A boat that only stays afloat sometimes (or even most of the time) is effectively just an anchor. Likewise, if a data protection solution is unable to perform well consistently, then it is essentially worthless. Naturally, this piece of common sense gives rise to a question: How should an organization ensure that its data protection exhibits the proper levels of performance?
This question has become even more pertinent since the widespread adoption of cloud-based tools and remote work. The legacy approach of maintaining numerous hardware appliances in the enterprise data center may have worked well enough when users, apps, and data were continuously on premises and most traffic was unencrypted, but this is obviously no longer the case. Today, organizations looking to unlock maximum performance in data protection need true cloud security that is delivered at the edge. Below are three reasons why this is critical.
Scalability and uptime
When organizations rely upon on-premises security appliances with fixed performance capacities, data protection is inherently limited from scaling properly across users and data channels. Consequently, when the load on an appliance starts to reach capacity, the enterprise has to choose between making inspection compromises to keep the appliance functioning, and conducting a costly hardware refresh. To preempt making such a choice, data protection appliances are often kept in monitor-only mode. While this tactic provides visibility, it fails to actively stop sensitive data from leaving the organization in real time. For dynamic organizations today, this is significantly limiting to enterprise security and success.
Fortunately, rather than trying to strike a balance between excess and insufficient capacity with on-premises appliances, organizations can simply lean upon a leading cloud security platform for highly elastic data protection and the needed levels of uptime. Cloud architectures are designed for maximum scalability; they have massive capacities because they have to be able to support countless customers. In other words, whether organizations have mass hirings, global events that bring all employees into one location, or something else entirely, their data protection will scale as needed. Likewise, as a cloud security vendor’s survival depends on its platform’s uptime, around-the-clock performance in general is far more assured with cloud-based data protection than it would be with in-house appliances.
Full SSL inspection
Today, as much as 95% percent of user traffic is SSL encrypted. While this is good news for security in one sense, it is bad news in another: If data and content are now hidden in SSL, then inspecting this traffic for accidental data leakage and malicious exfiltration is mandatory for proper data protection hygiene. Unfortunately, data protection solutions built with legacy, appliance-based architectures often struggle to deliver when faced with the inspection demands of today’s organizations. This is because decrypting, inspecting, and re-encrypting traffic is a massively compute-heavy endeavor, and they lack the scalability to do so.
When using a cloud architecture for security, the SSL challenge described above is a non-issue. An added benefit of having an elastic cloud architecture with immense capacity is that it enables SSL inspection at scale. As the proportion of user traffic being encrypted is now approaching 100 percent, this is crucially important. Without a highly elastic solution that can perform full inspection of encrypted traffic, data loss can still occur without IT being aware. Fortunately, unlike traditional data protection appliances that rarely get fully deployed inline to inspect traffic, cloud platforms are natively inline and, while fully inspecting SSL, can take automated action by enforcing blocking policies against any identified violations.
Global user experience
User experience should be far more than an afterthought when it comes to data protection. Unhappy or confused users are less efficient than their satisfied counterparts; not to mention the fact that slowing or interrupting their experience inevitably hampers their production. Regrettably, this is what appliances do when they fail to scale properly or provide the needed levels of uptime. Additionally, the legacy approach requires backhauling user traffic from around the world to a distant data center for security. This hairpinning significantly slows the user experience and disrupts productivity.
The good news is that true cloud data protection addresses these scalability and uptime challenges, as described previously. Additionally, rather than requiring traffic backhauling, points of presence around the globe deliver data protection at the edge (as close as possible to end users) in order to eliminate latency and deliver a seamless user experience while protecting data. Applications and users have moved off-premises and into the cloud; traffic between the two shouldn’t be forced back to the data center.
Zscaler: modern data protection
If you’re looking for modern data protection on a true cloud architecture that scales, maintains unparalleled uptime, performs SSL inspection at scale, and requires no backhauling, then Zscaler is the answer; we even have a digital experience service to streamline things for your users.
To see how we can help address your data protection needs, download our Top CASB Use Cases ebook.