Americas

  • United States

The present and future of Zero Trust segmentation at Gray Television

BrandPost By Brian Morris, VP, Chief Information Security Officer, Gray Television
Aug 20, 20247 mins
Security

Revolutionizing network security: Gray Television’s digital transformation with Zscaler.

Credit: iStock/MF3d

Gray Television has embarked on a transformative digital journey to modernize and secure its network infrastructure, and I’m excited to share our experiences and insights from this process. Our story is one of growth, challenges, and innovative solutions that have reshaped our network infrastructure and security landscape, thanks to our relationship with our trusted partner Zscaler.

Navigating complexities

Based in Atlanta, Georgia, Gray Television operates in 114 markets across 38 states. We aim for employees at all locations to be productive and secure, but rapid growth through M&As has led to a complex network infrastructure that got in our way.

Our acquisitions left us with a fragmented network comprising several WANs and dozens of VPN solutions, making management, monitoring, and policy implementation extremely challenging. Each new acquisition added layers of complexity, and the disparate systems didn’t always play well together. By early 2021, we realized the need for a radical change to simplify our network and enhance security.

Defining our goals: boosting resilience while decreasing risk

Zero trust segmentation was at the core of our strategy. As part of our new security strategy, we developed a roadmap centered on network segmentation through zero trust that would address users, workloads, branches, and internet of things (IoT)/operational technology (OT) devices.

Because zero trust assumes that every network interaction is potentially malicious, it would enable us to implement stringent access controls that significantly reduce the risk of data breaches. Another critical aspect of zero trust is continuous monitoring and analysis of network activity to help us gain deep insights into network traffic, identify potential threats, and help security teams respond swiftly to incidents.

We set three primary goals for our digital transformation that revolved around the Zscaler Zero Trust Exchange platform:

  1. Network modernization: Transition away from legacy VPNs and reduce our reliance on traditional WANs. We needed a solution that could handle our sprawling network without the headaches that came with outdated systems.
  2. Simplification: Manage our network from a single pane of glass to streamline operations and achieve cost savings. Simplifying our network infrastructure would not only make it easier to manage but also reduce the risk of configuration errors and security breaches.
  3. Consistent security policies: Implement uniform security policies across all platforms. Consistency in security policies is crucial for reducing cyber risk, protecting our data, and ensuring compliance with industry regulations.

Phase One: Improving the user experience and reducing the attack surface with Zscaler Private Access

Our first step toward implementing a network segmentation strategy was deploying Zscaler Private Access (ZPA) to provide users with direct-to-application connectivity rather than bringing them into the network. ZPA was a game-changer, allowing us to eliminate our legacy VPNs, streamline our network, and reduce the attack surface.

The shift to ZPA was seamless, and our remote employees could access the resources they needed to do their jobs without the cumbersome and risky connections. It also provided granular access controls, enabling us to define application and data accessibility parameters.

Phase Two: Replacing costly SD-WAN with Zscaler Zero Trust SD-WAN

Next, we introduced Zscaler Zero Trust SD-WAN to replace our traditional WAN network-to-network connections with zero trust user-to-workload and device-to-workload sessions. This phase is still in progress, but we’ve already seen substantial benefits. Zero Trust SD-WAN has simplified our network management and reduced costs by using standard internet connections instead of expensive private line and MPLS connections.

Zscaler SD-WAN allows us to securely connect our branch offices to the internet and private applications, without the risk of lateral threat movement on the network. Additionally, by leveraging standard internet connections with Branch Connector, which enables Zero Trust SD-WAN, we cut costs dramatically without sacrificing performance or security.

Moreover, the simplicity of Zero Trust SD-WAN made it easier for our IT team to monitor and control all branch connections from a single management console. This reduces the administrative overhead and makes it easier to enforce consistent security policies across the entire network.

Phase Three: Future zero trust innovations and integrations

Looking forward, we plan to further extend zero trust segmentation by securing devices such as IoT kiosks, computers, and servers through the Zero Trust Exchange platform.

Integrating IoT devices into our zero trust network is particularly exciting. IoT devices are becoming increasingly common in our industry, and ensuring their security is a top priority. By connecting and securing these devices with the Zero Trust Exchange platform, we can apply the same rigorous security standards to them as we do to our other network components. This will help us protect against potential vulnerabilities and ensure our entire network is secure.

We also plan to explore using Zscaler Zero Trust Device Segmentation, which provides zero trust segmentation in LAN environments. This will be crucial for protecting our critical infrastructure and operational technology (OT) networks from ransomware and other advanced attacks. Creating a “segment of one” for each device will allow us to control access policies at a very granular level without any changes to switches and routing infrastructure, further enhancing our critical infrastructure security posture. The agentless approach will enable us to deploy this revolutionary technology in hours versus months.

Tangible outcomes and benefits

I am proud of my team’s ability to execute our goals with the help of the Zscaler team. Not only did we meet our goals without a hitch, we also reaped these benefits:

  • Cost savings: Utilizing the internet as the corporate network with Branch Connector has had a substantial financial impact, freeing up resources we can reinvest into other business areas.
  • Reduced business risk: By implementing consistent security policies across all platforms, minimizing the attack surface, and preventing lateral movement we have improved our risk profile. We’re now more confident in our ability to protect our data and comply with regulatory requirements.
  • Improved business agility and scalability: The cloud-based Zscaler architecture allows us to easily add new users, devices, and locations without the need for complex hardware installations or upgrades. Additionally, streamlined M&A processes have allowed us to integrate new acquisitions quickly and securely with ZPA and Zscaler SD-WAN. This flexibility has been crucial in ensuring that our network can keep up with our expanding business.

Our journey with Zscaler has been nothing short of transformative. We now have a scalable, secure, and efficient network that supports our growth and operational needs. I encourage other organizations facing similar challenges to consider the Zero Trust Exchange platform. It has made a world of difference for us.

As we look to the future, we are excited about the possibilities that lie ahead. The continued evolution of our network infrastructure will enable us to stay ahead of emerging threats and ensure that our employees can work securely and efficiently from anywhere. We are committed to maintaining our zero trust principles and leveraging the latest Zscaler technologies to keep our network secure.

I hope our story inspires you to embark on your own path to a more secure and efficient network infrastructure.

Watch Brian Morris from Gray Television’s full Zenith Live ’24 presentation.

To learn more, visit Zscaler here.