Zscaler helps organizations establish secure connections between applications and users according to zero trust principles. This approach is gaining significant traction in Europe as well.
Is it Zeescaler or Zetscaler? Xavier Duyck, VP of the company for North and East EMEA, is the first to admit there is disagreement. Zee is more common, but Zet is theoretically more correct. “The name comes from Zenith of Scalability”, Duyck explains.
Zscaler has been around for 18 years and was co-founded by Jay Chaudhry, who is still the CEO today. He is part of the first generation of Indian-American tech entrepreneurs. The American company is now active worldwide, with a significant presence in Europe.
Zero trust-SASE
Zscaler offers a cloud-based security platform that allows organizations and employees to securely access applications. The platform is independent of firewalls, VPNs, or local hardware. Zero trust is central. Feel free to summarize Zscaler as a provider of zero trust SASE.
We do not rely on an internal network as a secure environment.
Xavier Duyck, VP Zscaler
“Zero trust means for us that we never trust anything by default and verify all connections”, Duyck clarifies. “In other words, we do not rely on an internal network as a secure environment. Every user, every device, and every connection is verified each time. This verification is not one-time or static but occurs dynamically each time anew.”
Granular Access Control
To refresh: access control via zero trust is tailored to each request. Employee Bart does not get access to the company network with all associated applications but requests access to a specific application or certain data. The granted access is minimal. “The HR department cannot access Salesforce, and the salespeople cannot access HR data”, Duyck explains.
Zero trust requires a system that can quickly and securely assess all those individual connections. Zscaler achieves this from the cloud and has so-called PoPs worldwide. These are effectively its own data centers equipped with high-performance hardware and connections.
From Client to PoP
A small client is installed on customer systems. It ensures that connection requests are sent to the nearest PoP. The internet serves merely as a transport mechanism. In Zscaler’s data center, connections are assessed and established, for example, from Bart to his Salesforce account. The system further monitors the entire quality of the connection, from Bart’s PC to the cloud application.
The CEO of Zscaler compares the company’s role to that of an old switchboard in a telephone exchange. If Bart wanted to call Bernadette, there was an operator in the middle making the right connection. Zscaler does the same. “For clarity, we do not look at what happens on the line”, Duyck adds. “The connection remains secure and private.”
Four Building Blocks
During our conversation, Duyck breaks down Zscaler into four key blocks:
- Zscaler Internet Access (ZIA): This includes protection for traditional browsing
- Zscaler Private Access (ZPA): This replaces the VPN and offers zero trust security for data and application access. Based on identity and policy rules, Zscaler grants users access to the right applications. In doing so, a company also completely disappears from the visible internet.
- Zscaler Digital Experience (ZDX): This includes managing the entire network. The solution not only assesses traffic in the PoP but monitors the entire connection and can detect and resolve network congestion.
- Zscaler Data Leakage Prevention (DLP): This allows Zscaler to monitor where data flows.
Technically, migrating to zero trust and Zscaler is not complex. The solution runs in the cloud, and the connection to Zscaler is established via an agent that can be deployed remotely. “The most complex aspect is not the technical part but the development of policy rules. How smoothly a migration goes depends mainly on the preparation.” The platform does assist in developing those rules. Duyck is confident that companies have successfully transitioned 80,000 employees in less than seven months.
Own Responsibility
Is there a fundamental difference between what Zscaler does and what other SASE specialists offer? The company certainly swims in the same pool as, for example, Netskope, Prisma Access from Palo Alto Networks, or Cisco Secure Access. Duyck likes to refer to Zscaler’s strengths. ZDX, which provides packet monitoring from A to B, is said to guarantee stable connections. “Moreover, we choose our own infrastructure instead of a presence with AWS or Azure”, he adds. “This way, we are responsible if something goes wrong.”
read also
Zscaler Introduces Zscaler Cellular: Mobile Zero Trust Solution for IoT and OT
The company further introduced a unique solution with Zscaler Cellular. This is a SIM-based solution. Configure or place that (e)SIM in a device, and the connection automatically runs through Zscaler and all associated solutions.
European Presence
The solutions are certainly appealing. In Europe, Zscaler can count hundreds of the largest companies across all sectors as its clients. “45 percent of the Fortune 500 are clients, and 36 percent of the Fortune 2000”, Duyck adds.
In the Northern Europe region, Zscaler has a presence of more than 120 people. In Belgium, it involves nearly twenty permanent employees. The company has strongly focused on building the local organization in recent years. The focus, however, is on large companies. “The solution has a cost. From 2,500 employees or more, Zscaler is certainly interesting”, Duyck believes, although (much) smaller companies can certainly also sign up when the business case is right.
Principally Secure
Zscaler thus offers a popular and modern way to secure IT environments. More broadly, zero trust is, of course, an extremely suitable principle to prevent abuse. The technology ensures that no one has more access than necessary and can consider numerous parameters when granting that access. Think not only of identity but also the device used, the version of the installed software, or the location.
read also
What is Zscaler and how does one pronounce it?
However, the field is competitive. Zscaler has some advantages, but many parties offer zero trust, SASE, or a variant of the same under a different definition in their own way. Variables include the PoPs, the simplicity of the service, the need for proprietary hardware (or not)…
Duyck himself is enthusiastic about Zscaler’s version. “I worked for nine years at Check Point, four years at Palo Alto, and two years at Netskope. Now I’m at Zscaler because I wanted to work for the leader in the segment. And the leader in zero trust security, that is indeed Zscaler”, he concludes with conviction.