1. The document discusses how Zscaler Private Access (ZPA) can simplify security for mergers and acquisitions by providing zero trust network access without requiring changes to the existing network infrastructure.
2. Traditionally, integrating an acquired company's network required ordering new circuits, complex IP addressing schemes, and coordinating firewall changes which could take years.
3. With ZPA, a company can subscribe and instantly provide any user with secure access to approved internal applications from any device without requiring network access. This accelerates the integration of acquired companies while standardizing security policies.
3. 2
One the excitement wears off, the fun begins…
Need identical
security
1 2 3
Must maintain
compliance levels
Visibility becomes
a factor
Acquired company may
not be as security
conscious
Access policies
Which security tech to
standardize on? Data privacy
Granular visibility and
security based on
identify
How do you determine who
across each company gets
access to SOC?
Liability site
Personal devices
4. 3
MPLS Integration to the rescue?
1. Often requires network address translations (NATING)
2. Now you must deal with overlapping IP for branches and datacenters
3. The appliance game begins – do we need more appliances? Who’s appliances do we use
4. Do I have enough concurrent connection handling capacity on VPN concentrators?
5. Users do not have our VPN clients on their PC
6. I want to enable access to HR and Payroll portal for acquired org immediately, but this
requires full network access and ACLs
7. Data locality – how do we treat German traffic compared to US traffic?
How can IT ensure that business is ready to allow access to apps for acquisition employees without
compromising security and performance?
5. 4
If legacy, network –centric
approaches are such a pain….
…what if we used the internet
to secure access instead?
Then Now
6. 5
National Oilwell & Varco’s Story
Making zero trust possible and accelerating M&A
9. 8
Architecture for Network Transformation
- Cheap Boxes
- Zscaler for Security
- 4X less MPLS $$$$
- 10x – 20x Speed Increase
- VPN tunnel – provider network
- Streamlined M&A process
10. 9
Remote Access – Then & Now
Then
Network-
centric
Now
User & App
centric
Radius
ADFS
LAN
Now
Zero trust
11. 10
Zscaler User Count: 38,000
employees. 10,000 users
secured by ZPA
Zscaler Products: ZPA, ZIA
Benefits of Zscaler Platform
• Was able to embrace a zero trust strategy with ZPA. Now hackers
can’t attack what they can’t see.
• 7,500 apps being discovered by ZPA connectors; of those 3,400 are
accessed by remote users.
• Now have a single security platform. Can secure access to internet
with ZIA and ZPA for secure access to internal apps.
• Leverages browser access capability
• Fast ZPA deployment shortens time for M&A while ensuring security.
13. 12
ZPA: Zero trust access to any internal app, from any device anywhere
Public Cloud
Private Cloud
/ Data Center
Goal: Simplify network security. Accelerate process for acquired or divested assets.
INTERNALLY
MANAGED
HQ
location
Acquired or
divested mobile
users
Acquired or
divested
company
IOT devices
1. Standardize security policies for
newly acquired companies
2. Control user application
access, w/o network access
3. Consistent remote user
experience for all, without VPN
4. No change to infrastructure to
bring newly merged assets in
The value of cloud-based security
Secure and standard experience across all
users and assets
14. 13
Software-defined
perimeter architecture
ZPA ZENs
secure user to app connection
1
Z-App / Browser Access
request access to app
2
App Connectors
sit in front of apps –
outbound-only connection
3
Zscaler Private Access – simplifying M&A
Zero trust security
with ZPA
• Treat all as untrusted –
both outside & inside the perimeter
• Verification prior to granting access
• Access is granted on a strict
“need to know” basis
• App access without requiring network
access
• Segment of one is created between
named users & named application
Z App
Browser Access
2
App Connectors
3 3
1 ZPA ZENs
Company A Company B
15. 14
Comparing then, to now
Then Now
Application
Location
1. Examine the acquired company’s
network hygiene to determine risk
Subscribe to Zscaler Private
Access - no need for new
circuits or network changes
Network
Architecture
2. Order circuits from telecom
companies (and wait 3-9 months)
Turn on application
discovery
Security
Approach
3. Set up flexible IP addressing
scheme and/or NAT to absorb devices
on new network(s)
Configure user-to-
application access based
on discovery & user
context
4. Coordinate joint internal firewall
changes – ports, source addresses, NAT
5. Perform joint application inventory
6. Determine how to enforce access
control rules - firewall, NAT, proxy
7. Configure various required access
control mechanisms, load-balancing, etc.
16. 15
CostExperience Security Simple
• Consistent
experience for all
acquired users
• No remote access
VPN login
• Users never on network
• Standardized security
• Control application
access
• Visibility into user
activity
• Weeks vs. years
• No change
• No network
segmentation
• Faster product
delivery
• No hardware
appliances
• No hardware
replacement
• Zero IP convergence
and segmentation costs
Benefits
17. 16
Summary
Take ZPA
for a test drive.
https://www.zscaler.com/zpa-
interactive
Learn more about
Zscaler for M&A
https://www.zscaler.com/solutions
/mergers-acquisitions-divestitures
Casey Lee
Director, IT Security
National Oilwell & Varco
Chris Hines
Principal Product Manager
Zscaler