About 10 to 15 years ago, enterprise users worked in a well-controlled corporate perimeter that was clearly defined and relatively straightforward to protect. However, this antiquated structure makes less sense in a cloud world where users are working from almost everywhere and deploying a variety of different devices. As a result, legacy security controls and techniques focused on protecting the perimeter and the user are no longer adequate. Cloud security platform provider Zscaler believes that as applications continue to move to the cloud, on-premises network security will eventually become irrelevant. The 10-year-old company has experienced tremendous growth and is looking to expand further by partnering with service providers.
The 451 Take
The traditional, distinct corporate network is slowly disappearing. More users are living outside the corporate network and remotely accessing business data and applications that live in the cloud in addition to those that still reside in the corporate datacenter. And as enterprises continue to adopt a more cloud-centric approach to operations, they are finding that traditional on-premises security products often fail to extend protection to remote users and cloud data. Zscaler's cloud security platform moves the security stack to the cloud, providing a security internet gateway for all network traffic for all users regardless of location or device. Although the vendor simplifies traditional security stacks into one integrated platform, many organizations will look to MSPs to ensure that the platform is managed and configured to provide the right level of security for the organization and to respond to security events that arise. MSPs and managed security service providers (MSSPs) should find that the Zscaler platform can solve several security challenges facing the enterprise as well as create additional service revenue opportunities without the need to manage and maintain hardware.
Context
Zscaler, an enterprise cloud security specialist, was founded in 2008 by CEO Jay Chaudhry, an entrepreneur who founded and sold several companies, including CipherTrust, CoreHarbor, AirDefense and SecureIT. The vendor claims that it operates the largest cloud security platform in the world, servicing over 2,800 distinct enterprises and 20 million users per day. Zscaler reports that its platform is distributed on a global network of more than 100 datacenters processing over 35 million transactions per day, including network traffic from more than 180 countries. The company notes that it provides services to some of the largest organizations in the world, including a customer with over 1.5 million employees, the K-12 school system for an entire state, and many other large multinational organizations.
While financial details were not disclosed, estimates from multiple sources suggest that Zscaler is experiencing double-digit year-over-year growth with the potential to have achieved upwards of $150m in revenue for the most recent year. Since its establishment, the company has reportedly raised $148m from investors such as Lightspeed Venture Partners, CapitalG, EMC and TPG Growth, and it received a $1bn valuation last year. Given the growth in the stock market (despite recently lost momentum), tax cuts heralding new investments by many firms, and the move to bring on a seasoned CFO last year, the prospect for an IPO from Zscaler is high.
Platform
The multi-tenant Zscaler platform, built entirely in the cloud, offers security services to users in the enterprise on any device for any application, from any location. The SaaS platform delivers a number of integrated and unified security services, including carrier-grade internet security, next-generation firewall, web security, sandboxing, advanced persistent threat protection, data-loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence. According to Zscaler, security policies around these areas can be centrally configured and then pushed and enforced to users globally within seconds. The company says its goal is to help enterprises alleviate the back-end frustration that comes with dealing with a stack of security products and appliances from dozens of different vendors that often have to be replicated to each physical site.
Zscaler believes that enterprise security is being disrupted and traditional disjointed on-premises, point services are often unable to adapt to the new demands being put on the enterprise. The evolution of the enterprise, where more flexible and mobile work environments are required, is changing the abstract concept of the workforce being within a well-defined perimeter. In addition, according to the company, as applications move up to SaaS vendors (e.g., Salesforce, Workday) or to IaaS providers like Azure or Amazon, the notion of being able to fully control the network is going away. As a result, many organizations are now considering the implication of these changes – how they will affect the next generation of network design and how they are going to protect network traffic and users in this new environment.
The company notes that these demands cannot be fully met with security appliances and controls that are sitting on-premises. Zscaler claims that its globally distributed, cloud security platform approach with software-defined policies enables enterprises to secure, protect and connect users regardless of location or application, providing full inline content inspection, real-time threat correlation, global visibility and cloud intelligence.
MSPs and MSSPs
Although it is a pure-play cloud vendor, Zscaler's platform is sold only through the channel. It says it has different categories of channel partners, ranging from large global telcos such as AT&T, Orange, NTT and Verizon to the traditional VAR and security channels that include companies like Carahsoft, Optiv and Fishtech. However, the company feels that it has significate growth potential in the MSP and MSSP space.
Zscaler thinks that MSPs that are more cloud-centric and less concerned about managing the traditional infrastructure will find many opportunities to offer managed services around its platform. By default, it does not have access to its customer's data, including policy configurations and logs. While the platform will alert on security events that need attention, it is the customer's responsibility to take actions on these alerts. The company views itself as the infrastructure part of the cloud security equation – however, customers are responsible for policy configuration, analysis and other security management activities on the platform. According to Zscaler, this is where MSPs have ample opportunities to provide services built around the platform and offer it as part of a broader security landscape service.
The company says it has invested heavily in building out its platform to be service-provider-centric, especially around its API set. This is a key requirement for many service providers to enable automation in areas like provisioning and administration. Zscaler reports that the API set also offers log-streaming capabilities, enabling service providers to digest logs in real time into security information and event management or other systems to perform correlation or other activities such as incident response.
Competition
Zscaler believes that while there are numerous players offering point security products – including firewalls from vendors like Cisco, Palo Alto Networks and Fortinet or content filtering from firms such as Cisco (Umbrella) and Blue Coat Systems (acquired by Symantec in 2016) – there are no other companies in the market today that provide a similar, complete cloud security platform. It credits its apparent lack of direct competition to its successful track record of understanding where the market is going and investing heavily in the future.
The company's success has not gone unnoticed by traditional security product vendors that are actively moving more into the security services space. Its acquisitions of OpenDNS and Observable Networks may indicate that Cisco is considering a move to vie more directly with Zscaler with its own cloud security platform. Additionally, Palo Alto may prove to be a formidable rival in the cloud security platform space as it continues to expand its capabilities and services.
The 451 Take
The traditional, distinct corporate network is slowly disappearing. More users are living outside the corporate network and remotely accessing business data and applications that live in the cloud in addition to those that still reside in the corporate datacenter. And as enterprises continue to adopt a more cloud-centric approach to operations, they are finding that traditional on-premises security products often fail to extend protection to remote users and cloud data. Zscaler's cloud security platform moves the security stack to the cloud, providing a security internet gateway for all network traffic for all users regardless of location or device. Although the vendor simplifies traditional security stacks into one integrated platform, many organizations will look to MSPs to ensure that the platform is managed and configured to provide the right level of security for the organization and to respond to security events that arise. MSPs and managed security service providers (MSSPs) should find that the Zscaler platform can solve several security challenges facing the enterprise as well as create additional service revenue opportunities without the need to manage and maintain hardware.
Context
Zscaler, an enterprise cloud security specialist, was founded in 2008 by CEO Jay Chaudhry, an entrepreneur who founded and sold several companies, including CipherTrust, CoreHarbor, AirDefense and SecureIT. The vendor claims that it operates the largest cloud security platform in the world, servicing over 2,800 distinct enterprises and 20 million users per day. Zscaler reports that its platform is distributed on a global network of more than 100 datacenters processing over 35 million transactions per day, including network traffic from more than 180 countries. The company notes that it provides services to some of the largest organizations in the world, including a customer with over 1.5 million employees, the K-12 school system for an entire state, and many other large multinational organizations.
While financial details were not disclosed, estimates from multiple sources suggest that Zscaler is experiencing double-digit year-over-year growth with the potential to have achieved upwards of $150m in revenue for the most recent year. Since its establishment, the company has reportedly raised $148m from investors such as Lightspeed Venture Partners, CapitalG, EMC and TPG Growth, and it received a $1bn valuation last year. Given the growth in the stock market (despite recently lost momentum), tax cuts heralding new investments by many firms, and the move to bring on a seasoned CFO last year, the prospect for an IPO from Zscaler is high.
Platform
The multi-tenant Zscaler platform, built entirely in the cloud, offers security services to users in the enterprise on any device for any application, from any location. The SaaS platform delivers a number of integrated and unified security services, including carrier-grade internet security, next-generation firewall, web security, sandboxing, advanced persistent threat protection, data-loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence. According to Zscaler, security policies around these areas can be centrally configured and then pushed and enforced to users globally within seconds. The company says its goal is to help enterprises alleviate the back-end frustration that comes with dealing with a stack of security products and appliances from dozens of different vendors that often have to be replicated to each physical site.
Zscaler believes that enterprise security is being disrupted and traditional disjointed on-premises, point services are often unable to adapt to the new demands being put on the enterprise. The evolution of the enterprise, where more flexible and mobile work environments are required, is changing the abstract concept of the workforce being within a well-defined perimeter. In addition, according to the company, as applications move up to SaaS vendors (e.g., Salesforce, Workday) or to IaaS providers like Azure or Amazon, the notion of being able to fully control the network is going away. As a result, many organizations are now considering the implication of these changes – how they will affect the next generation of network design and how they are going to protect network traffic and users in this new environment.
The company notes that these demands cannot be fully met with security appliances and controls that are sitting on-premises. Zscaler claims that its globally distributed, cloud security platform approach with software-defined policies enables enterprises to secure, protect and connect users regardless of location or application, providing full inline content inspection, real-time threat correlation, global visibility and cloud intelligence.
MSPs and MSSPs
Although it is a pure-play cloud vendor, Zscaler's platform is sold only through the channel. It says it has different categories of channel partners, ranging from large global telcos such as AT&T, Orange, NTT and Verizon to the traditional VAR and security channels that include companies like Carahsoft, Optiv and Fishtech. However, the company feels that it has significate growth potential in the MSP and MSSP space.
Zscaler thinks that MSPs that are more cloud-centric and less concerned about managing the traditional infrastructure will find many opportunities to offer managed services around its platform. By default, it does not have access to its customer's data, including policy configurations and logs. While the platform will alert on security events that need attention, it is the customer's responsibility to take actions on these alerts. The company views itself as the infrastructure part of the cloud security equation – however, customers are responsible for policy configuration, analysis and other security management activities on the platform. According to Zscaler, this is where MSPs have ample opportunities to provide services built around the platform and offer it as part of a broader security landscape service.
The company says it has invested heavily in building out its platform to be service-provider-centric, especially around its API set. This is a key requirement for many service providers to enable automation in areas like provisioning and administration. Zscaler reports that the API set also offers log-streaming capabilities, enabling service providers to digest logs in real time into security information and event management or other systems to perform correlation or other activities such as incident response.
Competition
Zscaler believes that while there are numerous players offering point security products – including firewalls from vendors like Cisco, Palo Alto Networks and Fortinet or content filtering from firms such as Cisco (Umbrella) and Blue Coat Systems (acquired by Symantec in 2016) – there are no other companies in the market today that provide a similar, complete cloud security platform. It credits its apparent lack of direct competition to its successful track record of understanding where the market is going and investing heavily in the future.
The company's success has not gone unnoticed by traditional security product vendors that are actively moving more into the security services space. Its acquisitions of OpenDNS and Observable Networks may indicate that Cisco is considering a move to vie more directly with Zscaler with its own cloud security platform. Additionally, Palo Alto may prove to be a formidable rival in the cloud security platform space as it continues to expand its capabilities and services.
Aaron Sherrill
Senior Analyst
Senior Analyst Aaron Sherrill covers the Managed Services sector, which includes disaster recovery and security services. Aaron joined 451 Research after serving as Vice President and Chief Technology Officer for two of the largest Managed Service Providers in the market.
Cameron O'Shaughnessy
Senior Research Associate, Information Security
A Senior Research Associate in 451 Research’s Multi-Tenant Datacenter (MTDC) Channel, Cam O’Shaughnessy covers top national and global datacenter markets.In this capacity, Cam tracks regional supply and demand, regulatory forecasts and shifts in the datacenter provider landscape.
Keith Dawson
Principal Analyst
Keith Dawson is a principal analyst in 451 Research's Customer Experience & Commerce practice, primarily covering marketing technology. Keith has been covering the intersection of communications and enterprise software for 25 years, mainly looking at how to influence and optimize the customer experience.