State Capital Magdeburg
Replacing legacy VPN to enable an efficient, modern hybrid workplace
Ciena is a networking systems, services, and software company that delivers best-in-class networking technology through high-touch consultative relationships. The company enables its customers to optimize their existing frameworks while incorporating new technologies and ways of working.
Secures work-from-anywhere access to internet, SaaS, and private applications
Cuts MPLS costs and help desk tickets by 50%
Reduces application latency by 20%
Improves user experience and doubles meeting participation
Quickly resolves 95% of user experience issues, up from 25%
We have done so much strategically to embrace the cloud and mobility and prepare for the future. Our partnership with Zscaler has allowed us to start living out IT’s vision of being a competitive advantage for the business.
Pre-COVID-19 pandemic, before Zoom and Microsoft Teams became ubiquitous, Ciena CEO Gary B. Smith challenged his CIO to help raise the engagement level of all employees, specifically during daily phone meetings. As a result, the Ciena IT team began investigating deploying video conferencing technology.
However, they quickly realized that, in addition to the increasing amount of traffic attempting to access cloud-based applications, adding video conferencing at its 70 locations around the globe would heavily tax its legacy hub-and-spoke architecture. Ciena CIO Craig Williams subsequently realized that his team would need to “reimagine IT” in order to make it a competitive advantage for Ciena.
“We made it a point to rethink our entire infrastructure, applications, systems, and support models to empower our growing company,” said CIO Williams. “The first step of our business transformation was to hire the right talent. Next, we set out to replace our WAN and put in place an aggressive plan to phase out data centers, to become a cloud-first company that embraced the work-from-anywhere culture.”
“We knew that we would need to make some adjustments to our existing infrastructure to support the move to video,” said Henry Ku, VP, IT – Head of Infrastructure at Ciena. “Specifically, we were looking for low-latency, high-value security solutions available from anywhere, anytime, on any device, that make it easy for our users to connect.”
The research done by Ku and his team led them to SD-WAN technology and the joint solution of the Zscaler Zero Trust Exchange platform and VMware SD-WAN by VeloCloud. By using software-defined policies to select the best path to route traffic to the internet, cloud applications, and the data center, the Zscaler-VeloCloud SD-WAN solution reduces complexity and improves performance.
“When Zscaler came in, they did not just focus on the security team, they got all of us invested early on,” noted Ku. “Having VeloCloud and Zscaler working closely together with us was extremely helpful. Their experience made the process much smoother. If we had a problem, one phone call is all it took to bring everyone together to quickly solve the issue.”
The Zscaler and VMware SD-WAN by VeloCloud allowed Ciena to secure local internet breakouts at all its global locations. Removing MPLS backhauling reduced latency by 20% and provided a dramatically improved experience for the company’s employees, who are scattered across more than 35 countries.
With the Zscaler-VeloCloud SD-WAN solution, Ciena was able to simplify its branch IT operations and rapidly deploy new locations and services with cloud-controlled, centralized security and WAN management. Plus, because SD-WAN security is provided as a cloud-delivered service, every user in every location gets identical protection—including access control, threat prevention, native SSL inspection, and data protection.
With the improved operational simplicity and reduced reliance on hardware-based solutions, Ciena saw its costs reduced by 50%. “We knew that moving to the cloud would bring a host of benefits, but the cost benefit was even larger than we initially anticipated,” said Ku.
After implementing the SD-WAN, the Ciena IT team turned its attention to leveraging further the Zscaler Zero Trust Exchange, which provides all the cloud security services of a security service edge (SSE)—secure web gateway (SWG), zero trust network access (ZTNA), and cloud access security broker (CASB), and more. First, Ciena activated the Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) services.
“Previously we only had firewall protection at our corporate offices,” noted Ed DeGrange, Ciena’s Director of Cybersecurity Operations and Programs. “With ZIA, every one of our endpoints across the globe has an integrated cloud firewall and all traffic is inspected, even SSL traffic, starting on day one. Our on-prem solutions could not be scaled easily to support that SSL inspection. Even if we had done it today, tomorrow it would have been out-of-date.”
After we implemented Zscaler, we saw 90%+ adoption of collaboration tools and slashed costs and support tickets by over 50%.
Already supportive of a hybrid working environment for its employees, Ciena was more prepared than most when the pandemic hit. The company had just finished deploying ZPA for secure, direct access to internal applications from anywhere, whether on premises, at home, or on the road. With ZPA, the IT team was able to transition easily from securing 70 offices to securing more than 6,500 employee “offices” worldwide.
“ZPA works on all devices and, because the UI was easy to understand, adoption was very high,” said Williams. “Now, the experience that our users have while working from home, or anywhere for that matter, is no different than if they were in one of our corporate offices. As a result, our VPN infrastructure is not nearly as critical as it used to be and corporate resilience has improved significantly too.”
As part of its zero trust strategy, Ciena had previously deployed Okta identity and access management to authenticate users before granting access to applications. After implementing ZPA, the company took advantage of the seamless integration of Okta’s solution with the Zero Trust Exchange. Today, the Zscaler-Okta solution authenticates over 10,000 employee, contractor, and third-party identities and their respective devices before allowing access to more than 500 applications.
“The Zscaler-Okta integration not only helps us secure users, but also helps them have a better user experience,” said Michael Powers, Ciena Director of Identity Management Systems. “Monday morning, I log into my machine, Zscaler verifies me and sends me directly to the Okta single sign-on page for reauthentication. A few clicks and I'm in for the week.”
“Okta with single sign-on replaced the huge hassle and security risk associated with having tons of passwords,” Powers continued. “The addition of Zscaler Private Access made things even easier for users, plus now we’re double protected.”
ZDX is now the starting point for all user performance issues at Ciena. And we can pinpoint the root cause 95% of the time.
After deploying ZIA and ZPA, Ciena rolled out the Zscaler Digital Experience (ZDX) service, which is part of the Zero Trust Exchange. Ciena IT staff uses ZDX to monitor, analyze, troubleshoot, and resolve user experience issues, especially for business-critical applications, such as Okta, Microsoft 365, and internal web services.
“Since deploying ZDX, we’ve quickly triaged and resolved many cryptic user issues,” said DeGrange. “For example, ZDX showed us that the poor internet speeds experienced by a complaining user coincided with his MacBook repeatedly switching between sleep and wake states. Updating the energy-saving setting solved the problem. Or, another example, we rapidly determined that latency at our Silicon Valley offices was caused by traffic being routed through Dallas.”
“ZDX is now the starting point for all user performance issues at Ciena,” continued DeGrange. “And we can pinpoint the root cause 95% of the time, up from 25% previously. ZDX is a critical service to allow productive work-from-anywhere experiences.”
“IT as a competitive advantage includes things like improving employee engagement, enhancing their experiences, and allowing them to work from anywhere, while also driving innovation and reducing cost,” said CIO Williams. “After we implemented Zscaler, we saw 90%+ adoption of collaboration tools and slashed costs and support tickets by over 50%. Plus, our IT leaders now have a foundation that allows them to be continually focused on reinventing the company.”
“We have done so much strategically to embrace the cloud and mobility and prepare for the future,” continued Williams. “Much of it we couldn’t have done without the investment we’ve made in Zscaler. Our partnership with Zscaler has allowed us to start living out IT’s vision of being a competitive advantage for the business.”
We knew that moving to the cloud would bring a host of benefits, but the cost benefit was even larger than we initially anticipated.