For related articles, visit Internet.com's new Cloud Computing site.
The Internet is an indispensable small business tool, but using it safely means defending your small business against myriad online threats and ensuring that employees aren't putting your company at risk by using Web access in risky or inappropriate ways.
Small Business Security and Cloud Computing
Small business security protection and control is typically accomplished with hardware and software that's installed on a network and/or on individual PCs. By contrast, ZScaler's Web Security Cloud for Small Business is a SaaS-based alternative that promises small business security without the need to deploy and manage security appliances and PC-based anti-virus/firewall utilities.
We found that Zscaler's Web Security Cloud is relatively straightforward to set up, offers a high degree of protection, and affords small businesses the ability monitor and control virtually every aspect of employees' interaction with the Web.
ZScaler Pricing and Service Options
The cost for Zscaler's service varies depending on the specific features needed and the number of users protected. The service is available in five tiers, with basic Web URL filtering at the entry level, anti-virus and anti-spyware included at the midrange, and advanced features such as bandwidth management and data loss prevention (DLP) on tap at the high-end.
Zscaler provides detailed information about network transactions that's available almost immediately.
(Click for larger image).
Pricing for the entry-level Web Filtering Suite starts at $2.40 monthly per person for fewer than 50 people and drops to $2 for 50+ users and $1.50 for 100+, while the mid-range Advanced Suite pricing is $5.20, $4.33 and $3.25, respectively.
This PDF shows the features included with each tier -- features that you can also subscribe to a la carte. Note: We looked only at Zscaler's Web (HTTP) security offering; email protection (SMTP) and spam control are available separately (but the two products do share a single administration console).
Getting Started with ZScaler
Getting up and running with Zscaler's service is a fairly simple affair process thanks to the lack of any hardware or software to deploy. Upon activating a Zscaler account, you're presented with a browser-based administration console with a half-dozen top-level configuration tabs (Secure, Manage, Comply, Analyze, Reporting and Administration), plus a Dashboard that provides at-a-glance network statistics.
A set of default policies are already in place when you activate the Zscaler service, though in many cases administrators will need to spend some time customizing them for specific business requirements. Zscaler's administration interface is logically laid out and expansive.
Navigating it and understanding how all the configurable options work can be a bit daunting at first, but a Getting Started link and context-sensitive online help are handy resources. (Zscaler is working on a simpler and more streamlined method of setting up the service (aimed at SMBs with fewer than 100 users), which is scheduled to debut in Q1 of 2011.
After setting up your security policy via Zscaler's admin interface, you need to enable it on your network by configuring your firewalls/routers to talk only to Zscaler's cloud-based servers. You also need to set up client Web browsers to use a proxy server so they direct traffic through Zscaler even if not on the network. While this may sound daunting, setting up a browser to use a proxy takes about six mouse-clicks.
Web Access Control and Threat Protection
The foundation of Zscaler's service is its Web-filtering capability, which you can use to restrict access to sites based on various categories of content (or if you prefer, display a warning but allow access). You can add custom URLs to categories, create custom categories, and move URLs between existing categories. It's also possible to set up unique policies for different locations, such as for different offices or when a user's working from a remote connection rather than being on the company network.
Not surprisingly, Zscaler automatically blocks well over a dozen classifications of viruses, spyware, and miscellaneous forms of malware. By default the service also blocks a host of other common Web-borne threats, including attempts to exploit known browser or Office file vulnerabilities, botnet command and control traffic, cross-site scripting, anonymizers, and phishing sites.
It also blocks a host of P2P applications that can be vectors for infection, such as BitTorrent, and eDonkey, and even P2P communications apps such as Skype or Google Talk. Optimally, you can block access to an entire country domain if it's inherently risky or your employees have no legitimate need for accessing (say, Russia or China).
For some small businesses, it may be sufficient to have a single security policy that's applicable to all users, but for organizations that need greater flexibility, Zscaler supports user and group accounts that you can create manually, import into the service via a CSV file, or pick up from an Active Directory or LDAP directory. Lower-level admin accounts are available for purposes of viewing -- but not changing -- Zscaler settings or for generating usage reports.
Given that Zscaler does its work offsite rather than on your own network, you might expect some noticeable lag in Internet access as the service inspects content at some relatively distant data center. This wasn't evident in our time with the service; we found no perceptible decrease in responsiveness as a result of routing our traffic through Zscaler.
The company says that its worldwide network of data centers results in minimal latency. This speed was also evident when making adjustments to security policy -- whenever we applied changes, the new settings were in effect within just a few seconds.