About Client:
A technology-driven, cloud-based company based out of Chicago who helps employers and employees manage their health and welfare benefits. With adaptive technology, service excellence, and compassionate service, the company serves millions worldwide.
Challenges:
As a carve-out entity, the client had to set up a standalone tech stack from the ground up, including a fully independent network, infrastructure, data, applications, and IT endpoints, such as laptops and mobiles. Since this will be the first time the client operates as a new company, ensuring secure access to data and applications from Day 1 without business interruption or impacting employee experience was a key concern.
A stringent Transitional Service Agreement (TSA) mandated the client must port its IT applications out of the parent company’s data centers. This was a tall order since most applications had yet to be migrated to the new company’s cloud servers hosted on Amazon Web Services (AWS), the plan for which spanned six months after the network separation phase. In this interim, the client risked losing access to these applications.
The client entrusted Persistent with transitioning their tech stack from the parent company’s data centers to AWS servers, prioritizing Day-1 security.
Solution
Persistent Implements ZScaler Suite to Build in Security from the Ground-Up
As a new company with a greenfield IT infrastructure and network setup, the client was ideally placed to pivot to a zero-trust security architecture. Working on the principle of ‘access denied by default’, zero trust helps enterprises bolster their security posturing to combat the increasingly sophisticated attack vectors in an IT environment far too spread out for traditional, perimeter-centric security practices.
Persistent advocated for a zero-trust approach to ensuring Day-1 security, led by ZScaler solution suite. Our strategic partnership with ZScaler allows us to map the right security solutions to address the client’s unique business needs. We implemented a comprehensive security architecture for our client by leveraging our understanding of the ZScaler ecosystem and our multi-vendor expertise. To ensure a holistic security approach, we integrated endpoint detection and response solutions with various security counterparts, such as Security Information and Event Management (SIEM), to enhance visibility, analysis, and response capabilities across endpoints, workloads, users, and networks. Additionally, we incorporated MS Defender, Azure AD, IBM QROC, Office 365, Rapid7, Fortinet firewalls, Meraki switches, and access points to create an end-to-end secure environment.
Persistent developed a smart solution connected to the parent company’s data center using Zscaler and AWS for continued application access. The new company’s AWS infrastructure was linked to the parent company’s AWS instance through a peering connection for secure data transfers. We hosted the Zscaler App-Connectors on the new company’s AWS tenant within a virtual private cloud with access to the parent company’s AWS instance to the data center application segments. The parent company’s applications were integrated with Zscaler Private Access (ZPA) through the app connectors, creating a secure way to access applications using the Zero Trust framework. This eliminated the need for AD credentials or reliance on a building’s network for access. The deployment, including user acceptability testing, was completed within two weeks.
Benefits
Day-1 Secure, Uninterrupted Access to Business Applications with Zero Trust
By seeding a zero-trust approach to security, Persistent helped the client secure over 1,500 IT applications and endpoints from day 1. With the right access to the right users, the client improved its overall security posture while ensuring an optimal end-user experience. Our 360-degree approach to security, stemming from our understanding of the ZScaler solution ecosystem and our multi-vendor expertise, helped the client consolidate security tools or applications, resulting in 30% cost savings in licenses and vendor fees.
Furthermore, with our app connector solution, the client was able to comply with TSA obligations, ensuring its employees have uninterrupted access to business applications.