As a CISO leading the cybersecurity program at Cushman & Wakefield, one of the world's largest commercial real estate services firms, I can attest that it has been a truly transformative journey. When I joined the company over five years ago, I had clear priorities: improve SaaS application performance for our distributed, mostly mobile workforce, now more than 52,000 employees, simplify network architecture, and accelerate integration of mergers and acquisitions (M&As).

My vision was to evolve Cushman & Wakefield’s security approach from a legacy on-premises infrastructure to cloud-based security as a service. As we set our sights on a cloud-first and partner-first model, we aimed to shrink the size and number of our data centers. Our intent was to streamline our infrastructure and build a coordinated security ecosystem with an eye toward gaining operational efficiencies. Equally important was providing our globally dispersed users with faster, more secure access to the more than 200 SaaS applications they rely on every day. To achieve these goals, we turned to the Zscaler Zero Trust Exchange—and it has proven to be the perfect fit for our strategic vision. Zscaler has been at the core of our success and continues to be at the center of our ongoing security transformation journey.

A phased approach to our Zscaler implementation

In 2019, we made a strategic decision to adopt SD-WAN to improve SaaS connectivity across our more than 400 branch offices. That’s when we adopted Zscaler. We selected Zscaler Internet Access (ZIA), part of the Zero Trust Exchange, as our security solution because it interoperates seamlessly with the SD-WAN and enables secure local internet breakouts without the high costs and complexity of on-premises firewall appliances. The joint solution provided consistent protection and significantly better performance for our users on any device anywhere. Additionally, our security team had complete visibility over what was happening on the network and who was using which applications. This allowed us to manage bandwidth and prioritize traffic to business-critical applications and limit the impact of streaming and social media traffic.

We’re continuing to modernize our branch offices but are moving to a café model, where users can securely connect to corporate resources without VPN or SD-WAN. Zscaler is making this change possible. Looking ahead, we also plan to implement Zscaler Private Access more broadly to provide secure access to private applications as we establish offices in new regions.

Following the user during the pandemic and beyond

At every stage of our implementation, we found that Zscaler delivered value in new ways. Even before the COVID-19 pandemic, a significant portion of our workforce was operating remotely. When the pandemic struck, we were well prepared. Zscaler Client Connector had already been deployed on all devices, so we maintained business continuity. When a leader asked me what my plan was for security at the time, I just shrugged my shoulders and informed him that we already had all our bases covered with Zscaler and Crowdstrike being the primary components.

Zscaler integrations for a coordinated security ecosystem

After the positive experience we had with the Zscaler integration, we are impressed with how easy and seamless it is to integrate other tools in our security stack with Zscaler. Recently, we integrated Zscaler with CrowdStrike for an added layer of protection: Zscaler only allows devices that meet CrowdStrike’s Zero Trust Assessment (ZTA) score threshold to access sensitive applications. By sharing real-time threat intelligence, data alerts, and device health information, the Zscaler-CrowdStrike integration has reduced the number of security events.

As we move forward with building out our zero trust architecture and creating a unified security ecosystem, we plan to leverage Zscaler’s open API more fully to maximize our other security investments. We’re looking at ways to broaden threat intelligence sharing, gain more visibility, and engage automation to a greater degree. At the top of my to-do list are integrating with CrowdStrike Falcon LogScale, its next-generation SIEM and log management tool, and with Mimecast, the cloud-based email security and management system used by all our employees..

Future focus: expanding Zscaler capabilities

Risk management
I also look forward to evaluating the new AI-powered capabilities like Zscaler Risk360 to gain visibility into risk in all areas of our environment. Once it’s in place, Zscaler Risk360’s visualization framework will generate risk posture profiles using real data in our environment combined with global security research from Zscaler ThreatLabz. The ability to quickly identify and respond to critical vulnerabilities will enhance our proactive protection, enable us to communicate security priorities in a quantifiable way, and help us build a data-driven case as we advocate for additional resources.

M&A integration
Over the years, most of our growth has been fueled by M&As. We plan on leveraging Zscaler to integrate acquired companies and enable these new users to have access to business-critical applications in days rather than months.

Combating data loss and insider threats
We are also on a mission to curb data loss overall and to combat insider threats, whether due to negligence or malicious motives. These challenging tasks are made easier with the multi-pronged defense made possible by the zero trust architecture we have in place and continue to build on.

By ensuring least privilege access and preventing lateral movement, we are limiting potential damage from abuse of insider access. The Zscaler’s Zero Trust Exchange plays a critical role in keeping these threats at bay by minimizing the attack surface—users connect only to a single application, not to the network.

As we continue on our zero trust journey, enhancing data protection in this age of generative AI engines like ChatGPT is a top priority. Zscaler’s inline TLS/SSL traffic inspection will be essential for preventing the leakage of sensitive data by identifying and blocking attempted unauthorized uploads to AI tools and across all our cloud apps.

Gaining deeper visibility into user activity is another focus area. While most of our employees are trusted, honest professionals, mistakes happen. By implementing deception tools such as honeypots and lures, our security team will receive alerts to help them detect anomalous insider behavior faster. This significantly reduces dwell time for any potential incidents.

A partnership for the long haul

As CISO, my aim is to continue delivering seamless access and robust security for our global staff as we grow our business and expand our presence and offer new services. The flexible, scalable Zero Trust Exchange aligns with this goal. Our partnership with Zscaler has been integral to Cushman & Wakefield’s cloud-first journey. Together, we’ve shifted from legacy networks to a unified, user-centric security model that enables productivity and protection anywhere.

I am confident that our journey toward a more secure and efficient future will continue successfully with Zscaler as our trusted partner. The results we have achieved thus far speak for themselves.

To learn more, read the case study.