The project team replaced multiple existing web filtering tools (Sophos, Palo Alto GlobalProtect VPN) with a single cloud-based service. Over 300 new corporate laptops were onboarded without relying on a shared VPN firewall, reducing complexity and dependency on physical appliances.
ZIA was deployed through Zscaler’s cloud exchange, providing location-based datacentre routing with automatic failover, as well as enhanced functions including cloud web/app filtering, SSL inspection, and a cloud firewall.
This transition moved internet security from on-premise hardware to a cloud-managed service, improving resilience, strengthening security, and aligning with a cloud-first strategy.

The environment previously depended on physical Palo Alto GlobalProtect VPN firewalls in a datacentre, connected through multiple IPSEC tunnels to other sites and Azure. This created reliance on a fixed datacentre location for both VPN access and internet breakout.
To address this, ZPA App Connectors were deployed in both Azure and on-premise environments, enabling secure, VPN-like connectivity to internal applications and services. The solution introduced stronger controls through device posture checks, group-based access rules, source IP anchoring for restricted services, and routing of ZPA traffic through ZIA for additional security.
As a result, all users transitioned away from the traditional VPN to ZPA, gaining streamlined access to required services with improved security and flexibility.

Previously, there was no capability in place to monitor user experience or application performance across the environment.
ZDX was deployed alongside ZIA and ZPA using the Client Connector app, enabling visibility into device health, network performance, and the performance of both public and private applications.
This provided end-to-end visibility across the estate and allowed individual device issues to be identified and troubleshooted quickly when required.