Transcript
At the beginning, I would like to start with the challenges that city plants face at the moment. On the one hand, we have already mentioned the topic of compliance, NIS 2 or critical supply, critical infrastructure. What things do you have to do to meet the requirements here? A second important point is, of course, the threat situation. And we can already see that in the past few years and also this year, some city plants have been searched for by attacks and data loss or failure of machines and systems had to be complained about by corresponding hacker attacks. Another point is, of course, the IoT security. Here, as a customer, you would of course want to ensure that your power plants, your decentralized power plants, which may be located somewhere far away in rivers or the larger water power plants, are also securely connected, so that the data transfer can take place safely via a secure medium. Last but not least, we also have the maintenance access. This is also an important elementary point to consider in order to ensure that third parties do not have overprivileged access to the maintenance work on the data center, on the applications, IoT systems or on all the power plants that are centralized or decentralized. We start, as always, of course, with our Zscaler Zero Trust Cloud. This means that the cloud, which we have now entered here in the middle, will or is our central switchboard, our solution to connect everything together without having to use overprivileged access or VPNs or legacy methods. The Zscaler Zero Trust Exchange consists of more than 160 data centers worldwide. For you as a German customer, of course, the German data centers in the Zero Trust Exchange are interesting. These are located in Frankfurt, Düsseldorf and Munich. Important for you as a customer, who provide critical infrastructure, are of course also certifications that we provide with our Zero Trust Exchange. On the one hand, this is of course the BSI C5 certification and of course also various ISO certifications that are relevant. We also have disaster recovery and business continuity planning in our cloud, so that it can be ensured that there are no failures. Disaster recovery. If a user, for example from the office or can of course be a home office traveler user or the like, wants to connect with any application, he gets a Zscaler Client Connector installed here. This Client Connector now builds an outgoing connection to the Zero Trust Exchange. From there, it would be forwarded if the corresponding policy that is provided would apply. The policy now not only includes the user name, but also ongoing information is compared, such as what kind of data he carries with him, where he wants to go. As I said, the user identification and what kind of PC it is at all or what kind of device it comes from. If this policy is successfully validated, the Zero Trust Exchange builds a connection to, for example in this case, internet-based services, be it normal web services or SaaS applications that can provide ongoing IT infrastructure. For access to private applications, be it here in the data center or here at the Cloud Service Infrastructure as a Service, there is a so-called Connector, or here as an Appliance, a Service Edge, which can also build an outgoing connection to the Zero Trust Exchange. With the help of this outgoing connection, which we can now see here, the user connections can be put together in the Zero Trust Exchange, so that we can only forward application-based content. Unlike the VPN, the user is not connected to the network below, but he gets purely or exclusively application access. Thus, with our Zero Trust Exchange, we can hide the applications that are here and here in the data center behind the Zero Trust Exchange and thus only make them available to authorized and authenticated users. If we now look at internet access and continue to look at threat analysis, threat scenarios, we always have the problem of malware. Of course, there is also shadow IT in the SaaS area. Or, which is also an important and elementary point, is the data flow. Of course, every company, every city has to deal with this threat. With the Zero Trust Exchange, we offer a central security stack in every data center. That means, no matter where the user connects, from where he comes from, he always has the same security policy, always the same security filters that can filter the data traffic. Thus, we are able to use anti-malware filters, sandbox functionalities, browser isolation, URL filters, etc. so that we can ensure that no malware can get through to the client, whether he is in the office or in the home office. Furthermore, this proxy functionality in the Zero Trust Exchange also offers a kind of shadow IT detection or at least a recognition at the first point of which applications on the Internet are being used by the internal users. Where do I have risks when using or which data end up on which systems in the cloud? Thus, we have also provided data security. With this, we would have already covered the first part of our security requirements. If we now look back at our challenges, we have now discussed with the Zero Trust Exchange, all the points that we have discussed, the help that Zscaler can offer on the topic of CRTIS NIST 2 and at the same time discuss the threat situation of users when accessing publicly accessible resources in the upper area. Welcome back to part 2 of this episode on security for city works. In this area, we now want to provide IoT security and maintenance access in order to safely connect power plants, be they decentralized or centralized power plants, as well as to take overprivileged access from third-party employees, so that they can only access their maintenance area. Yes, now it's about how we can safely connect these IoT devices, which are also power plants, to the Zero Trust Exchange. Zscaler has developed a solution for this, nothing more than a SIM card, called Zscaler Cellular. With this Zscaler SIM card, it is now possible to establish an outgoing connection to the Zscaler Zero Trust Exchange. This means that the data from these devices can be safely sent to the cloud or to the data center via the Zero Trust Exchange. We have already covered one point on the topic of IoT security, based on Zero Trust principles, a communication structure. Furthermore, if you look at the IoT devices within a data center, for example, or the servers that are here, it is fundamentally important to prevent the spread of malware. In other words, we need a segmentation that can also be regulated with this edge device. Here, the individual devices are built into private 32-bit networks, so that communication can only work and be controlled via the gateway, via the service edge device. With this device, we now have the option of controlling incoming and outgoing connections and at the same time making a segmentation here. If, however, not only the data flow should take place, but let's assume we have a third party here who should do maintenance work on this hydropower plant. To do this, it would have to install a Zscaler Client Connector, if you look at it as an internal user, which we normally cannot provide. For this purpose, there is a portal here in the Zero Trust Exchange, in which various applications are available for the user. The external user now connects to the portal and can access the corresponding destinations via the available applications, which at the moment can be the hydropower plant or an internal system. With the Zscaler Cellular Device on the SIM card, we can thus provide incoming and outgoing connections to the corresponding devices. This brings us to the end of our second part of Security for City Works, in which we discussed the topic of IoT security, which means secure access to and from corresponding IoT devices and the segmentation of IoT or server devices in the data center. We also discussed the topic of maintenance access, how we can ensure that external access is secure and not overprivileged on servers or IoT landscapes. If you would like to have further information on these topics, my colleagues from Zscaler are happy to look forward to your contact request and are happy to help you with additional information. Thank you for your attention and see you soon. www.zscaler.com
