At XPO, our job is to keep our trucks and their freight moving to their destinations safely and on schedule. To ensure efficient delivery, we are constantly looking for ways to fine-tune and uplevel our technology infrastructure. One way we have done that is by evolving our Zscaler Zero Trust Exchange footprint to make our service centers and overall operations more resilient. Our move to the cloud revealed that our legacy architecture had security and efficiency shortfalls that needed to be addressed with a more modern approach.

XPO is a leading global transportation and logistics company specializing in less-than-truckload (LTL) deliveries across 14 countries. Our global user base of 70,000 employees ranges from developers on laptops connecting to our data centers to field workers in trucks with network-connected handheld devices. Maintaining a robust cybersecurity posture is critical to business continuity. If one of our 300-plus service centers were impacted by a cyberthreat, it could have a ripple effect on the supply chains of the countries we operate in.

When we began our move to the cloud, we also made a strategic decision to deploy a zero trust architecture across our mission-critical network so we could isolate cyberthreats and prevent them from spreading across different geographies. Amid increasing operational complexity and the need to strengthen and unify our security posture, we also faced major organizational change. By partnering with Zscaler, we navigated those hurdles and are marching toward a 100% zero trust environment.

The flaws of a legacy environment in a cloud-first world

When I first joined XPO as CISO, the biggest challenge I confronted was optimizing and consolidating security across our vast, interconnected network infrastructure.

Each of our service centers had firewall and VPN appliances and relied on MPLS to route traffic to our data centers. Anytime we opened a new service center, we replicated this environment, which was time-, labor-, and cost-intensive. Also, these traditional perimeter defenses did not provide adequate protection for our connected, cloud-first world. For example, compromised VPN credentials could give bad actors access to our entire network, enabling lateral movement across other service centers. The consequences could be far-reaching and serious, severely impairing our business continuity and our reputation.

Starting at the ground floor with Zscaler

The first step toward maximizing service center uptime and security was deploying Zscaler Internet Access (ZIA) to enable employees at our service centers and elsewhere to directly access the internet and the SaaS apps they use to do their jobs. Now, field workers and other users no longer have to log in to the network via risky VPNs to access resources. With ZIA, we can apply and enforce consistent security policies across our entire user base. It also provides full TLS/SSL traffic inspection and other AI-powered threat protection technologies to safeguard our vital data.

Soon after our ZIA deployment and in the midst of the global pandemic, we divested into three publicly traded companies (XPO, GXO, and RXO). With Zscaler, the divested entities were operational on day one. Not one of the combined 120,000 users at the three businesses experienced any downtime. It was truly phenomenal!

Expanding our zero trust implementation

Recently, we implemented Zscaler Private Access (ZPA) so that our remote employees can connect securely to authorized private applications. This has further reduced the attack surface and improved the user experience by eliminating the need for backhauling. ZPA also adds another layer of critical data protection by preventing lateral threat movement through advanced segmentation and AI-powered policies.

XPO is also using Zscaler Digital Experience (ZDX) to provide a seamless user experience for our employees whether they connect from home, the road, our offices, or our service centers. With ZDX, we don’t have to make a trade-off between security and user experience. It provides us with full visibility into connectivity across the board, giving us deeper insights into network and application performance while helping us monitor and improve the user experience. This has been a real boon for the help desk, reducing support tickets tenfold. ZDX empowers the team to track down the root causes of issues and resolve them more quickly so we can keep things moving

Fully secured service centers thrive while costs go down

Our original setup not only left us more vulnerable to breaches and ransomware; it also resulted in frequent outages and performance problems, along with increased management complexity and cost. Zscaler, on the other hand, enables us to drive connectivity across these service centers while significantly reducing costs and improving security.

The cloud native Zscaler platform has also simplified and accelerated our ability to launch new service centers and bring them online. Traditionally, it would take us several months to make a service center operational. Zscaler changed all that. For example, when we recently spent nearly $1 billion to acquire service centers from a former competitor, Zscaler empowered us to bring them all online in just a few hours.

The tangible cost savings of eliminating VPNs and firewalls are clear—we’ve saved millions of dollars in hardware costs. But there is also other economic value. Thanks to Zscaler, service center operations managers can now focus on delivering freight for our customers rather than on managing and maintaining security appliances.

Expansion plans on the horizon

As we consider the next steps in our journey, we’re looking at how we can continue to improve our security posture and operational efficiency by further tapping into the Zscaler platform.

One big area of interest is securing generative AI applications, which we have started to use for optimizing routes and elevating customer service. We want to encourage innovation while applying proper security guardrails, so we're looking into the Zscaler generative AI security module. This will allow us to create flexible policies that provide visibility into and control over AI application usage, enabling us to protect our valuable data while increasing our efficiency.

Additionally, with more than 100,000 handheld Wi-Fi devices in the field, we want to deploy zero trust policies and protections consistent with our computing devices. We are looking forward to exploring the Zscaler Zero Trust SIMS solution announced at Zenith Live ’24.

Successful zero trust transformation driven by visionary leadership

We are proud of the progress we’ve made so far with the Zscaler Zero Trust Exchange platform. Within the first quarter of this year, we blocked more than 1 billion threats across our 300 service centers and prevented more than 50 million policy violations. We’re confident that we’ll see more wins as we enhance and expand our zero trust architecture.

One of the many things I’ve learned during this process is that strong leadership is essential to pushing transformation forward. We have worked hard to foster a culture that embraces change and sees security as a facilitator rather than an obstacle. This requires clear communication and the demonstration of tangible benefits to gain the necessary buy-in from all stakeholders—from top-level executives to our drivers.

My experience has taught me that security leaders must view themselves as enterprise leaders and take bold steps to drive digital transformation in IT and the business—and that is exactly what we have done at XPO to initiate and scale up our zero trust architecture.

Read the XPO case study to learn more about how XPO arrived where it is today.