Next-generation IT security
Maximum protection thanks to Zero Trust
The success story of HELDELE GmbH
The success story of HELDELE GmbH
Maximum protection against cyberattacks thanks to Zero Trust
Cyber threats are on the rise - and affect companies of all sizes and industries. To effectively ward off attacks and reduce risks, more and more companies are turning to zero-trust models such as Zscaler from Vodafone Business. In this issue, we use HELDELE GmbH as an example to show the benefits of this approach.
The Challenge
Securing cloud-based IT infrastructure
Together with its subsidiaries and sister companies, the HELDELE Group employs around 1,500 people. They need to be able to access cloud-based services and applications – not only from their workplace or home office, but also from assembly sites, for example. In addition, remote access to servers and systems on the customer side is also required as part of customer projects.
IT security is therefore of central importance to HELDELE – in order to protect company and customer data, ensure its own ability to work and fulfil legal requirements. As an IT service provider, the company also offers innovative and reliable solutions on the market. At the same time, the Group wants to be perceived as an attractive employer in order to attract sought-after IT specialists and retain them in the long term. The use of modern cloud-based solutions and the option of working from home are therefore considered to be "state of the art".
For the IT department at HELDELE GmbH, it was extremely difficult to implement these requirements with a traditional VPN structure and firewalls at the various locations. HELDELE was therefore looking for a modern, comprehensive security solution – and opted for Zscaler Cloud Security from Vodafone Business.
The new security standard
The Company
IT specialist with a comprehensive portfolio
HELDELE GmbH has its headquarters in Salach, Baden-Württemberg. The family-run company has over 800 employees and, together with several subsidiaries and sister companies, is a full-service provider for electrotechnical building equipment, IT solutions and automation. For six decades, HELDELE has been supporting medium-sized and large customers as well as public sector clients with consulting and design, installation, maintenance and after-sales service.
In the building technology sector, the range of services includes electrical installations, security and energy technology, plant maintenance and e-mobility. The IT Solutions division offers solutions for IT infrastructure, IT security, cloud and IT consulting and services. In the field of automation, the portfolio includes PLC and robot programming, switchgear and control systems, process automation, test bench technology, special machines, assembly systems, robot cells and handling systems.
HELDELE GmbH presents itself as a family business with five decades of experience in the IT sector.
As a full-service provider for innovative building technology as well as information, communication and automation technology, the company knows how important efficient and, above all, secure networking is.
Especially for companies like HELDELE with multiple locations, reliable protection of the IT infrastructure is of central importance in the face of growing cyber risks.
Zscaler's zero-trust concept ensures that internal requests from HELDELE employees are always checked. This allows threats to be detected at an early stage and risks to be minimised.
The Solution
Cloud-based security for the company network
Zscaler Cloud Security combines cloud-based security functions with the secure network services of Vodafone Business. This allows conventional inbound and outbound gateways to be replaced by modern, cloud-based services. Zscaler acts as a web security gateway and secures Internet access via every connection. As a remote access solution, the Zscaler Private Access component enables access to internal applications – both ‘"on premises" and in the cloud. The solution is consistently based on the Zero Trust model.
Daniel Baron, Head of IT at HELDELE GmbH, explains: "As we are active as an IT service provider in many industries, we also see what happens outside our own company. Frequent and increasingly professional cyber attacks are now the order of the day. As we also want to focus on innovative solutions at an early stage, the cloud-based Zero Trust approach immediately convinced us. The solution offered by Vodafone Business also fits perfectly with our corporate structure with several subsidiaries and sister companies."
Zscaler Cloud Security offers a new level of IT security.
Daniel Baron – Head of IT, HELDELE GmbH
The migration to Zscaler Cloud Security started at HELDELE GmbH in May 2024 as a pilot project with around 50 users. Vodafone provided comprehensive support - from consulting to project management. "We were responsible for defining the access rules and segmentation for our company network," says Daniel Baron. "We quickly realised that the effort involved was significantly less than setting up and operating a traditional firewall infrastructure. At the same time, it became clear that Zscaler Cloud Security offers us a new level of IT security."
Once all aspects of the solution had been successfully piloted, the company-wide roll-out began in August 2024 with around 100 users per week. The migration was completed at the end of September 2024. "The solution also offers us clear added value in terms of monitoring. It gives us a high degree of transparency across all data flows in the company network and allows us to identify poor-quality connections, for example. The "Deception" module has also proven to be a very helpful element – a honeypot that allows us to monitor where attacks on our company network are coming from and what attack techniques are being used," reports Daniel Baron. "The collaboration with Vodafone Business is always based on partnership and trust. The jointly implemented solution is convincing across the board."
Secure applications and data in the cloud.
The Advantages
Connect employees easily and securely to applications
Zscaler makes it possible to work from any location and any HELDELE device without having to worry about a VPN connection. Access to applications and services provided on premises and in the cloud is protected by the ‘Zscaler Private Access’ component. A ‘Web Security Gateway’ secures employees' Internet access. HELDELE employees can therefore securely access cloud services such as Office 365 or Google Workspace without their data being compromised.
Threats are detected in real time and blocked before they reach the devices or the company network. Zscaler also increases efficiency: Internet traffic is optimised by routing it via the nearest cloud instance. This means that employees can access the applications and resources they need more quickly, without any delays or interruptions.
Greater security
in corporate and subsidiary networks
Less administration effort
compared to the VPN structure with local firewall appliances
Transparent overview
of data streams and accesses
Honeypot component "Deception"
provides insights into ongoing attacks and their techniques
5 questions for Daniel Baron
5 questions for Daniel Baron, Head of IT at HELDELE GmbH
"The cloud-based Zero Trust approach convinced us immediately."
As Head of IT at HELDELE GmbH, Daniel Baron is responsible for the security of the company network, among other things. In this interview, he explains the importance of cyber security for companies, the benefits of Zscaler and the strengths of a Zero Trust platform.
How important is IT security for your company?
Daniel Baron: The importance of security cannot be overestimated. As an IT service provider, we are active in many industries and see what happens outside our own company. Frequent and increasingly professional cyber attacks are now the order of the day. Countermeasures not only protect our company and customer data and ensure our own ability to work, but are also clearly prescribed by law. As a result, more than half of our IT budget is spent on security.
What security solution were you using before you switched to Zscaler?
Daniel Baron: Until the end of 2023, we relied on a classic VPN structure with local firewall appliances. However, their administration proved to be increasingly complex. This prompted us to look for a more powerful solution that was also easier to administer.
ZScaler minimises the business risk considerably.
Daniel Baron – Head of IT, HELDELE GmbH
Did you find them with Zscaler Cloud Security?
Daniel Baron: Exactly. Our Vodafone contacts Eduard Kaiser and Mehmet Ediz presented this solution to us at an annual meeting. We were immediately impressed by the cloud-based Zero Trust approach. Vodafone Business then supported us with the implementation.
What are the main advantages of Zscaler?
Daniel Baron: Firstly, Zscaler significantly minimises the business risk, as the zero-trust architecture massively reduces the risk of a cyberattack. Our employees are connected directly to applications and not to the network. All access is controlled based on identity, logged and checked for risks.
Secondly, Zscaler reduces complexity by providing a centrally controlled zero-trust platform that establishes a uniform standard for the entire group at all locations. We can connect new sites directly without additional hardware.
And finally, Zscaler increases visibility by giving us greatly improved insights into data traffic via SSL inspection. This helps us to recognise shadow IT and threats and stop the outflow of sensitive data.
How do you rate the cooperation with Vodafone?
Daniel Baron: Our collaboration with Vodafone is characterised by a relationship based on partnership and trust. We particularly appreciate the fact that Vodafone does not "just" act as a solution partner, but supports us comprehensively from consulting to project management.
New security standard Zero Trust
Cybersecurity in the cloud era
Why Zero Trust is the new security standard for companies
Cyberattacks are one of the biggest business risks today – regardless of industry or company size. Traditional security approaches based on the concept of "trust by location" are increasingly reaching their limits. Hybrid working models, cloud infrastructures and mobile end devices in particular make it clear that the perimeter, i.e. the supposedly secure edge of the company, no longer exists in this form. A new security paradigm is needed. This is precisely where Zero Trust comes in – a model that consistently scrutinises trust and fundamentally rethinks IT security.
What does Zero Trust mean?
Zero Trust means: "Never trust, always verify". Unlike traditional network security models, Zero Trust assumes that neither internal nor external actors or devices are automatically trustworthy - even if they are located within the company network.
Instead of blanket access, Zero Trust is based on continuous identity verification, access control according to the principle of least privilege and detailed transparency of all activities in the network. The aim is to minimise risks, detect potential attacks at an early stage and effectively limit damage.
1. Trust is not a strategy: every access is checked
At the centre of Zero Trust is the complete decoupling of trust and access. This means that every access is consistently checked - regardless of whether the user is in the office, working from home or travelling. The traditional distinction between internal and external access is no longer relevant. Instead, security is based on identity, device status, location and other contextual information.
For companies - especially those with decentralised or hybrid working models - this means a significant increase in security: even compromised devices or identities do not automatically lead to full system access.
2. Focus on identity: users and devices must continuously authenticate themselves
Zero Trust shifts the focus of IT security from the network boundary to identity. Every access to data, applications or systems requires authentication - ideally through a combination of passwords, biometric data or token-based procedures.
At the same time, the status of the end device used is also checked: Is it currently patched? Are there any anomalies in its behaviour? Access is only granted if the user and device are deemed trustworthy. This consistent check ensures that no unauthorised access is possible, even if access data has been stolen.
3. Access only as required: principle of minimum rights
A central pillar of the Zero Trust model is the so-called ‘least privilege’ principle: each user only receives the rights that he or she needs for the respective task - no more and no less. This significantly reduces the potential attack surface.
Even if an identity is compromised, the potential damage is limited as there are no further system rights. Especially for larger organisations with many user roles and applications, this is an effective mechanism for systematically limiting risks.
4. Protection against insider threats: "Never trust, always verify" also applies internally
Not all threats come from outside. Employees, service providers or business partners with access to internal systems can – intentionally or unintentionally – pose a risk. Zero Trust also takes this dimension into account: every access is logged and every process is checked.
This not only enables complete traceability, but also provides the basis for automated risk analyses. Potentially suspicious behaviour can thus be detected and prevented at an early stage – long before any damage occurs.
5. Fit for the cloud: ideal for hybrid working models
Modern corporate IT is rarely organised centrally. Cloud applications, external services and mobile workstations are now part of everyday life – not only in large companies, but increasingly also in SMEs and small businesses. Traditional security concepts are not designed for this.
Zero Trust, on the other hand, is designed to be cloud-native: data, systems and identities are protected regardless of location. Employees can work securely from anywhere – without compromising on IT security. This not only enables greater flexibility, but also reduces infrastructure and administration costs.
Conclusion: Zero Trust is more than a trend - it's a necessity
Whether for SMEs, large companies or SOHO structures: Zero Trust offers a future-proof security concept that meets the requirements of modern IT landscapes. In view of growing cyber risks, regulatory requirements and the increasing mobility of workplaces, there is no way around this approach in the long term.
The following applies: Zero Trust is not a product, but a holistic approach. The changeover requires careful planning, the selection of suitable technologies and a clear understanding of your own IT structures. However, with experienced partners such as Vodafone Business, this transformation process can be implemented efficiently and securely.
