Skip navigation
data center network cables In Pictures Ltd./Corbis via Getty Images

What Is Zscaler and How Does It Secure Enterprise Networks?

The SASE company’s technology takes a zero-trust approach to protecting everything from your data center network to SaaS and users at home.

Zscaler saw unprecedented growth last year, replacing legacy networking platforms with its scalable cloud-based alternative at breakneck speed.

Today, the company serves more than a quarter of the Fortune 2000, with more than 150 data centers around the world, more than 20 million licensed seats, and 150 billion transactions per day – more than ten times that of Google.

According to its quarterly earnings report released at the end of February, billing was up 71 percent compared to the previous year, and the company passed the 5,000-customer milestone.

"There was one day last year when most of the world started to go into lockdown and we saw a 1,300 percent increase – in one business day – in our peak load," said Patrick Foxhoven, Zscaler's CIO and executive VP for emerging technologies. "And that's starting from a base of millions of users. We lovingly refer to this period as March madness."

And it didn't slow down, he told DCK. "You feel guilty a little bit that our business has flourished so much."

Growth is expected to continue with the expanding implementation of 5G, IoT, edge computing, and cloud infrastructure, growing cybersecurity threats, and the new work-from-home normal.

Last fall, Gartner named Zscaler as the only leader in the magic quadrant for secure web gateways – the tenth year in a row it's been in the leader quadrant.

What Is Zscaler?

Zscaler is one of the preeminent examples of the emerging SASE sector. SASE, pronounced "sassy," stands for Secure Access Service Edge. It combines software-defined wide-area networking (SD-WAN) with access control and security, all bundled as a cloud service.

In effect, it offers a secure private internet that interconnects a company's users, data centers, cloud infrastructure, and SaaS and other third-party services.

End users get virtual clients on their mobile devices that create secure tunnels to the nearest Zscaler data center. For data centers, enterprises install a virtual machine that does the same thing on a larger scale.

Zscaler can also monitor internal data center communications, allowing companies to have all their networking security in one place, even if the traffic never leaves their premises.

Everything is built around zero-trust principles, and the platform is dramatically more flexible, scalable, and easier to manage than traditional VPNs and other networking approaches.

How to Get Zscaler?

Zscaler doesn't sell its services directly to enterprises. Instead, it works with channel partners like AT&T and Verizon.

"We sell only through the channel," said Foxhoven. "It gives us a force multiplier in terms of sales. Often we get coupled to network transformation deals, where organizations are rethinking their entire data center strategy."

Zscaler ZIA versus ZPA

Zscaler's product is its Zero Trust Exchange platform. Customers can sign up for all of Zscaler's services at once or buy specific products individually. The two most popular products are ZPA, which allows companies to have a virtual WAN, and ZIA, which secures connections to SaaS services.

One reason a customer might want to buy the products separately is that they could be in different budget cycles. "Their VPN solution might be reaching end of life, but the internet security stack is not," Foxhoven said. "Or they don't want to make too big a change overnight. But more and more often, if it's a new customer, they are deploying both ZPA and ZIA."

ZPA (or Zscaler Private Access) is the service that connects users to the Zscaler platform as well as an enterprise's own data centers or cloud infrastructure.

ZPA supported all ports and protocols from day one, Zscaler spokesperson Natalia Wodecki said. ZIA was recently upgraded to support all ports and protocols as well.

One major difference between ZIA and ZPA is on the security side. Since ZIA goes out to third-party applications and the public internet, all traffic is inspected to make sure that no data is being exfiltrated, no malware is being downloaded, and no command-and-control servers are being connected to.

ZPA traffic, which consists of private enterprise communications, is not that closely inspected, though zero-trust principles still apply.

"For private apps, we encrypt all traffic purposely, as these are our customer’s crown-jewel applications, and even allow them to use their own customer private key infrastructure to obtain what we call 'double tunneling,'" Wodecki said.

How Zscaler Secures Data Centers

Zscaler can filter and scrub communications going in and out of a data center, simplifying networking and security, but it can also help secure internal networks.

"We can help reduce the footprint that's in the data center and help secure everything that's in there," Foxhoven said. "Get rid of those appliances and consume the same kind of service – as a service."

Zscaler's most recent product is the oddly-named Zscaler Cloud Protection. It’s oddly named because it doesn’t run in the cloud. It's a virtual machine that sits inside an on-prem data center.

"Well, technically, some customers do call this a private cloud," said Foxhoven.

Or it can be installed in the customer's public cloud infrastructure, including AWS, Azure, and Google Cloud.

The product, launched in December, secures machine-to-machine communications with Zscaler's cloud-based management tools and zero-trust security. There's some communication with the Zscaler cloud, to provide the management, but the data traffic never leaves the data center.

It's not a completely new service for Zscaler, said Foxhoven. "We've enhanced it to make it easier and enhanced the depth of security we provide." And the fact that the traffic never has to leave the premises is also new, he added.

Securing SaaS Access

ZIA (Zscaler Internet Access) is the product that connects out to third-party SaaS providers, like Zoom or Office 365. It includes such features as data loss prevention, a cloud access security broker, secure web gateway, content filtering, and firewalls.

It's a separate product because some customers want to get just the ZIA part, or just the ZPA part.

ZIA also includes the ability to monitor the performance of those services themselves.

For example, if an employee is having problems with Zoom or Office 365, the problem could be in the network – or it could be with Zoom or Microsoft. It could be on the employee's machine or on the last network mile, the employee's home internet service provider.

A version called ZDX (Zscaler Digital Experience) is available as a more robust, stand-alone service.

Zscaler’s Competitors

Foxhoven said its closest competitor, in terms of mindset, is Palo Alto Networks.

There are also emerging vendors focusing on the smaller end of the market, like Cato Networks.

"They are very competitive with our ZIA and a little bit of our ZPA offering," said Foxhoven. "We don’t run into them a lot because we’re more large-enterprise focused, and they sell to a smaller customer, but as we grow our paths are converging."

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.