and we will be happy to help.
Microland Unlocks Global Access with SIPA Solution Enhancing Security and Efficiency for a Leading Professional Services Firm
Overview
The client is one of the world’s largest professional services firms, with over 312,250 employees in over 700 offices in more than 150 countries. The client faced the challenge of accessing geo-blocked websites and applications requiring traffic originating from specific source IP addresses. In response to this hurdle, Microland implemented Source IP Anchoring (SIPA) to ensure secure access to restricted content. SIPA allowed the client to bypass geo-restrictions, maintain traffic security, achieve significant cost savings through hardware proxy decommissioning, and streamline management with centralized control, leading to improving operational efficiency and security.
Challenges
The client's primary challenge revolved around accessing geo-blocked websites and applications that mandated specific source IP addresses. Balancing these requirements with maintaining security proved complex, leaving them to explore alternatives to traditional and costly hardware proxies. Additionally, some countries lacked Zscaler data centers, further complicating access. Stringent country regulations permitted only specific or predefined IP addresses to access government portals and restricted servers, preventing potential security threats from unauthorized IPs.
Moreover, the identification of countries with no Zscaler data centers and stringent requirements for source IP-based access impacted Sri Lanka, Vietnam, Thailand, Indonesia, Palestine, and Uzbekistan. Prior to considering Zscaler as a solution, these branches relied on local proxies like Blue Coat and Broadcom to facilitate local users' access to geo-blocked resources. However, the adoption of Zscaler's global proxy solution offered a cost-effective alternative, eliminating the need for local proxies.
Solution
Microland responded to the client's challenge with a state-of-the-art solution known as Source IP Anchoring (SIPA). This innovative approach involved deploying SIPA servers in the client’s branch locations, enabling local internet breakout for geo-blocked URLs and applications while preserving the client's source IP address. This strategy leveraged the robust security features offered by Zscaler.
SIPA, a service provided by Zscaler, is specifically designed to cater to countries with regulations mandating access to government portals and servers from designated source IP addresses. Implementing SIPA entailed configuring a virtual SIPA server on the local LAN within branch offices, ensuring that user traffic complied with country-specific regulations.
SIPA proved to be an effective replacement for branches that previously relied on hardware proxies, such as Blue Coat and Broadcom. These hardware solutions were not only costly but were also approaching contract extensions. The transition to SIPA ensured robust security without compromising Zscaler's protective capabilities.
The implementation of SIPA yielded significant cost savings by decommissioning 82 local hardware proxies across 48 identified locations. This strategic shift also streamlined management and improved the overall security framework.
As part of this approach, Microland expertly configured SIPA servers within the client's branch offices, seamlessly integrating them with the existing network infrastructure. These servers served as intermediaries, allowing local traffic breakout while preserving the desired source IP address. Additionally, SIPA smoothly integrated with Zscaler's security infrastructure, ensuring the continued security of traffic during local breakout for geo-restricted content. Furthermore, careful policy implementation and integration with the client's SD-WAN solution enabled dynamic traffic routing, guaranteeing compliance with security policies when accessing geo-restricted content.
Value Delivered
The implementation of Source IP Anchoring (SIPA) enabled seamless access to geo-blocked websites and applications, even in regions without Zscaler data center presence, ultimately enhancing operational efficiency. SIPA's architecture ensured secure local content access, striking a perfect balance between accessibility and security. The retirement of legacy hardware proxies resulted in significant cost savings and simplified IT infrastructure management. SIPA's integration with Zscaler's portal provided centralized control, streamlining policy implementation and monitoring for an efficient security framework.
- Geo-Blocked Access Enabled: SIPA enabled the client to effortlessly bypass geo-restrictions, ensuring that traffic appeared to originate from authorized source IPs, thereby providing unimpeded access to restricted content.
- Maintained Security: SIPA's seamless integration with Zscaler's security infrastructure ensured 99% of the traffic remained protected during local breakout, fully meeting compliance requirements.
- Cost Efficiency: The implementation of SIPA led to the decommissioning of hardware proxies, resulting in significant cost savings of up to 16%. This elimination of maintenance and operational expenses greatly improved cost efficiency.
- Streamlined Management: SIPA's integration with Zscaler's portal centralized control, eliminated the need to manage various hardware proxies across branches. This streamlined approach simplified and enhanced operational efficiency.