anatoliy_gleb -

How Maxeon is forging the path to SASE

Maxeon Solar Technologies is building out its security service edge capabilities with an eye on a SASE implementation that combines best of breed offerings from different suppliers

When Singapore-based Maxeon Solar Technologies was split from SunPower in 2020, enabling it to chart its own future in solar panel manufacturing, Stephen Gani had just joined the company as its chief information security officer (CISO) two months after the transaction was closed.

At the time, Gani’s team had to decide which security capabilities they would inherit from SunPower, what changes were needed and what gaps had to be plugged – notably, the lack of a secure web gateway (SWG) which was worrying.

Like most companies during the Covid-19 pandemic, Maxeon had employees working from home, but without the network protection of a SWG, its remote workers were susceptible to cyber attacks. Gani quickly implemented a SWG, along with endpoint detection and response (EDR) capabilities, in one of his first tasks as CISO.

As Maxeon has migrated most workloads to public cloud, it made sense for the company to leverage cloud-based security services. After a thorough evaluation of competing offerings in the market, it turned to the Zscaler Internet Access (ZIA) platform that delivers SWG and other security service edge (SSE) capabilities, including cloud-based firewalls and data loss prevention.

Gani was already familiar with Zscaler, having used its solutions at a previous company he worked for. At the time, he saw how quickly ZIA could be deployed thanks to the strong support from the Singapore-based Zscaler partner he worked with, Leo Infocomm, which “went the extra mile to help us with our deployment”.

Zscaler’s tight integration with CrowdStrike, Maxeon’s EDR supplier, was a clincher as well, enabling Maxeon to detect and stamp out threats that come though endpoint devices before they can do any damage.

Today, all of Maxeon’s 5,000 global employees access the internet and cloud-based services through Zscaler which observes and secures their connections. For large sites with a higher concentration of local servers, the company has implemented site tunnels to Zscaler enforcement nodes, which are full-featured inline proxies that inspect all web traffic bi-directionally for malware and enforce security and compliance policies.

Gani said these large sites include Maxeon’s manufacturing facilities in Malaysia, the Philippines and Mexico where all non-user traffic, such as those of servers and internet of things devices, will pass through Zscaler for inspection.

During a recent business review between Zscaler and Maxeon, it was revealed that Maxeon’s Zscaler deployment had protected 1.4 billion transactions in the prior three months, which was equal to about 228TB of traffic – up 134% compared to the same period last year. It also detected 31 million policy violations and blocked about three million security threats, of which 25,000 were hidden within encrypted traffic.

Gani said apart from minor incidents of malware that were introduced by plugging USB drives into air-gapped manufacturing systems, Maxeon had not encountered any malware outbreaks so far, adding that operational technology systems that require internet access will still have their traffic inspected by Zscaler enforcement nodes.

The journey towards SASE

With the major SSE components in place, Maxeon is on a path towards secure access service edge (SASE), but Gani does not believe the single-vendor SASE approach is the way to go.

“At one point in time, the head of IT infrastructure felt we should outsource SASE to one party for ease of management, operations and user experience. But I disagree as no one is topnotch for everything,” he said.

For example, he noted that while Zscaler is good with SWG, it needs improvement on the cloud access security broker (CASB) side. On the other hand, while Netskope is “slightly better” for CASB, its SWG could be improved, he said.

“We need to be very sure that the product meets our requirements and is something that we know how to operate and fulfills our security needs,” he added. “From the management perspective, we can always get someone to do that.”

Maxeon is currently evaluating Zscaler and Palo Alto Networks for zero-trust network access (ZTNA) capabilities to build out its SSE portfolio. It is also close to inking a deal with a service provider that can bring the SSE and software-defined networking (SD-WAN) components of SASE together and manage them based on its preferences, Gani said.

Read more about cyber security in APAC

Read more on Cloud security

Data Center
Data Management