wednesday, September 26th, 2018
Americas 08:30 am PDT (16:30 pm UK, 17:30 pm CET)
Zscaler App Solution Brief
Zscaler.com/zapp
Zscaler Internet Access
Zscaler.com/zia
Zscaler Private Access
Zscaler.com/zpa