Securing a global enterprise like FICO, widely known for its credit scoring system, is no small task. This is especially true for FICO, as our offerings extend beyond the consumer.A large part of our business is providing enterprises with analytics software and services that create hyper-personalized experiences for their customers. As we continue to innovate and push the capabilities of applied intelligence (“the original AI,” as I like to call it), FICO’s journey to the cloud and zero trust has been crucial to maintaining a leading edge in the highly competitive financial services market.Since 2017, we’ve embarked on a transformative journey to secure FICO’s operations in the cloud, rethinking traditional network security, eliminating outdated infrastructure like VPNs, and embracing cutting-edge zero trust architecture and AI-powered tools. This evolution has enabled us to not only protect sensitive workloads, but also enhance performance and agility across our entire organization.Here are the key strategies we’ve implemented and lessons learned along the way.Embarking on our journey to the cloudWe began our move to the public cloud in 2017, starting with corporate workloads. As with many companies, moving to the cloud was essential for securing back-office applications and protecting users. Amazon Web Services (AWS) became our cloud platform of choice for production workloads, and this prompted the first step in our transformation: securing our internal systems by building a zero trust architecture.We started by deploying Zscaler Internet Access (ZIA), part of the Zscaler Zero Trust Exchange platform, to secure our employees’ interactions with the internet as well as SaaS services and applications they use every day. ZIA changed the game in securing how we work.ZIA gave us AI-powered protection—URL filtering, full TLS/SSL traffic inspection, and other services to stop ransomware, phishing, zero-day malware, and other threats—for all our users, devices, and SaaS applications across all our locations. We paired ZIA with Zscaler CASB technology. CASB enables us to securely manage the SaaS and IaaS services we rely on and allows us to apply consistent protection for data in motion across the cloud. It also offers us visibility into risky and unsanctioned shadow IT application usage. This powerful combination gave us a solid foundation for the rest of our security journey.Eliminating traditional VPNs and simplifying accessThe next key milestone was the rollout of Zscaler Private Access (ZPA). It provides fast, secure, and reliable private application access for all our users, from any device or location, while establishing zero trust connectivity for workloads. ZPA minimizes security risks and mitigates lateral threat movement through AI-powered user-to-app segmentation and context-aware policies.At FICO, ZPA helped us eliminate our entire legacy VPN infrastructure—something many companies dream of but struggle to achieve. ZPA made accessing applications and workloads so much easier, faster, and more reliable for our employees while, at the same time, allowing us to strengthen our security posture.What started as a security-driven project quickly caught our IT department’s attention when they saw how much Zscaler also simplified the operational side. With ZIA, CASB, and ZPA in place, we introduced Zscaler Digital Experience (ZDX), which helps us boost productivity by monitoring our users’ digital experience. It optimizes experiences across all locations, devices, and apps by enabling IT to rapidly detect and resolve application, network, and device issues. ZDX uses AI to pinpoint root causes and make recommendations for resolution. It has also helped us collaborate more effectively by sharing insights and data across our IT operations, support, and security teams.Looking back, I wish we had implemented ZDX sooner. If you’re on a similar cloud journey, my advice would be to prioritize ZDX as soon as possible in your deployment.Deception technology—A deeper layer of defenseIn the last year and a half, we’ve added Zscaler Deception to our security stack to detect and intercept sophisticated threats that bypass most traditional defenses. The members of my red team, who are always on the lookout for vulnerabilities and avenues for potential attacks, absolutely love it. We’ve deployed customized decoys internally and externally to gather threat intelligence and keep attackers away from our core assets. It’s been an exciting and effective way to further protect our environment, and it gives us a proactive edge in staying ahead of potential threats.Securing production workloads in the cloudWhen it comes to protecting production workloads in the cloud, we’ve already made significant progress. With a 68-year technology legacy, we still have applications that are not well-suited for the cloud, so we will be using data centers for a while. But a lot of our production workloads are already in the cloud, so we have adopted Zscaler Cloud Connectors to securely connect many of our AWS accounts to Zscaler services, extending the same security controls provided by ZIA and ZPA to our workloads. Since FICO is also a cloud services provider, Cloud Connectors are essential as we continue delivering services to our customers through the cloud.Our segmentation approach focuses on dividing workloads by zone and AWS account. Right now, this strategy works well for us, but we’re moving toward more granular segmentation as we fully implement Cloud Connectors. We expect to gain even more control over how we manage workloads as we continue expanding our cloud footprint.Our future begins with our secure cloudFICO’s move to the cloud has been a transformative journey, and we’ve come a long way in securing and optimizing our systems. From securing corporate interactions to adopting deception technology and using Cloud Connectors, each step has strengthened our cloud infrastructure.We were proud to recognize Zscaler as Supplier of the Year at our annual FICO World User Conference. This was our way of acknowledging Zscaler’s tremendous support and the positive impact its tools have had as we navigate this transition and continue to grow and innovate for our customers.It’s an exciting time to be at FICO, and I look forward to what comes next as we continue to evolve our Zscaler zero trust architecture. Watch us go! See my full Zenith Live 2024 keynote.
[#item_full_content] Securing a global enterprise like FICO, widely known for its credit scoring system, is no small task. This is especially true for FICO, as our offerings extend beyond the consumer.A large part of our business is providing enterprises with analytics software and services that create hyper-personalized experiences for their customers. As we continue to innovate and push the capabilities of applied intelligence (“the original AI,” as I like to call it), FICO’s journey to the cloud and zero trust has been crucial to maintaining a leading edge in the highly competitive financial services market.Since 2017, we’ve embarked on a transformative journey to secure FICO’s operations in the cloud, rethinking traditional network security, eliminating outdated infrastructure like VPNs, and embracing cutting-edge zero trust architecture and AI-powered tools. This evolution has enabled us to not only protect sensitive workloads, but also enhance performance and agility across our entire organization.Here are the key strategies we’ve implemented and lessons learned along the way.Embarking on our journey to the cloudWe began our move to the public cloud in 2017, starting with corporate workloads. As with many companies, moving to the cloud was essential for securing back-office applications and protecting users. Amazon Web Services (AWS) became our cloud platform of choice for production workloads, and this prompted the first step in our transformation: securing our internal systems by building a zero trust architecture.We started by deploying Zscaler Internet Access (ZIA), part of the Zscaler Zero Trust Exchange platform, to secure our employees’ interactions with the internet as well as SaaS services and applications they use every day. ZIA changed the game in securing how we work.ZIA gave us AI-powered protection—URL filtering, full TLS/SSL traffic inspection, and other services to stop ransomware, phishing, zero-day malware, and other threats—for all our users, devices, and SaaS applications across all our locations. We paired ZIA with Zscaler CASB technology. CASB enables us to securely manage the SaaS and IaaS services we rely on and allows us to apply consistent protection for data in motion across the cloud. It also offers us visibility into risky and unsanctioned shadow IT application usage. This powerful combination gave us a solid foundation for the rest of our security journey.Eliminating traditional VPNs and simplifying accessThe next key milestone was the rollout of Zscaler Private Access (ZPA). It provides fast, secure, and reliable private application access for all our users, from any device or location, while establishing zero trust connectivity for workloads. ZPA minimizes security risks and mitigates lateral threat movement through AI-powered user-to-app segmentation and context-aware policies.At FICO, ZPA helped us eliminate our entire legacy VPN infrastructure—something many companies dream of but struggle to achieve. ZPA made accessing applications and workloads so much easier, faster, and more reliable for our employees while, at the same time, allowing us to strengthen our security posture.What started as a security-driven project quickly caught our IT department’s attention when they saw how much Zscaler also simplified the operational side. With ZIA, CASB, and ZPA in place, we introduced Zscaler Digital Experience (ZDX), which helps us boost productivity by monitoring our users’ digital experience. It optimizes experiences across all locations, devices, and apps by enabling IT to rapidly detect and resolve application, network, and device issues. ZDX uses AI to pinpoint root causes and make recommendations for resolution. It has also helped us collaborate more effectively by sharing insights and data across our IT operations, support, and security teams.Looking back, I wish we had implemented ZDX sooner. If you’re on a similar cloud journey, my advice would be to prioritize ZDX as soon as possible in your deployment.Deception technology—A deeper layer of defenseIn the last year and a half, we’ve added Zscaler Deception to our security stack to detect and intercept sophisticated threats that bypass most traditional defenses. The members of my red team, who are always on the lookout for vulnerabilities and avenues for potential attacks, absolutely love it. We’ve deployed customized decoys internally and externally to gather threat intelligence and keep attackers away from our core assets. It’s been an exciting and effective way to further protect our environment, and it gives us a proactive edge in staying ahead of potential threats.Securing production workloads in the cloudWhen it comes to protecting production workloads in the cloud, we’ve already made significant progress. With a 68-year technology legacy, we still have applications that are not well-suited for the cloud, so we will be using data centers for a while. But a lot of our production workloads are already in the cloud, so we have adopted Zscaler Cloud Connectors to securely connect many of our AWS accounts to Zscaler services, extending the same security controls provided by ZIA and ZPA to our workloads. Since FICO is also a cloud services provider, Cloud Connectors are essential as we continue delivering services to our customers through the cloud.Our segmentation approach focuses on dividing workloads by zone and AWS account. Right now, this strategy works well for us, but we’re moving toward more granular segmentation as we fully implement Cloud Connectors. We expect to gain even more control over how we manage workloads as we continue expanding our cloud footprint.Our future begins with our secure cloudFICO’s move to the cloud has been a transformative journey, and we’ve come a long way in securing and optimizing our systems. From securing corporate interactions to adopting deception technology and using Cloud Connectors, each step has strengthened our cloud infrastructure.We were proud to recognize Zscaler as Supplier of the Year at our annual FICO World User Conference. This was our way of acknowledging Zscaler’s tremendous support and the positive impact its tools have had as we navigate this transition and continue to grow and innovate for our customers.It’s an exciting time to be at FICO, and I look forward to what comes next as we continue to evolve our Zscaler zero trust architecture. Watch us go! See my full Zenith Live 2024 keynote.
