Blog Category Feed Zscaler Blog — News and views from the leading voice in cloud security. en My Journey as Sales Engineer is a Journey of Transformation "The only constant in life is change." This saying doesn't just cover the professional career of Cedric Blöchlinger; it's also a great way of describing his current role. As a Sales Engineer at Zscaler, he paves the way for companies to securely join the cloud, gradually transforming conventional IT infrastructures into modern, cloud-based working and production environments. This often involves radical changes to the existing security and network architectures. Cedric’s own personal transformation has evolved from a biotechnology degree to a Master's in Technology & Economics Management with a couple of interim steps to IT security. After his initial career experiences in management consultancy, while taking a break to travel, he decided to focus on security and gained hands-on experience in a pen testing lab as a first step. That paved the way to his current role as a security professional. However, his next career stops were first as a Technical Account Manager to an SD WAN provider, where he looked after existing customers and supervised rollouts so that the connectivity of the data streams remained the focus. In addition, he was certified as a CISSP before he switched to sales. "Today, I'm very happy that I didn't take a more direct route, as my wealth of experience in different areas gives me credibility with customers. I can draw on a broader understanding of network and security issues that come into play during the secure transformation of IT infrastructures. To support companies on their transformation to the cloud, you need to know exactly where the levers have to be applied in the entire infrastructure," he said, summarising a career which has finally led to him working as a sales engineer for cloud security specialists. The need for this type of comprehensive cloud consultancy is not solely a result of the pandemic. In fact, over the last two years, the introduction of Microsoft 365–with its associated collaboration tools–has been on the agenda of a lot of companies. The switch to hybrid workplace models or digitised production environments also involves a lot of awareness raising. It's not only applications that have left the secure company perimeter, but also employees, making connectivity and secure connections a high priority. And even for connecting conventional production lines to digital control or remote maintenance systems, modern security from the cloud is now required. These radical changes are closely connected to each other and should be part of holistic transformation concepts. Opening eyes to new approaches Today, Cedric does not see his current job as “sales,” but rather an opportunity to demonstrate solutions that can help companies move away from traditional infrastructures to benefit from the full potential of the cloud. “The exciting part is getting to know the company better and understanding what their current issues really are. They know their infrastructure best and therefore know where it might need to change,” he said. Therefore, discussion with the customer as an equal is critical for him. He sees himself as a technical consultant who brings the customer new ideas by presenting modern solutions. By demonstrating the technical options that go hand in hand with a highly integrated security service from the cloud, his customer contact partners often experience the eureka effect. It's best if they discover the benefits of leaving behind traditional processes by introducing new solutions for themselves. The skill here is to show how innovations can find their way into a company: "I get a real sense of achievement when the customer themselves notices that they no longer need a traditional infrastructure that's so complex to manage when they use a cloud-based security service," continues Cedric. "Then I know that I've explained something well, without directly telling the customer which hardware they can get rid of in the future." Every meeting with a prospect is different. Experience with small- and medium-sized business does not necessarily translate to key accounts. The bigger a company, the more decision makers need to be convinced of the need for a transformation strategy for a fundamentally new solution. The bigger the company, the greater the number of interactions with the customer. This makes it important for SEs that they are accepted as consultants, and that a good relationship is established with the customer. "I find it helps to demonstrate how a zero trust platform can support the company goals. Because ultimately, the technology supports the business strategy and ensures that important projects can be implemented," Cedric said. “The customer can determine their own speed and decide which steps are suitable when for their chosen transformation strategy.” Meetings with larger companies are complex and often go beyond the technical department. Highly diverse executive departments are involved in the decision-making process and must be met with their requirements, not to mention their concerns. Particularly when it comes to compliance and data protection, best practice examples can help get the works council on board before the creation of a cloud-based security solution that includes the performance of integrated SSL/TLS scanning. It's a question of convincing employees about the load capacity of an approach and demonstrating tried-and-tested solutions. In the end, it is critical that the entire solution process for a holistic infrastructure change is communicated all the way up to management level. After more than a year as a sales engineer, Cedric believes that he began his journey through the consultancy landscape after moving to Zscaler. Today, he can combine his expertise from different disciplines and contribute to the Zscaler Zero Trust Exchange with technical sales. Thu, 19 May 2022 22:00:02 -0700 Gregor Keller Even the Cloud is Bigger (and More Secure) in Texas Zscaler is proud to have been named to the Texas Risk and Authorization Management Program (TX-RAMP) program. Our early entry into the TX-RAMP program gives our Texas customers access to the largest provider of zero trust access solutions in the U.S. In the spirit of FedRAMP and StateRAMP, this program provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process, store, or transmit the data of a state agency. Certifying products under the TX-RAMP umbrella allows for faster acquisition of secure cloud solutions, necessary for the modernization of Texas’ digital government. Being part of the certified products list means that state, local, and higher education customers in Texas have the assurance that Zscaler meets stringent data security requirements. TX-RAMP has reciprocal arrangements with FedRAMP and StateRAMP. Since those certifications can be cost and time prohibitive for many small companies, Texas wanted to offer another option to empower smaller Texas-based companies to pursue contracts with state and local government entities. Requirements for TX-RAMP are based on the same NIST 800-53 framework that StateRAMP and FedRAMP use. Companies are assessed by the Texas Department of Information Resources (DIR) and there is no cost associated with the assessment or program participation. Companies do not have to already have business with the state to participate. Zscaler Private Access (ZPA) and Zscaler Internet Access are certified at TX-RAMP level 2. Both technologies were included on the first authorized list released from StateRAMP and are also part of the FedRAMP program. The State of Oklahoma standardized on Zscaler as a way to strengthen their security posture while also providing their employees the ability to work from anywhere. Today, employees now have the same access and experience whether they are in the office or logging on from a coffee shop. The resulting connection is five times faster than the legacy VPN approach and has dramatically reduced the number of VPN help tickets from hundreds a day to virtually none. The Zscaler solution was up and running for 10,000 users across 90+ state agencies in just days. ZPA is a zero trust solution that connects authorized users directly to agency-approved private applications without being placed on the network, which dramatically reduces cyber risk. This approach significantly improves application performance and the user experience and reduces the attack surface and the associated risk of malware, ransomware, and other threats. The experience is identical whether the agency application is hosted in the government data center, or in destination clouds such as AWS GovCloud, Azure Government, or the Google Cloud Platform. ZPA was granted a Provisional Authorization To Operate (P-ATO) at Impact Level 5 (IL5) and achieved FedRAMP-High JAB Authorization. ZIA is a cloud security service that transforms networks by delivering cloud-based internet and web security that scales to all users, whether they are on- or off-network. ZIA leverages a cloud-native proxy to allow organizations to secure all online and SSL traffic. By securely following all users, applications, and devices, regardless of location, ZIA enables a zero trust approach to SaaS application and website access that helps reduce risk and restore compliance. The solution received Authorization to Operate (ATO) at the Moderate Impact level and achieved FedRAMP “In Process” status at the High Impact level, sponsored by a U.S. Department of Defense (DoD) Command. It is also prioritized for FedRAMP-High JAB Authorization. More information on TX-RAMP can be found here. Mon, 11 Apr 2022 13:38:24 -0700 Ian Milligan-Pate The Five Takeaways You Shouldn’t Miss from Zero Trust Live We recently wrapped up Zero Trust Live, our premier virtual event for IT and security leaders. In this post, I'll help you digest the key news and highlights from the event which featured an incredible line-up of industry visionaries, zero trust experts, and product innovators. Before I begin, if you missed the event and want more than a recap, you can watch it in full, anytime here. While so much was covered at Zero Trust Live, here are what I believe are the five key takeaways from the event: Zero trust marketing confusion abounds As a product marketer, nothing is more frustrating than seeing zero trust slapped onto everything in the industry (ahem, legacy network security vendors). I think Jim Alcove, Security Advisor & Former Chief Trust Officer, Salesforce, brought so much clarity to the term zero trust with this simple analogy from our keynote session: “If we think about security as a network example, it's about protecting how you're going to get to the thing that's important. So it's not about protecting the bank or the airport. It's about protecting the roads to the bank or the tunnel to the airport.” – Jim Alcove, Security Advisor & Former Chief Trust Officer, Salesforce The big news was next-generation ZTNA In 2016, Zscaler introduced the first-generation of zero trust network access (ZTNA) in response to the massive problem of remote access, and it quickly became the industry standard for VPN replacement. Nevertheless, there was still a compelling problem at stake: what happens if the tenets of identity have been subverted by a compromised user or insider threat? With our latest release, Zscaler Private Access (ZPA) becomes the only ZTNA platform available that securely CONNECTS, SEGMENTS, and PROTECTS users, applications, and devices in a single cloud platform. To learn more about next-generation ZTNA, watch the session here. We introduced three industry-first security service edge innovations First, we revealed how private app protection stops prevalent attacks. While there are massive efforts in the industry to develop more secure code, we still have a long way to go. 60% of organizations have had production applications exploited by OWASP Top 10 Vulnerabilities, according to ESG. While zero trust access reduces the blast radius of an attack by eliminating lateral movement, compromised users and insider threats could potentially steal sensitive data or bring down services if they can infect apps behind ZTNA services. ZPA AppProtection will automatically detect and block the attack to protect your applications. Watch the demo here. Secondly, we dove into how new integrated deception disrupts advanced adversaries. Targeted ransomware, supply chain attacks, nation-state threats, and other attacks that make headline news all have something in common: a thinking, human adversary. The threat landscape has fundamentally shifted from malware-driven to a hands-on keyboard focus which makes threat detection difficult and all the more crucial. An industry first, integrated deception evolves lateral movement detection for advanced attacks with private app decoys deployed seamlessly through Zscaler Private Access. Think of it as the “easy button” for deception. Watch the demo here. Third, we introduced privileged remote access for Industrial IoT and OT systems. Plant operations teams prioritize plant uptime and people safety, which drives the need to allow third-party vendors and service technicians to access production systems which could potentially introduce risk of ransomware, lateral movement, and downtime.. With our newly launched Privileged Remote Access solution for Industrial IoT and OT, we enable fully isolated, clientless access to RDP and SSH systems for employees, vendors, and contractors connecting from untrusted networks and unmanaged devices. As part of this, we’re also proud to be partnering with one of the world’s premier providers of industrial automation solutions, Siemens, who is making Zscaler Private Access available as a native connectivity option for their industrial devices. Watch the demo here. Zero trust is about a better user experience. Nearly every one of our customer speakers stressed that a great user experience was paramount to their success. With zero trust, they removed the friction that a lot of people experience in their daily lives when accessing resources. “ZPA lets people have literally a bookmark style of access to things that otherwise you'd have to do traditional network merges and IP address deconflicts and change DNS settings. It is months and months and months of work that, literally overnight, I didn't have to worry about.” – Steve Williams, Enterprise CISO, NTT DATA Zero trust is a journey, not a destination Most organizations struggle with where to start. During the event, we touched on the importance of figuring out where you can buy down risk, or at a minimum, solve a painful business problem, whether that's performance, cost, or legacy technology incurring technical debt. Once you tackle that, the next step is to expand strategically. Remember, zero trust is not a monolithic effort! To get an actionable playbook for zero trust transformation, watch our best practices session here. And a heartfelt thank you… To all of our speakers, partners, and attendees for making this one of our most successful events of the year: Andy Abercrombie, CISO, Novelis Chris Kachigian, Sr. Director, Crowdstrike Chris Porter, CISO, Fannie Mae Darin Hurd, CISO, Guaranteed Rate Don Freese, SVP & Global CISO, Digital Realty Herbert Wegmann, General Manager, Siemens James Brodsky, Sr. Director, Okta Jim Alkove, Security Advisor & Former CTO, Salesforce Parthasarathi Chakraborty, AVP, Humana Satyavrat Mishra, AVT, Godrej Industries Steve Williams, Enterprise CISO, NTT DATA Services Join us for Zenith Live 2022 You can look forward to even more at our marquee annual user conference Zenith Live 2022 Wed, 06 Apr 2022 16:35:13 -0700 Linda Park Zero Trust Live: Industry Leaders Less than a week to go for Zero Trust Live! Zero Trust Live is an exclusive virtual event that aims to educate and enlighten IT and security professionals and provide insight into industry best practices for implementing zero trust. In this premier event, we will reveal new innovations for the Zscaler Zero Trust Exchange including the first and only next-gen zero trust network access (ZTNA) offering. We have an incredible lineup of speakers who have led and executed zero trust strategies in some of the most prominent organizations in the world. We’re excited to announce our speakers for Zero Trust Live Jim Alkove is the Security Advisor and former Chief Trust Officer of Salesforce. As Chief Trust Officer, Jim was responsible for enterprise-wide information security and compliance, as well as information management and strategy to deliver the most secure and trusted enterprise cloud. He led a team with strategic focus on information security, including engineering, operations, assurance, training and awareness, communications, governance, and M&A integration. Jim also serves as an Advisory Board member for the World Economic Forum Centre for Cybersecurity and as the site lead for Salesforce in the Pacific Northwest. Jim will have an in-depth discussion with Jay Chaudhry on building an extended zero trust architecture that spans Zscaler, Crowdstrike, and Okta. Darin Hurd CISO, Guaranteed Rate Chris Kachigian Sr. Director, CrowdStrike James Brodsky Sr. Director, Okta Darin Hurd is a security industry leader with over twenty years' experience in information technology, consulting and financial services. Darin is currently the CISO of Guaranteed Rate, leading their information security, privacy and risk. Darin is a zero trust champion and has successfully implemented zero trust architecture within Guaranteed Rate that was driven by their exponential growth in recent years. Chris Kachigian is the Sr. Director, Global Solution Architecture - Technology Alliances at CrowdStrike. Chris helps CrowdStrike partners deliver better outcomes to customers by solving their security challenges with CrowdStrike’s platform. He has a wealth of experience in cybersecurity architecture, global system integrators, and technical integrations. James Brodsky recently joined Okta to lead global cybersecurity efforts within Okta's Solution Engineering. A veteran of the industry for more than 20 years and formerly a leader at Splunk, Tripwire, IBM, and Resolve Systems, he focuses on bringing innovative solutions to customer security and compliance challenges. Hear from Darin, Guaranteed Rate’s success story on implementing zero trust ecosystem with CrowdStrike and Okta. In this session, Chris and James will be discussing why zero trust is a team sport and demonstrate the integrated partnership that forms the zero trust ecosystem. They will lay out strategies to follow to implement end-to-end zero trust and detail how to simplify the adoption of zero trust within your organization. You will also get an exclusive look at the integrated platform that includes Zscaler, CrowdStrike, and Okta. Chris Porter CISO, Fannie Mae Parthasarathi Chakraborty AVP, Humana Steve Williams CISO, NTT Data Chris Porter is the CISO of Fannie Mae. He is a passionate cybersecurity professional with a proven track record in research, intelligence, and consulting. He is globally recognized as a leader in data breach research with Verizon’s Data Breach Report series and for creating the VERIS Framework. He’s a member of the University of Virginia’s McIntire School of Commerce MSMIT Advisory Board. Parthasarathi Chakraborty is a visionary technology leader, inventor, blogger, and speaker with an exceptional track record of implementing transformational cybersecurity initiatives for fortune 50 financial & healthcare organizations. Parthas has a track record in building inhouse patented cybersecurity solutions. Partha is an executive leader with a sharp business mind and is an "engineer at heart". Steve Williams is the CISO at NTT Data in Plano, where he is responsible for the global advancement of NTT Data's security maturity. In addition, Steve is responsible for instilling a cultural change within the company; knowing that enterprise security is most successful when employees are educated and motivated. Steve has more than 30 years of IT experience, mostly focused on large global enterprises and Fortune 500 companies. Join security leaders to learn about how they replaced their old clunky hardware for a modern zero trust approach. Chris, Partha, and Steve share best practices and learnings from their zero trust adoption journey to help you speed up and simplify your journey. Learn about their motivations to get started on their zero trust journey and how they were able to lead their organizations into successfully transitioning from legacy hardware to the modern workplace. We hope you have your calendars marked and look forward to seeing you virtually! Register now. Fri, 18 Mar 2022 14:00:02 -0700 Kanishka Pandit Announcing Zscaler’s New XDR Partnership with SentinelOne Register for our webinar discussion on Thursday, March 3rd to hear directly from customers and product leaders about the Zscaler + SentinelOne integration. Zscaler’s customers rely on us as the leader in zero trust to limit their security risks as they expand their organization’s digital footprints to new globally distributed devices, application stacks, and infrastructures. Anyone who has undergone any level of zero trust deployment knows that the central credo is ‘assume breach.’ Architect your IT and security systems as though there are already malicious actors in your system, then disrupt their ability to operate. Security operations teams play a critical role in zero trust. If we’re ‘assuming breach,’ then we’d better be hunting and investigating those threats. Our new integration with SentinelOne allows SecOps teams to do that with even greater confidence and efficiency. Breaking security silos with XDR Most enterprise security stacks contain an array of disjointed point products that each have their own security controls, and that offer little or no meaningful correlations between them. When security operations teams see something suspicious in their logs, they have to pivot between various tools and manually piece together information to understand the scope of the threat. Remediation is the same: each security control often must be updated individually. The net result is far from ideal. It takes 280 days, on average, to mitigate a threat. And this inefficient pivoting is a waste of analysts’ critical time. Zscaler and SentinelOne are tackling this challenge head-on. With integration into SentinelOne Singularity XDR, logs from the Zscaler Zero Trust Exchange —the world’s largest security cloud—are ingested into SentinelOne's Scalyr back end where they can then be queried and faceted, allowing security operations teams to quickly triage and respond to attacks. This joint solution empowers security operations to take policy-driven actions across platforms that remediate threats automatically before an endpoint compromise results in cloud data exfiltration or other damage. Analysts can trigger automatic and manual response actions from SentinelOne into Zscaler such as revoking access or quarantining users or moving them into a more restrictive group, based on which access policy to selective applications can be applied. This automatically limits an attacker’s ability to infiltrate and launch an attack. Zscaler + SentinelOne integration Key use cases Extended visibility and accelerated remediation SentinelOne consumes both Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) logs for expanded visibility, and enables security analysts to configure flexible response policies right from the SentinelOne console. These logs add context to help triage and investigate threats without needing to pivot from the SentinelOne console, where analysts can also quickly and automatically mitigate threats by limiting user access, quarantining a user, blocking access to one or a group of critical applications, or restricting access to specific applications with browser isolation. Zero trust conditional access SentinelOne continuously checks policy and enforces compliance in accordance with Zscaler policies. When an endpoint attempts to access a corporate application, Zscaler first performs a posture check to ensure that SentinelOne is installed and running before granting access. The SentinelOne and Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) integration enables seamless conditional access, ensuring that the trusted identity on a trusted device can directly access authorized corporate applications without exposing the network. Extending best-of-breed zero trust for faster investigations and better response Extended detection and response (XDR) and zero trust are two sides of the same coin, both fundamentally seeking to simplify and reduce the risk of digital transformation by increasing visibility and reducing the attack surface. Zero trust defines the architecture, policy, and strategy; XDR provides the analytics and drives the SecOps workflows. Zscaler is excited to partner with SentinelOne to take both zero trust and XDR to the next level, extending our platform from the cloud to the endpoint with shared telemetry and coordinated response actions. This powerful integration is only the start of the many benefits we expect to bring to our joint customers. If you’d like to learn more, download our solution brief – or better yet, join us for our upcoming webinar on March 3rd, where you can hear directly from product leaders and customers about this integration and what it means for you. Mon, 14 Feb 2022 06:00:02 -0800 Mark Brozek Zscaler Named a Glassdoor Best Place to Work for Second Year The last two years have been difficult for us all in many ways; individually, professionally, and globally. Zscaler has made a point to address these challenges that may be weighing on our workforce, and has proactively maintained open communication, prioritized the health and safety of employees, and shown compassion, both internally and externally, resulting in a subsequent explosion of growth. Because of these efforts and a focus on an inclusive and supportive workplace culture, Zscaler has been recognized by Glassdoor, for the second year in a row, as one of the 100 Best Places to Work. To determine the award’s winners, Glassdoor evaluates all company reviews shared by employees over the past year. What’s more, Glassdoor ratings are not based on self-nomination or application, but rather compiled solely from feedback shared voluntarily and anonymously by Zscaler employees, so we want to give a heartfelt and sincere thank you to everyone in the Zscaler family who have taken the time to review Zscaler on Glassdoor. Ranking number 38 with an overall company rating of 4.4 in the U.S. and 4.6 worldwide, we at Zscaler do not take this recognition lightly, and are incredibly honored and humbled by the opportunity to be included in this highly-coveted list, and intend to accomplish even more in the coming year. Zscaler is built upon five core values that we believe contribute to our overall success and employee happiness: Teamwork We intentionally build and nurture healthy work relationships. We celebrate together, solve complex problems together, and openly share information. We move as one, with a unified common goal. Open communication When it comes to discussing what’s right, what’s wrong, and what we can do better, nothing is off the table. Although we have and continue to grow at a rapid pace, we continue to foster an environment where our people feel safe sharing their opinions with others. Passion We are fiercely passionate about our work, our company, our colleagues, our customers, and our partners. As an incredibly diverse company, we understand that the passions of our employees may differ, however, this is what continues to make us successful. Innovation We are driven to not only innovate cloud transformation through our products but to also innovate in our jobs, whether as an engineer, marketer, salesperson, or lawyer. Customer obsession We are, above all else, obsessed with the success of our customers. I see us consistently succeeding at this by how we treat customers as partners—not prospects. These key tenets, coupled with a reputation for accountability and following through, have positioned Zscaler as not only a leader in the industry, but also as a great place to work. Interested in joining our team? We’re actively hiring company-wide and are seeking smart, motivated, creative people to join the Zscaler family to help us reach new heights in 2022. Search open job opportunities and learn more by visiting our careers page. Wed, 12 Jan 2022 08:00:01 -0800 Victoria Palmer Zscaler Secures Cloud Workloads with the Zscaler Zero Trust Exchange™ Since its inception, Zscaler has remained dedicated to protecting our customers—it’s at the very core of everything we do. In our first decade, we focused intently on providing users secure access to applications, first to the internet and SaaS with Zscaler Internet Access (ZIA) followed by private applications with Zscaler Private Access (ZPA), both of which are rooted in zero trust. I’m proud to say we’ve been successful on this front and will continue to aggressively innovate to keep users, workloads, devices, and data safe. But zero trust is most effective when approached as a holistic strategy applied not only to users but also across the entire organization, including workloads in the cloud. Our vision for cloud security focuses on protecting any workload—whether traditional VMs or cloud-native applications—with a broad set of solutions powered by the Zero Trust Exchange. These offerings draw from our strengths in cloud posture, entitlements, data loss and threat prevention, and workload communications. With today’s introduction of Workload Communications, we’re delivering on a major component of our commitment to help our customers extend zero trust to secure their public cloud workloads. As organizations increasingly adopt multi-cloud and hybrid-cloud strategies, building multi-cloud networks by simply extending the corporate WAN increases risk and introduces operational complexity. With workloads being deployed in multiple regions of multiple cloud providers, these mesh networks drive up costs and are also difficult to implement, scale, and manage. Many organizations have relied on a castle-and-moat approach to securing the cloud, yet this uses legacy VPN and firewall solutions which increase the attack surface and facilitate lateral threat movement, putting company data and applications at risk. Zero trust security architecture is superior to network security. Instead of relying on a routable network with firewalls, you connect the right entity to the right entity through a secure exchange. Zscaler’s Zero Trust Exchange uses identity and context to directly connect entities such as users, devices, and applications to create a seamless and secure experience. Zscaler pioneered the Zero Trust Exchange by securely connecting users to apps from anywhere. Today, I am happy to announce that Zscaler is extending zero trust to the public cloud with Workload Communications. Enabled by the Zscaler Zero Trust Exchange, Workload Communications extends the capabilities of ZIA and ZPA to clouds, allowing workloads to communicate with other workloads in any region of any cloud provider, over any network. Zscaler has partnered with major cloud providers such as AWS and Microsoft Azure to deliver a network-agnostic zero trust fabric that works over the Internet, Direct Connect, and Express Routes to meet the specific communication needs of cloud workloads in single and multi-cloud environments. We're very excited with the response from our customers who have already implemented Zscaler’s Zero Trust for Cloud Workload solution. I’d like to invite you to learn more about their success as well as the solution by watching our Zero Trust Your Cloud Workloads launch event live in your region or on-demand. To learn more, please also visit the Workload Communications page on our website. Tue, 07 Dec 2021 21:42:42 -0800 Jay Chaudhry Ramping Up Secure Cloud: Zscaler Testimony to Senate Committee At a U.S. Senate Homeland Security and Governmental Affairs Committee roundtable this week, I was honored to be selected to testify on behalf of Zscaler in support of bipartisan legislation to improve the FedRAMP program. FedRAMP promotes cloud adoption across the federal government by providing standardized security and risk assessments for cloud service offerings based on a “certify once, use many times” approach. Zscaler’s FedRAMP authorizations allow agencies to use our cloud security tools with confidence in knowing that they meet federal security requirements. Senator Gary Peters (D-MI) chaired the roundtable and previously introduced bipartisan FedRAMP legislation to “make sure that agencies can procure cloud-based technology quickly, while ensuring these systems – and the information they store – are secure.” Senator Rob Portman (R-OH), the top-ranked Republican on the panel, noted that FedRAMP is “the conduit for a standard approach to assessing the security issues regarding cloud services” and probed participants for suggestions on how to improve the program and efficiencies. David Shive, CIO, General Services Administration (GSA) likewise affirmed the program’s role, “We are relying on FedRAMP to help implement the President's executive order on cybersecurity, to support agencies as they migrate to a zero trust architecture and generally to accelerate the adoption of modern cloud tools that improve agency efficiency, and ultimately the public's experience with their government.” Ashley Mahan, Acting Assistant Commissioner, Technology Transformation Services, GSA also discussed how the FedRAMP program has continued to evolve and progress through the implementation of automation tools and modernizing its processes. In my testimony, I emphasized the importance of FedRAMP, and the role the program played during COVID response by enabling the government to more quickly shift to adopting cloud services, which have already been proven and accredited by Federal security standards. Zscaler supports the Federal Secure Cloud Improvement and Jobs Act (S. 3099) and companion legislation that has already been approved by the U.S. House of Representatives. Importantly for cloud service providers, the legislation encourages reuse and reciprocal treatment by agencies of CSPs’ existing security authorizations. The FedRAMP bill would also boost resources for a small GSA program whose importance for agencies and industry partners has grown significantly as cloud adoption has accelerated across government. Zscaler’s mission is to make the cloud a safe place to do business and empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications anywhere, from any device. Like the FedRAMP program, Zscaler was born and built for the cloud. Two hundred billion transactions a day run across our platforms, and we make more than 200,000 updates each day to defend against new cyberattacks identified around the world. That is why we view FedRAMP as an important initiative and built our Zero Trust Exchange on two FedRAMP-High and Moderate-authorized platforms, as well as a Department of Defense Impact Level (IL) 5 certification. We are proud to be a champion of the FedRAMP program and are grateful for the opportunity to share our experience and support efforts to move modernization forward securely. Find more information and archived video of the Senate roundtable here. Thu, 02 Dec 2021 17:07:43 -0800 Stephen Kovac Innovation to Protect the World As I reflect on Zscaler’s journey and progress over the last 14 years, it is clear that our solutions, which help organizations become more secure and agile in the cloud world, are having a positive impact on our customers. I know this will continue as we expand our services and customer reach globally, and I believe that our impact will extend beyond customers to benefit our rapidly changing society. Those who have followed our company’s journey are aware of the high standards we set for ourselves to seek out the right solutions. I firmly believe that the way we operate—with deep expertise rooted in the highest levels of integrity and responsibility—will continue to drive innovation that serves our customers, our business, and our society. As Zscaler enters a new stage of growth, it is important to share our approach to managing our environmental, social, and governance (ESG) focus areas with our customers, partners, investors, and broader communities. This transparency will help ensure that we build on our progress and continuously challenge ourselves to make an even greater longer-term impact. At Zscaler, we are passionate about creating meaningful change to address the challenges before us. As our company grows, we are presented with an immense opportunity and responsibility, and we stand committed to delivering value to our customers with digital solutions that allow them to operate more sustainably. The way people work and the way the world does business has been redefined, and our solutions provide customers with the flexibility to design their own modern workplaces by providing their employees with the same world-class cybersecurity protection and digital experience wherever they may be located. Our cloud-delivered solutions optimize computing resources, resulting in unprecedented levels of efficiency. Not only are our customers protected against real-time threats, but they’re also benefiting from an innovative and modern architecture that is an inherently environmentally conscious approach—with fewer servers and appliances, less rack space, and dramatically reduced power and cooling needs—compared to legacy approaches. As we help customers achieve their sustainability goals, we are committed to further minimizing our own impact on the planet with environmental objectives, and we are working towards setting greenhouse gas goals aligned with climate science. Our success is a direct result of the hard work and ingenuity of our employees. I am proud of our collaborative environment in which our employees embrace teamwork and are aligned in achieving our mission. We believe in rolling up our sleeves, acting on our convictions, questioning the status quo, and tackling tough problems head-on. Therefore, it is essential for us to invest in our people, let their passions come through, and encourage open dialogue that can lead to meaningful change. We do our best to attract, train, and elevate the best people possible while embracing diversity in our company and the communities where we live and work. I am deeply thankful to work alongside a team that embraces and champions these values and shares a vision of creating a safer, more sustainable world. I am proud of what we have accomplished so far, and I am eager to continue our shared journey to build a generational company. Additional information on our impact and approach can be found on our new ESG site. Thu, 04 Nov 2021 12:20:48 -0700 Jay Chaudhry Zscaler’s Stephen Kovac Named Vice Chair for Alliance for Digital Innovation Board of Directors Zscaler is honored to announce that Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, was named Vice Chair of the Alliance for Digital Innovation (ADI)’s 2021 Board of Directors. Kovac will represent Zscaler alongside board members from EXCELLACORP, Salesforce, Amazon, Palantir Technologies, Splunk, Strongbridge LLC, Johnson Controls, VMware, Google, and NuAxis Innovations. ADI is a non-profit association of commercial companies helping to shape innovation in government and technology and drive IT modernization. ADI members are leaders who focus on innovation and emerging technologies within the government, often in the realm of artificial intelligence, cybersecurity, cloud computing, and mobile technologies. Kovac’s role underscores Zscaler’s commitment to supporting federal modernization. “Zscaler is committed to collaboration to drive modernization progress,” said Kovac. “I look forward to representing Zscaler as a voice for change and am honored to work alongside top industry leaders who share the same goal.” We have believed in the ADI mission since the beginning, and I look forward to driving the agenda and helping to grow ADI membership and impact into the future.” Zscaler is committed to enabling zero trust-based secure access, to keep Federal employees secure and productive. Steps over the past year include: The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) named Zscaler a collaborator on its’ Zero Trust Architecture Project – which focuses on developing approaches to implementing zero trust within government and industry The Pentagon’s Defense Innovation Unit (DIU) issued Zscaler a success memo for completion of Secure Cloud Management (SCM) prototypes The FedRAMP Joint Authorization Board (JAB) prioritized Zscaler Internet Access (ZIA) for authorization at the High Impact Level. ZIA and Zscaler Private Access (JAB authorized at the High Impact Level) are the core of the Zscaler Zero Trust Exchange For more information on ADI and its efforts, visit the website here. Tue, 19 Oct 2021 08:00:02 -0700 Josie Smoot Zscaler Internet Access (ZIA) and CrowdStrike: Zero Trust Access Control Based on Device Security Posture The rise in mobile work is dissolving the traditional security perimeter, and the best way to secure this “new normal” is by adopting a zero trust model. Zero trust is often also called perimeter-less security, as no user or device is granted inherent trust. Every device connecting to the network needs to be authenticated and must have the authorization to gain the required access. Together, CrowdStrike and Zscaler are simplifying the adoption of zero trust. The adoption of zero trust security Image: Zscaler The previous integration of Zscaler Private Access (ZPA) and CrowdStrike proved to be immensely valuable to our customers, with capabilities like continuous zero trust checks, conditional access control for endpoints, and granting privileged access to private applications in the data center, or public cloud, based on user identity and endpoint security posture. This provided comprehensive security, from device to application, by only allowing authorized user access and offering device isolation if an appliance was infected with malware. This capability is now extended to internet application access. Achieving zero trust with the Zscaler and CrowdStrike integration Zscaler Internet Access (ZIA) helps secure your internet and SaaS connections by delivering a complete secure stack as a service from the cloud. CrowdStrike Falcon ZTA (Zero Trust Assessment) supports Falcon Zero Trust by providing continuous, real-time security and compliance checks for endpoints. When these two forces come together, they offer a powerful end-to-end security solution. This integration provides the ability to assess the device posture and health status passed down from CrowdStrike before granting access to internet applications. The integrated solution helps joint customers with adaptive, risk-based access control, with enhanced defense by allowing only well-protected devices to connect to these SaaS apps ZIA + CrowdStrike gives organizations the ability to create access controls and policies based on the presence of a CrowdStrike agent in the endpoint and also based on the ZTA health score computed for each device. The health score gives an amplified understanding about the device posture and allows ZIA to leverage this information to allow or block the device from accessing internet applications. The ZTA score is evaluated each time a connection request is made, making the conditional access adaptive to the evolving condition of the device overtime. Organizations can create custom device trust groups based on CrowdStrike posture to provide conditional access like shown below. How does this feature help customers? Joint customers of Zscaler and CrowdStrike will be able to: Assess continuous, real-time security and compliance checks of the endpoints. Ensure only secure devices can access internet applications. Set policies for SaaS applications based on posture and status from the CrowdStrike API. The ZIA and CrowdStrike integration solution allows users to enable safe and seamless access to internet applications from any location, on any device. Tue, 12 Oct 2021 07:26:27 -0700 Ranjani Ramamurthy Siemens and Zscaler Partner to Extend Zero Trust Security to the Industrial Edge for Smart Factories Zscaler is proud to announce a new strategic partnership with Siemens, the global powerhouse in industrial automation and digitalization, to address emerging cyber threats posed to industrial infrastructure and remote collaboration challenges for discrete and process industries. Together, Zscaler and Siemens strengthen cybersecurity for industrial environments by combining Zscaler’s cloud-delivered zero trust network access service with Siemens’s powerful local processing platform. The solution provides fast, seamless, and secure remote access to factory-floor systems and machines for employees and third parties, such as plant operators and maintenance technicians. With cloud-delivered security, you can dynamically expand existing systems by running the Zscaler Private Access App Connector as a Docker container on Siemens’ SCALANCE LPE local processing engine to provide highly secure access to industrial automation environments via a zero trust connectivity method. Deployment of secure remote access has never been easier. Our joint solution extends zero trust to OT and IoT environments and accelerates OT/IT convergence and security maturity for enterprises with critical manufacturing and production environments. This offering is now available to customers through joint Zscaler and Siemens go-to-market efforts. Solving the OT remote access challenge Today, plant operations and OT system owners are modernizing their industrial networks and expanding connectivity for their remote workforce to boost productivity. While interconnecting the factory floor to IT systems unlocks business value, it also creates vulnerabilities and increases the risks of cyber threats critically disrupting your operations – or worse putting workers in danger. In addition, unplanned downtime from cyber security incidents or network outages can cause serious harm to plants and personnel, resulting in revenue loss and reputational impact. Traditionally, employees and third parties are connected to OT environments via virtual private networks (VPN). There are two challenges with this that need to be considered. First, the cumbersome user experience [hop through rendezvous server and jump host]. Second, the expanded attack surface. In the traditional approach, employees and third parties are connected to OT environments via management systems for virtual private networks (VPNs. However, due to the increasing amount of required remote connections for IT/OT collaboration or IIoT, these traditional solutions are being stretched to their limits. The need for zero trust OT environments were once islands, air-gapped from the internet. These air gaps are eroding and no longer enough. Since even VPN solutions widely used in the past will reach their limits, we need a new paradigm for industry cybersecurity. Enter zero trust. As today’s work-from-anywhere society reshapes companies and industries in lasting ways, it is important to modernize security concepts, especially as legacy technology that is unable to support secure remote access in the most secure manner. Our future calls for a zero-trust approach when modernizing OT networks in order to accelerate the move to more secure remote access implementations for OT. Preventing operational disruption and downtime Together, Zscaler and Siemens provide OT security teams with highly secure remote access to their industrial networks for employees and third-party users, maximizing productivity and uptime. With Zscaler Private Access, you can allow employees to continuously and remotely access restricted areas (e.g. manufacturing areas, restricted labs). The connection is limited to the concerned machine network and restricted area, and complies with cybersecurity rules and frameworks. In this way, critical manufacturing and production industries can now empower existing automation networks with Zero Trust principles. Choosing fully cloud-delivered OT zero trust network access solutions provides seamless, easy access from anywhere in the world, while eliminating the attack surface and significantly reducing the risk of a cyberattack. Joint benefits of Zscaler and Siemens SCALANCE device: Connectivity – Control who and what connects to your OT and IoT edge networks for secure, flexible, granular access to distributed operational infrastructure Fast, Reliable – Users get the shortest, frictionless path to the OT network. Zscaler cloud designed for high availability and low latency Simplicity – One software for secure remote access to OT and IT business, production and cloud resources. Reduces cost and complexity – Eliminates the need for VPN infrastructure. Reduced connectivity demands and firewall rules by means of specified internet breakouts. Out of the box – SCALANCE products support Zscaler technology out of the box Legacy integration – authorized and authenticated communication also with legacy devices by means of zero trust gateways IT/OT convergence I am particularly excited about this new innovation in cybersecurity because it is a major step forward in OT/IT convergence, which the industry has been long anticipating. A convergence in controls of the OT and IT networks not only simplifies enterprise IT spend, but it also helps modernize OT security principles, which becomes more critical every day given the ransomware and other mounting threats against manufacturing and production environments. Now, with Zscaler, an enterprise can leverage integrated security concepts between OT and IT domains, leveraging zero trust for all users in all networks to securely and remotely access the data they need to do their jobs, no matter where they are, or what network connection they use. This comprehensive architectural diagram below cleanly depicts the now encompassing solution that enables remote workers, branch office workers, corporate headquarter workers, and third party partners to access applications, systems and devices where they may need to access data to perform employment functions, conduct servicing and maintenance, or other duties: Protect and empower your anywhere workforce. Start with zero today. Introducing Zscaler and Siemens’ joint industrial secure remote access solutions is very exciting for us. We’re working with OT and IT security professionals to help strengthen their arsenal of cyber defenses and accelerate their OT and IT transformation. Take advantage of our experts and tools designed to help you succeed in your zero trust journey. Learn more: Read the Zscaler and Siemens partner brief Set up some time to meet with us Contact us at Take our free attack surface assessment Related Links Webpage: What is OT Security? Webpage: Zscaler Secure Remote Access for OT Systems Press Release: Siemens and Zscaler Partner on Integrated Zero Trust Security Solutions for OT/IT About Siemens Siemens AG (Berlin and Munich) is a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation as well as advanced healthcare, the company creates technology with purpose adding real value for customers. By combining the real and the digital worlds, Siemens empowers its customers to transform their industries and markets, to transform the everyday for billions of people. Siemens also owns a majority stake in the publicly listed company Siemens Healthineers, a globally leading medical technology provider shaping the future of healthcare. In addition, Siemens holds a minority stake in Siemens Energy, a global leader in the transmission and generation of electrical power. In fiscal 2020, which ended on September 30, 2020, the Siemens Group generated revenue of €55.3 billion and net income of €4.2 billion. As of September 30, 2020, the company had around 293,000 employees worldwide. Further information is available on the Internet at Thu, 23 Sep 2021 08:00:01 -0700 Nicole Bucala Zscaler is First and Only Cloud-based SaaS Security Company to Achieve StateRAMP Ready Status This week, Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) achieved StateRAMP Ready status, underscoring Zscaler’s commitment to securing state and local government employees and data. The newly announced StateRAMP Authorized Vendor List gives state and local government IT and procurement officials confidence in their cloud service provider’s data security capabilities and provides a central location for sourcing service providers using or offering infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), and/or platform-as-a-service (PaaS) solutions that process, store, and/or transmit government data. The program aims to drive consistent cybersecurity defenses across vulnerable state and local government organizations. It is modeled in part after FedRAMP, and is based on a “certify once, use many” concept that saves time and reduces costs for both service providers and government agencies. Like FedRAMP, StateRAMP relies on independent third-party assessment organizations (3PAOs) to conduct assessments. “StateRAMP will help state and local government agencies improve their cybersecurity posture and drive more consistent cyber defenses. With the ever-increasing cyber threats, attacks, and breaches, participation and expertise from companies including Zscaler is critical to success,” said David Cagigal, Former CIO of Wisconsin. “It is encouraging to see government and industry come together and continually evolve to better serve constituents across the country.” “Zscaler is committed to partnering with government agencies to improve cyber defenses and secure the public sector. We were involved with FedRAMP from the beginning and are very encouraged to see and support the 'certify once use many’ approach that FedRAMP coined being adopted at the state level,” said Stephen Kovac, Chief Compliance Officer at Zscaler. “FedRAMP and now StateRAMP are excellent examples of how policy driver compliance programs can be incredibly efficient, speed up innovation, and build upon the partnerships between private industry and the government.” “Zscaler was a fantastic partner to conduct testing the StateRAMP Fast Track process. Their documentation, system information, and audit results were professional, accurate, and provided in a well organized and easy to review structure,” said Noah Brown, PMO Director, StateRamp. “The PMO thanks the Zscaler team for the communication, attention to detail, and for working diligently to answer our questions as we worked through this process.” As hybrid work continues, state and local governments continue to accelerate digital transformation initiatives. But transformation also increases risk with a dramatically expanded attack surface that must be protected. ZPA and ZIA are the core of the Zscaler Zero Trust Exchange, providing innovations that help customers accelerate digitalization with confidence. “We’ve completely changed the cybersecurity posture of the State of Oklahoma, with Zscaler playing an integral part of our transformation,” said Matt Singleton, CISO, Office of Management and Enterprise Services, State of Oklahoma. “We now have unprecedented visibility into the environment. We can respond faster and forecast where we may have issues and address those areas before they become a problem.” ZPA is a zero trust solution that connects authorized users directly to agency-approved private applications without being placed on the network, which dramatically reduces cyber risk. This approach significantly improves application performance and the user experience and reduces the attack surface and the associated risk of malware, ransomware, and other threats. The experience is identical whether the agency application is hosted in the government data center, or in destination clouds such as AWS GovCloud, Azure Government, or the Google Cloud Platform. ZIA is a cloud security service that transforms networks by delivering cloud-based internet and web security that scales to all users, whether they are on or off network. ZIA leverages a cloud-native proxy to allow organizations to secure all online and SSL traffic. By securely following all users, applications, and devices, regardless of location, ZIA enables a zero trust approach to SaaS application and website access that helps reduce risk and restore compliance. For more information on StateRAMP, visit Tue, 14 Sep 2021 09:30:59 -0700 Ian Milligan-Pate Zscaler Launches Partner Demand Center to Support Partner Demand Gen Efforts Did you know that Partner co-marketing efforts that leverage digital channels see four times the pipeline of non-digital partnerships? But digital marketing is often easier said than done, right? At Zscaler, our Global Partner Marketing team wants to make it as easy as possible for you to generate quality leads through digital co-marketing and build brand affinity online with your customers, no matter your marketing skillset, organization, or budget size. That's why today we are excited to announce the launch of the Partner Demand Center (PDC), a self-service and easy-to-use platform designed to help our Partners execute turn-key digital marketing activities at no cost. The PDC enables you to: Create demand and build pipeline with ready-to-launch email campaigns around zero trust, cyber threats, ransomware, and more! Launch microsites and website syndication with the latest zero trust content–no coding experience required. Strengthen your social selling skills through one-click social syndication on your personal or company pages Easily access searchable, diverse, and co-brandable Zscaler content Access valuable lead details, campaign measurement, and analytics tools We are excited to help our Partners achieve their digital co-marketing goals with the Partner Demand Center. To learn more, please join us for Partner RevUp LIVE next week where we will go into more detail and share a live demo of the platform. Date: Sep 22, 2021 07:00 AM PST Register Here To explore the PDC today, log in to the Partner Portal and click the “Marketing” tab in the toolbar. If you do not have an existing Partner Portal account you can easily apply here. For help logging in to the Partner Portal, please contact for assistance. Thu, 16 Sep 2021 07:00:01 -0700 Elorie Widmer Zscaler Executives Honored to Receive Federal 100 Awards Zscaler is honored to share that Stephen Kovac, Vice President of Global Government and Head of Corporate Compliance, and Drew Schnabel, Vice President, Federal, were honored as Federal 100 Awards winners at a ceremony on August 27—celebrating both 2020 and 2021 awardees. The Federal 100 Awards are the most prestigious awards in the federal IT industry, celebrating government and industry leaders who have gone above and beyond to demonstrate the innovative ways technology is transforming government—something both Kovac and Schnabel continue to exemplify. Drew Schnabel, a 2021 winner, was selected for his tireless efforts as a vocal advocate for zero trust security. Schnabel understands the value of industry/government collaboration and has been instrumental in bringing the Department of Defense (DoD) SkillBridge program to Zscaler, which gives military service members the opportunity to participate in industry-sponsored positions, gaining experience and training as they transition into the civilian workforce. Stephen Kovac, a 2020 winner, was honored for his relentless work to remove roadblocks to Federal cloud adoption, raising awareness, and educating policymakers and Federal IT leaders about opportunities for progress. He is the industry’s most vocal advocate for Trusted Internet Connection (TIC) reform, a significant barrier to cloud in government, in addition to supporting Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) reform efforts. Zscaler is committed to improving the nation’s cybersecurity posture and helping federal IT leaders embrace a cloud-delivered approach to enabling zero trust and delivering fast, seamless, and secure access across the entire ecosystem. Over the past year, Zscaler has taken a series of important steps, moving us closer to this goal: Zscaler was named a collaborator on the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) by implementing a zero trust architecture project which brings government and industry together to demonstrate various approaches to building a zero trust architecture. Zscaler joins 17 other technology companies on the project, underscoring the critical importance of collaboration between the public and private sectors. Zscaler received a success memo from the Pentagon’s Defense Innovation Unit (DIU) for successfully completing Secure Cloud Management (SCM) prototypes as part of a year-long process where the DIU evaluated service offerings that deliver fast, secure, and controlled access by DIU users to software-as-a-service (SaaS) apps directly over the internet. Zscaler Prioritized Joint Authorization Board (JAB) and FedRAMP certification for Zscaler Internet Access (ZIA) at the High Impact Level through the FedRAMP Connect program. ZIA, combined with Zscaler Private Access (ZPA), are the core of the Zscaler Zero Trust Exchange. ZPA is JAB authorized at the High Impact Level. The full list of 2020 winners is here and 2021 winners are here. Tue, 07 Sep 2021 12:21:49 -0700 Josie Smoot For Australian Enterprises of All Sizes, the Future Starts with Zero I am thrilled to announce that Zscaler has selected Orca Tech to be our exclusive distributor for Australia and New Zealand (ANZ). Orca Tech is the only value-added distributor in the region solely focused on cybersecurity and analytics, and, like Zscaler, the company has been a disruptor since its founding. As a result of the company’s security focus and the expertise of its dedicated teams, Orca has grown by a staggering 1,059 percent over the past three years. To help companies in the ANZ region transform securely for the modern, cloud-enabled world, Orca is exactly the right kind of partner for Zscaler. Customers across the region are looking for innovative solutions to help them secure all their connections, regardless of where employees may be working or where the applications and data may be hosted. Zscaler has many enterprise customers in the region who are relying on our technology to securely connect users, devices, and applications. For some, Zscaler has played a central role in their ability to support a 100 percent remote workforce early in the pandemic, including National Australia Bank (NAB). But the new partnership with Orca will enable Zscaler to expand its ability to meet the needs of the region’s small to medium enterprise prospects. We’re particularly excited to be able to support ANZ partners that are more aligned to businesses with fewer than 1,000 users. Now, through Orca Tech's partner network, those partners will be able to offer small and medium companies the capabilities of the Zscaler Zero Trust Exchange, the platform on which all Zscaler services are built. These companies, like enterprises of all sizes around the world, need to modernize their infrastructures and security to enable today’s mobile and hybrid workforce and cloud workloads. The Zscaler platform, built on the principles of zero trust, is the unified solution to meet modern business needs. Zscaler’s disruptive cloud-native architecture enables enterprises to break free from legacy approaches to networking and security that are as costly as they are complex and replace them with a zero trust approach that provides a great experience for users while blocking cyberattacks and preventing data loss. Unlike legacy, disjointed, on-premises security products, Zscaler’s proxy-based architecture unifies all security and access control services, with end-to-end visibility so that any performance issues can be spotted and remediated immediately. Our internal team will be working closely with Orca Tech to support customers throughout Australia and New Zealand with their secure digital transformation initiatives. Additional resources: Case study: Kubota Australia Website: Orca Tech Case study: Salmat Case study: GHD Case study: Cenitex Thu, 02 Sep 2021 09:28:05 -0700 Foad Farrokhnia National Cybersecurity Center of Excellence (NCCoE) Selects Zscaler as Technology Collaborator for Implementing a Zero Trust Architecture Project Strengthening the nation’s cybersecurity requires more — and better — collaboration between the public and private sectors. That’s why we are honored to announce that the National Institute of Standards and Technology (NIST)’s National Cybersecurity Center of Excellence (NCCoE) has selected Zscaler as one of its partners in a new Zero Trust Architecture Project. Zscaler will work alongside the NCCoE and other top Federal IT vendors on different approaches for implementing zero trust architectures. “We received an overwhelming response from the vendor community on this important project,” said Natalia Martin, acting director of the NCCoE, in the announcement. “Implementing a zero trust architecture has become a Federal cybersecurity mandate and a business imperative.” Top industry leaders will come together to demonstrate various approaches to implementing a zero trust architecture. These approaches will use a diverse mix of products and capabilities — and the effort will provide valuable "how to" guidance and lessons learned. As Federal employees continue to work from anywhere, and more and more applications move from inside the data center to outside the network perimeter, network and security teams are shifting their focus from securing the network to protecting users, devices, and business resources. As we like to say at Zscaler, zero trust is a team sport — and the NIST NCCoE is taking the initiative to bring together best-of-breed zero trust leaders. We’re committed to collaborating with customers and partners to demonstrate different, practical approaches to implement a zero trust architecture. As we know, no one solution fits every situation. Zscaler is honored to be a part of this coalition working side by side to realize the opportunity for zero trust to strengthen every agency’s cyber defenses. For more information, see NCCoE’s press release. Tue, 27 Jul 2021 07:00:02 -0700 Stephen Kovac Zscaler Partners with Nozomi Networks to Extend Zero Trust Security to the Industrial Edge Zscaler is proud to announce a new partnership with OT/IoT security leader Nozomi Networks to address the emerging cyber threats to industrial infrastructure and remote connectivity challenges for the manufacturing, pharmaceutical, and energy industries. Our joint solutions extend zero trust to OT and IoT environments with a complete set of industrial cybersecurity controls, including network visibility, threat detection, remote access, and operational insights. Solving the OT remote access challenge Today, plant operations and OT system owners are transforming their networks to modernize operations and provide seamless and secure connectivity for their remote workforce. In the traditional approach, employees and third parties are connected to OT environments via virtual private networks (VPNs), which introduce significant security risks and complexity. In addition, unplanned downtime from cyber security incidents or network outages can cause serious harm to plants and personnel, resulting in revenue loss and reputational impact. As today’s work-from-anywhere world reshapes companies and industries in lasting ways, the old paradigm of building castle walls and a moat around your resources with legacy technology will soon become obsolete. Our new reality calls for a zero-trust approach when modernizing cybersecurity and accelerating the move to more secure remote access implementations for OT. Preventing operational disruption and downtime Together, Zscaler and Nozomi Networks provide OT security teams with highly secure remote access to their industrial networks for employees and third-party users, maximizing productivity and uptime. With Zscaler Private Access, you can remotely access the full Nozomi Networks solution including Guardian sensors and Vantage cloud-based management console. Choosing fully cloud-delivered OT security monitoring and zero trust network access solutions provides seamless, easy access from anywhere in the world, while eliminating the attack surface and significantly reducing the risk of a cyberattack. Sample Nozomi and Zscaler deployment architecture Joint benefits of Zscaler and Nozomi Networks: Connectivity – Control who and what connects to your OT and IoT edge networks for fast, seamless, and secure access to distributed operational infrastructure Visibility – See all assets and behavior on your OT and IoT networks, yielding unmatched contextual awareness ]Inspection – Detect cyber threats, vulnerabilities, risks, and anomalies with actionable analytics for faster response Integration – Unify security, visibility, and monitoring across all your assets for improved resiliency Protect and empower your anywhere workforce. Start with zero today. Introducing Zscaler and Nozomi Networks' joint industrial security solutions is very exciting for us. We’re working with OT and IT security professionals to help strengthen their cyber defenses and accelerate their digital transformation. Take advantage of our experts and tools designed to help you succeed in your zero trust journey. Read the partner brief Set up some time to meet with us Take our free attack surface assessment Related Links Webpage: What is OT Security? Webpage: Zscaler Secure Third Party Access for OT Systems Webpage: Nozomi Networks Solution Overview Blog: Nozomi Networks and Zscaler Deliver Zero Trust Remote Access Solution About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. Tue, 10 Aug 2021 06:00:01 -0700 Nicole Bucala Defense Innovation Unit Issues Success Memo to Zscaler Today, we are proud to share that the Department of Defense (DoD) Defense Innovation Unit (DIU) announced that Zscaler successfully completed a Secure Cloud Management (SCM) prototype. The project launched in May 2020, and the evaluation confirms Zscaler can deliver fast, secure, and controlled access to SaaS cloud services directly over the Internet, simplifying DIU’s ability to engage with non-traditional technology vendors. A third party assessed the prototype using Defense Information Systems Agency (DISA)-developed criteria. DIU then issued a success memo to Zscaler, enabling Department of Defense (DoD) organizations to contract with vendors without needing to re-compete. “These solutions simplify engagement with non-traditional technology vendors by allowing DIU users to collaborate in real time. The solutions provide equivalent security and control to the DoD’s Cloud Access Point (CAP) while delivering real-time performance, which is critical for such things as videoconferencing and file sharing,” said John Chen, interim CIO for DIU. Zscaler is focused on giving customers access to modern, mission-critical applications, including those that require the most stringent security and work in some of the world’s most remote and challenging environments. “The DoD is working to strengthen cyber defenses on many fronts. DIU is exploring and testing new innovative approaches in security architecture. CMMC is in its final stages to improve security consistency to all contractors working with the federal government," said Patrick Perry, Director of Emerging Technology, Zscaler. "But, we have to approach things differently than in the past. Government as a whole can transform security by taking a user-centric approach, where the first priority is to protect the data, then provide secure access once contextual validation occurs, and finally applying appropriate security based on risk scoring – whether accessing the internet or applications that reside in an on-prem data center or using a cloud service." The Zscaler Zero Trust Exchange is consistent with the May 2021 Executive Order on Improving the Nation’s Cybersecurity, and with DISA’s recently published Zero Trust Reference Architecture. The DIU anticipates the project’s results will help inform DoD entities as they formulate their own zero trust plans. The Zero Trust Exchange platform includes Zscaler Private Access (ZPA), a FedRAMP-High JAB authorized network access service that connects trusted users directly to trusted cloud applications; and Zscaler Internet Access (ZIA), the first secure internet gateway solution to earn FedRAMP certification. ZIA is currently prioritized for FedRAMP-High JAB authorization. Benefits include: Zero attack surface – apps are never exposed to the internet; you can’t attack what you can’t see Direct connections to an app, not a network – segment of one, no exposure of any additional resources or data, no ability to move laterally or connect to C&C servers Proxy architecture, not passthrough – full content inspection including SSL; holds and inspects unknown files before reaching the endpoint Multitenant architecture – cloud-native, multi-tenant design; continuous security updates Secure Access Service Edge (SASE) – policy enforced at the edge in 150 DCs (SASE), peering in internet exchanges, hundreds of apps This project underscores the Pentagon’s continued modernization commitment. Maximum telework accelerated change and today, workforce expectations and needs continue to evolve. Cyber-adversaries continue to seek new ways to take advantage of vulnerabilities. Zero trust-based secure cloud access is core to the foundation for mission success. For more information, see the DIU’s press release here. Thu, 01 Jul 2021 17:22:54 -0700 Drew Schnabel The Asia-Pacific Region is Moving Full Cloud Ahead Zenith Live APJ marks the end of what I believe was our most extensive and possibly our best Zenith Live to date. First of all, thank you to all our attendees, customers, partners, and speakers across the Asia-Pacific region whose enthusiasm and insights made this event as successful as it was. Zenith Live APJ featured two days of real-world accounts of business transformation, with keynotes, panels, demos, and training, leaving us all with a lot to explore further as we move forward together on our transformation journeys. With that in mind, I wanted to share a quick summary of this year's Zenith Live APJ so you can catch up on anything you may have missed. Let's begin with day one. Day one highlights Kicking things off was Zscaler CEO Jay Chaudhry, who started the conference by acknowledging how challenging last year was for IT teams around the globe. Yet, perseverance and quick thinking kept organizations running and employees working. He also touched on how the pandemic expedited the need to build modern infrastructures around zero trust. In Jay's words, "IT has proven time and again its resilience in not just adapting to change but being the catalyst for change." Continuing, he detailed how our cloud-native platform, the Zscaler Zero Trust Exchange, assisted countless customers in quickly transitioning to work-from-anywhere, while enabling new capabilities for the returning hybrid workforce. He highlighted the three ways the Zscaler platform is helping businesses transform. They include modernizing the workplace to enable work from anywhere, eliminating the attack surface to reduce risk by transforming security so that it can be everywhere, blocking cyberattacks, preventing data loss, and stopping lateral threat movement. You can watch Jay's keynote and many of the other sessions on-demand: Insights from APJ CXO panel Following Jay's opening remarks, I took the digital stage with top APJ CXOs, including Mohit Kapoor of Mahindra Group and Lucious Lubo of Tech Mahindra. During this CXO panel, I had the pleasure of chatting with both leaders about how they securely leveraged the power of the cloud to modernize their businesses, offer more products and services, and drive innovation, all while streamlining their digital footprints. Mohit and Lucious both cited security built around zero trust as a critical factor in their ability to modernize at the speed they did, allowing them to quickly scale secure app access for employees, partners, and customers. Moreover, both Mohit and Lucious spoke to me about the very real threats to their supply chain, factories, and manufacturing processes with the recent uptick in these sorts of attacks. With Zscaler, not only can they better protect these systems, but they can also identify and recover from threats in real time. Leading change: Women in IT Also, on day one was our fireside chat, Women in IT: Expanding Influence and Leading Change. Tanya Graham, Executive General Manager of Strategic Programs at Healthscope, joined Zscaler's Kavitha Mariappan for a candid conversation about C-level attainment and making an industry-wide impact by leveraging emotional intelligence, mentoring others, and conviction. During this session, both leaders touched on how you can advocate for inclusion by using your career story to inspire a new generation of leaders—and how all leaders can champion the creation of supportive and equitable workplace communities. Day two highlights Day two began with part two of "Innovating at the Speed of Cloud," with Amit Sinha, Steve House, and Tony Paterra. This session covered enhancements across the Zscaler platform, including inline and out-of-band CASB for better data protection and compliance. Moreover, they shared insight into security innovations, including more robust threat protection and expanded Cloud Browser Isolation capabilities in ZIA and ZPA services to isolate users and devices from potentially risky content. Customers provided powerful insights The morning continued with insights from Rasik Vekaria of BP, David Branik of DHL, and Andrew Baker of Absa group. During these inspiring sessions, all three leaders addressed how they improved business agility and resiliency despite the pandemic.. Each customer exec shared how they are using zero trust to successfully modernize their companies and deliver enhanced user experiences and improved security to their employees—regardless of location. All of us here in APJ are grateful to all the customers who joined us and spoke at Zenith Live in keynote sessions, panels, and technical breakout sessions. Thank you! ThreatLabZ keynote: Insights from the front lines of the world's largest security cloud Zscaler ThreatLabZ experts presented research into emerging attacks discovered and analyzed with our world's largest security cloud. The panel dissected recent attacks while sharing best practices on securing your enterprise from sophisticated threats targeting your software, supply chain, Microsoft Exchange servers, and more. That said, this session wasn't all doom and gloom. Deepen Desai detailed how Zscaler's disruptive protection suite unifies our industry-leading threat intelligence, world-class experts, and innovative technology to give you peace of mind from the most advanced attackers. Partners highlighted their commitment to secure transformation Creating a robust ecosystem of partners whose technologies complement the Zscaler Zero Trust Exchange is critical for successfully helping customers become more secure, agile, and resilient in the APJ region. Today's partner summit celebrated precisely that—a group of technology evangelists and leaders joining forces to continue the digital transformation momentum over the next year and beyond. This concludes Zenith Live APJ 2021 and what an event it was. On behalf of Zscaler, I would like to thank you for making this our best Zenith Live yet! We hope you found our speaker sessions, training, panels, and workshops informative and relevant as you continue moving full cloud ahead. If you missed Zenith Live, be sure to view sessions on demand: We hope to see you next year! Wed, 23 Jun 2021 13:32:28 -0700 Scott Robertson Introducing New Partner Certifications and Learning Formats! Introducing New Partner Certifications Zscaler is pleased to announce new pre-sales certifications featuring all-new content and interactive learning opportunities. These courses were specifically designed to give partners the chance to roll up their sleeves and uncover new ways to grow their business with Zscaler. At Zscaler, we believe our partners are crucial to our success. We recognize we must work in conjunction with our partners to spread the word about the possibilities of adopting a zero trust security model. Zscaler Certified Associate (ZCA) Zscaler Certified Associate overviews the goals and vision of Zscaler, including what we do, the value we offer customers, and our mission for future network and security transformation. Partners will learn how Zscaler is uniquely positioned to disrupt the status quo of hub-and-spoke network security and how to join us on the incredible journey. ZCA serves as a prerequisite for both the Zscaler Certified Sales Professional (ZCSP) and the Zscaler Certified Sales Engineer (ZCSE) certifications and replaces the existing Zscaler Certified Sales Specialist (ZCSS) certification. Zscaler Certified Sales Professional (ZCSP) Zscaler Certified Sales Professional is designed to familiarize partner sellers with how to best position Zscaler as the market’s leading network and cloud security solution. In this certification, partners will learn how to identify and qualify opportunities as well as the technical integrations we have in place to help you position Zscaler as part of a holistic solution. Partners will also dive into the four core product areas for the Zero Trust Exchange platform. The new ZCSP certification is valid for two years upon completion. Zscaler Certified Sales Engineer (ZCSE) This certification is built for those in pre-sales technical roles, specifically designed to get participants up to speed on how to best showcase Zscaler’s technical value and differentiation. In this certification, partners will take a deep dive into Zscaler’s core product offerings to understand the key capabilities of the zero trust platform and how customers can realize the benefits in their unique environments. Participants will also catch a glimpse into a security administrator’s experience, including policies, reporting tools, technical integrations, and the end-user experience. The new ZCSE certification is valid for two years upon completion. What are the Benefits of Becoming Zscaler Certified? Zscaler certifications are designed to arm partners with the most up-to-date information about our products, strategies, and thought leadership so they can effectively communicate the value of our end-to-end zero trust security platform. By becoming Zscaler certified, partners will increase their credibility with customers by helping them accelerate their highest priority IT initiatives, all while reducing cost and simplifying their environments. With Zscaler, partners can expect to expand their book of business by providing the holistic and integrated solution packages their customers want and need. If you are a partner looking to enroll in Zscaler Training & Certifications, log in to our Partner Portal at and click on the Enablement tab. Tue, 22 Jun 2021 07:00:01 -0700 Rick Kickert We’re Pleased to Announce our 2021 Partner Award Winners This year we’re celebrating our very first Zscaler Partner Awards, honoring our “zero trust heroes” who’ve gone above and beyond in their partnership with Zscaler to help our mutual customers embrace digital transformation. Who’ll be taking home the trophies? Let’s find out! Americas Partner of the Year Like all of the awards announced, selecting a winner is the result of in-depth deliberation. With that said, the Americas Partner of the Year winner leads with transformation and leverages this principle to build strong customer relationships with advisory consulting. This partner also is being recognized for approaching zero trust with a focus on identity-based security policies rather than network. Therefore, we’re happy to announce that OPTIV is the Zscaler Americas Partner of the Year. APJ Partner of the Year Our APJ Partner of the Year winner signed a global contract with Zscaler in 2018, and the level of executive and field engagement continues to be outstanding, significantly contributing to Zscaler’s reach and success in this region. With the highest number of Zscaler certifications globally, this partner delivers strong partner-sourced performance in Japan by landing both domestic and global accounts. Our APJ Partner of the Year is NTT Communications Corporation. EMEA Partner of the Year Our EMEA Partner of the Year was entirely self-sufficient from pipeline generation through proof-of-value. By investing in Zscaler Certifications to up-level their technical expertise, and by hosting quarterly webinar campaigns yielding an average of ten new leads per quarter, Avantec AG has been selected as our EMEA Partner of the Year. Public Sector Partner of the Year With a focus on new business meetings and consistently executing interlocks and integrated field engagements, our Public Sector Partner of the Year consistently exceeds business objectives—especially when delivering Zscaler services to key strategic accounts. Our Public Sector Partner of the Year is ThunderCat Technology. Global Solution Integrator Partner of the Year As one of our most prominent end-user customers, this partner leverages ZIA and ZPA to enable their employees to work securely from anywhere. In addition, Zscaler is this partner’s exclusive GTM partner for web security and zero trust, and closed several large new logos across several verticals last year. As an outstanding partner in Central Europe with expansion plans to other regions, Zscaler’s Global System Integrator Partner of the Year is Tata Consultancy Services. Services Partner of the Year Over the last year, this partner has subcontracted and delivered on a large number of projects and offers a robust set of U.S. federal and commercial expertise. More notable is that most of this partner’s deployments are completed in 90 days or less, with consistently high customer satisfaction ratings. Our Services Partner of the Year is Ridge IT. Service Provider Partner of the Year This year’s winner is our second-largest global partner for new sourced business, growing even more in 2020 and delivering balanced performance across all regions. This partner also landed two of our five largest sourced ZIA deals. Our Service Provider Partner of the Year is Verizon. Zero Trust Technology Partner of the Year Microsoft has been out in front of the industry in its call for the adoption of zero trust to enable the modern workplace, close security gaps, and accelerate digital transformation. It is closely aligned with Zscaler in the belief that zero trust isn’t a single solution, but rather a strategy that should extend across a company’s digital estate. Microsoft is on its own zero trust journey, applying the principles of least-privileged access, explicit authentication, and the prevention of lateral movement across its ecosystem, while educating customers about these key requirements to help them improve their security postures as they move to the cloud and support a mobile workforce. Congratulations to Microsoft, our Zero Trust Technology Partner of the Year. The Go-to-Market Technology Partner of the Year One of our top GTM Technology Partners, this partner helps us deliver incredible value to large global organizations. This award recognizes our relentless focus on securing work beyond the perimeter and co-developed innovations, enabling our customers to seamlessly and securely shift to remote and hybrid work. Congratulations to our Go-to-Market Partner of the Year, CrowdStrike. Customer-Centric Technology Partner of the Year This award recognizes our shared commitment to customer obsession and improving customer experiences, which is reimagining how businesses can drive successful outcomes and reduce costs, while balancing security with user experience. Congratulations to the team at AWS. Congratulations to all of our winners! Thank you for your continued partnership and driving success with our joint customers. For more information on our Summit partner program visit and watch the replay of Partner Summit at Zenith Live. Mon, 21 Jun 2021 08:40:53 -0700 Punit Minocha Zenith Live EMEA is a Wrap! Another Zenith Live is in the books, and we’re proud to say this was our biggest event and arguably our best one yet. While we wish we could have gathered together in person, the sense of community, engagement, and enthusiasm displayed by attendees, customers, partners, and speakers brought this event together. Two days of real-life transformation stories, keynotes, panels, demos, and training leave us all with a lot to unpack and take with us as we move forward together on our transformation journeys. With that in mind, we wanted to share a quick summary of this year’s Zenith Live so you can catch up on anything you may have missed. (Many sessions are available on demand here.) Day one highlights Zscaler CEO Jay Chaudhry opened the conference by congratulating the entire IT community for its heroic work last year, keeping their organizations operating and employees working, while highlighting how the pandemic accelerated the need for a modern digital infrastructure based on zero trust. In Jay's words, "IT has proven time and again its resilience in not just adapting to change but being the catalyst for change." He explained how the Zscaler Zero Trust Exchange, our cloud-native platform that powers all Zscaler services, helped many customers through the transition to work from home and is now enabling new capabilities. The Zero Trust Exchange is helping customers accelerate transformation in three ways: by modernizing the workplace to enable work from anywhere, by eliminating the attack surface to reduce risk, and by transforming security so that it can be everywhere, blocking cyberattacks, preventing data loss, and eliminating lateral threat movement. You can watch Jay’s keynote and many of the other sessions on demand: Following his opening remarks, Jay was joined by Karl Hoods, Chief Digital Information Officer at the UK’s department for business, energy, and industrial strategy, for the CIO Perspective Panel. They discussed how CIOs are tasked with transforming all aspects of the business and are now empowered to lead a range of initiatives. Karl also explained some of the challenges his organization faced when tasked with quickly and securely providing efficient work-from-anywhere experiences. In another illuminating discussion, Gulay Stelzmullner of Allianz Technology, Petek Ergul of HSBC, and Alissa Choong of Shell joined Zscaler EVP Kavitha Mariappan for the Women in IT panel. In this fireside chat, they discussed what truly lies beyond C-level attainment, including creating and mentoring tech leaders, championing diversity and inclusion, and making an industry-wide impact. All four leaders shared personal stories of how they used their conviction to succeed in the transformative roles they hold today. Day two highlights Day two opened with the second installment of “Innovating at the Speed of Cloud," with Amit Sinha, Steve House, and Tony Paterra describing enhancements across the Zscaler platform. Some of them included inline and out-of-band CASB for better data protection and compliance. Security innovations include the first zero trust solution to include active defense, an exciting approach to cybercrime prevention, and we have expanded Cloud Browser Isolation capabilities in both the ZIA and ZPA services to isolate users and devices from potentially risky content. Customers provided powerful insights The morning continued with a CISO panel featuring Andrew Vautier of Accenture and Angelique Grado of Technip FMC, who joined Zscaler’s Yogi Chandiramani to address how today’s new hybrid work model may continue indefinitely, and what this means for security teams. In an enlightening discussion, the CISO panel cited the alignment of security and business objectives as a must—in other words, the role of the CISO needs to evolve to straddle both the technical and operational aspects of leveraging zero trust to support new business initiatives and deliver tangible success. The conversation around elevating IT as a key business enabler continued with the CTO panel. An underlying theme of this year's Zenith Live was embracing zero trust to improve business agility and resiliency to support the needs of today's hybrid workforces. According to our expert panel, including Zscaler's Nathan Howe, Mondi Group's Thomas Vavra, and Richemont International's Eduardo Grilo, the CTO's job is to create a fast, secure user experience for employees both returning to the office and working remotely. Our customer keynotes included four leaders whose companies have built resilience and agility within their businesses despite COVID-19 setbacks. Claude Pierre of Engie, Alain Delava, also of Engie, Sebastian Kemi of Sandvik, and Andrew Baker of Absa Group shared differing stories but their insights were similar, particularly when it came to the use of zero trust to successfully modernize their companies to enable modern workforce with a great user experience and enhanced security. We are grateful to all the customers who joined us and spoke at Zenith Live in keynote sessions, in panels, and in our technical breakout sessions. Thank you! Dear partners, Zenith Live wouldn’t be Zenith Live without you By joining with technology leaders whose services are complementary to the Zscaler Zero Trust Exchange, we can provide customers with integrated solutions that enable them to become more secure, resilient, and agile. With our partners, we have formed a strong ecosystem of future-forward thought leadership, strategy, and technology. Today’s partner summit celebrated exactly that—a group of technology evangelists and leaders joining forces to continue the digital transformation momentum over the next year and beyond. That’s all folks, see you at Zenith Live 2022! This concludes Zenith Live EMEA 2021, and what an event it was. Zscaler thanks you for making this our best Zenith Live yet! We hope you found our speaker sessions, training, panels, and workshops informative and relevant as you move full cloud ahead. If you missed Zenith Live, be sure to view its illuminating sessions on demand. We hope to see you next year! Thu, 17 Jun 2021 12:43:27 -0700 Ismail Elmas What our Latest Glassdoor Award Means to Zscaler I just learned that Zscaler’s CEO, Jay Chaudhry, has been named one of the Top 100 CEOs by Glassdoor. The award is based on a rating system submitted by employees and, for that reason, above all, I am thrilled for Jay. But I’m not all that surprised. This company has grown a lot, especially in the last year, but the company’s culture and its values that were defined by Jay more than a dozen years ago continue to inform our practices every day. What I’ve found inspiring about these values is that they are dynamic, helping us grow during changing times while staying true to our corporate ethos. As it can be said for most companies, these past 15 months have provided a case study in change. There was the rapid switch to remote work, of course, but between March 2020 and now, we also doubled our staff size, welcoming more than 1,500 new employees to the company. And while things were moving fast on multiple levels—especially supporting our customers as they transitioned their employees to remote work—Zscaler leaders paid close attention to our employees—connecting, listening, and learning about how they were feeling. We developed a range of programs to support them, help them engage with others through resource groups, and take breaks for exercise, games, or meditation. And we instituted occasional company-wide days off. We have also developed a self-service management microsite with training and skills development in partnership with Coursera and other platforms. This program, Leading at Z, is well underway, helping managers at any stage of their careers enhance their skills and develop new ones. Another program is under development for all Zscaler employees, called Succeeding at Z, to support everyone in their professional growth, so they can achieve their own definition of success. We’ve learned a lot from employees and we’ve tried to introduce programs and practices that address their concerns about work-life balance, mental and physical health, and the importance of family time and time off, and the benefit of upward mobility. It’s gratifying to see the company’s efforts reflected in employees’ reviews of Jay as the company’s leader. I’m coming up on my first-year anniversary at Zscaler and, even in this timeframe, I can see a more mature company emerging. It has a lot to do with growth, but I believe it has even more to do with the leadership team, which has always been closely aligned on the vision of building a great and lasting company. Realizing this vision requires the hiring and retention of exceptional people across the company who are excited to be here and are passionate about what we are all trying to achieve on behalf of our customers. Though the company is changing, its founding values have never changed. I believe that is why Jay is being recognized now as a top CEO, and why Zscaler will, indeed, become a great and lasting company. Here are those values: Teamwork: We celebrate together. We openly share information. We move as one. We value serving others over personal prestige. We value humility over ego by showing respect and recognizing the truth in all situations. Humble leadership empowers our employees to speak their mind and innovate. Open communication (candor over politics): We have open discussions about what’s right and what’s wrong. Put another way, we don’t enable politics. We value real feedback and relationships built upon honesty and trust. Passion (over self-interest): We are fiercely passionate about our work, our company, our colleagues, our customers, and our partners. We put grit over image, that unique combination of passion, courage, and long-term perseverance over innate talent and intelligence. Innovation: We are driven to not only innovate cloud transformation through our products but to also innovate in our jobs, whether an engineer, marketer, salesperson, or lawyer. Customer obsession: We are, above all else, obsessed about our customers’ success. Everything we do is about helping our customers succeed in their business transformation to the cloud. Part of this, too, is valuing results over activity. Join us! Zscaler continues to seek people who share these values. Please visit our careers page to learn more. Thu, 17 Jun 2021 08:01:08 -0700 Sandi Lurie Zscaler Customers Are Moving Full Cloud Ahead What an incredible conclusion to day one of our fourth annual Zenith Live virtual conference! It was an honor to share the stage with my colleagues, guest luminaries, and our marquee multinational customers, BP and DHL. We reached a new record with more than 15,000 registrants committing two days to learn how organizations globally are adopting zero trust to rapidly secure work-from-anywhere, prevent cyberthreats and data loss, and improve the digital experience for users everywhere. Zero trust is accelerating transformation The cloud and mobility have been agents of change, empowering organizations to harness the speed and agility they need to remain competitive. The pandemic didn’t change this trajectory, but it did accelerate it. As organizations scaled remote access for most of their employees, those that had the greatest success had already begun their zero trust journeys. It was inspiring to hear customers describe how zero trust helped them through the crisis, and is now empowering their businesses to speed the development of new products and services, become more productive and collaborative, and protect their data, all in a way that simplifies IT. That, to me, is the definition of a modern organization. In my keynote, I described how the Zscaler Zero Trust Exchange, our cloud-native platform that powers all Zscaler services, is helping customers accelerate transformation in three critical ways. The first is by enabling workplace modernization, which means that employees can work from anywhere, securely, with a fast, streamlined user experience. The Zero Trust Exchange also enables network transformation with fast, secure, direct-to-cloud connections that simplify branch connectivity and eliminate costly wide area networks. And it powers security transformation to prevent cyberthreats, prevent data loss, and eliminate the risk of lateral threat movement. Customers provided the most inspiring moments at Zenith Live When customers get up and talk about their experiences, we know that’s when audience members pay especially close attention. Our customers can speak to the types of challenges each attendee is likely to face at one point or another. I am so grateful for all the customers who are participating this year in Zenith Live keynotes, CXO panels, our Women in IT exchange, and the many who joined in our technical breakouts to discuss their Zscaler implementations and experiences with our services. For BP, IT is building a more agile company This morning I spoke with Rasik Vekaria of BP, a company with 70,000 employees and operations in 120 countries. He described BP’s journey to zero trust. “For me, a zero trust architecture was critical to what we do from a security standpoint. This means, I don't care if you're on the network, in the network, around the network, over the network—we treat everything as if it’s compromised.” That approach, that mindset, is the crux of zero trust. If you assume that everything is compromised, you won’t let anything on your network. You inspect all traffic, coming and going, even if it’s encrypted, to prevent attacks and data loss. And you make your applications invisible to the internet to eliminate the attack surface. DHL is making every connection fast, simple, and secure Later in the morning, Zscaler’s VP of Emerging Technology, Nathan Howe, spoke with DHL’s VP and Head of Telecoms, David Branik. DHL has operations in almost every country, with third-party partners around the world, remote employees using a range of devices, customers accessing their data in real time, creating an incredibly complex task for the IT team. David spoke of the need to make access fast and simple for every type of user: “It's almost like...when you go and plug in something into the wall circuit, you expect that the electricity is there. You don't want to think about what's behind it. And I think, from a network perspective, it's virtually the same thing.” At Zscaler, we agree that the experience for any type of user should be frictionless, and it should be the same no matter where the user is connecting. User experience must be a business imperative. See you tomorrow for more announcements, demos, and customer stories Tomorrow, I look forward to hearing from Bruce Lee of Centene, a company that has grown tenfold—from 8,000 employees to 80,000—in ten years. With much of that growth through mergers and acquisitions, I know that Bruce will touch on the complexity the company faced, and how zero trust is enabling them to accelerate M&As from years to months to weeks. In case you missed any of today’s sessions, we will make recordings available soon. And Zenith Live 2021 (Americas) continues tomorrow at 8:30 AM PDT, while day one of Zenith Live in the European (EMEA) region kicks off at 8:30 BST. There is much more in store for Zenith Live day two. In addition to Wednesday’s keynotes, customer panels, executive panels, and guest speakers, the virtual conference continues with architecture workshops, technical deep dives, and countless other opportunities to roll up your sleeves and go full cloud ahead. I hope to see you there. Tue, 15 Jun 2021 20:13:46 -0700 Jay Chaudhry A Powerful Combination: Active Defense, the Bridge to Zero Trust The end of May marked a monumental juncture for Zscaler as we continued to extend the company’s cybersecurity reach with our intent to acquire Smokescreen Technologies, a leader in active defense technology. This week, I am excited to report that the Smokescreen deal has closed, and we are proceeding to integrate its leading-edge active defense capabilities into the Zscaler Zero Trust Exchange. In contrast to traditional network traffic analysis tools, which are noisy and prone to false positives, active defense uses elaborate decoys and honeytraps to block the most sophisticated threats with high accuracy as attackers attempt to traverse corporate networks. The appeal of active defense is how it turns the tables on would-be attackers. Security teams don’t have to hunt for network threats, rather the bad actors are lured to honeytraps, dramatically slowing their progression in order for security teams to quarantine the threats. While the ultimate answer is to migrate to a zero trust architecture, thus eliminating the risk of network access, active defense is founded on the similar concept of trusting nothing and assumes that the network is already breached. This offers organizations a pragmatic path to zero trust and provides a simple yet effective way for them to identify and remove attackers who may already be expanding laterally and compromising resources on the corporate network. I invite you to learn more about Smokescreen’s active defense technology at Zenith Live 2021. The Zscaler ThreatLabZ experts will also share in-depth research into emerging attacks, dissect recent attack chains, and provide clear guidance on how to better secure your enterprise from sophisticated threats targeting your software supply chain. You’ll also get an exclusive preview into Zscaler’s protection suite, which unifies our threat intelligence, cybersecurity experts, and innovative technology to help defend your organization against the most advanced attackers. Forward-Looking Statements Blog posts on this site may contain forward-looking statements that are based on beliefs, assumptions and on information currently available to our management. These statements, including but not limited to statements relating to our products, customers, business development activities and business results, are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. You can identify these forward-looking statements by terminology such as “will,” “expects,” “believes,” “anticipates,” “intends,” “estimates” and similar statements. A significant number of factors could cause actual results to differ materially from statements made in blog posts on this site. Additional risks and uncertainties are set forth in our filings made with the Securities and Exchange Commission (“SEC”), which are available on our website at and on the SEC's website at Any forward-looking statements in these blogs are based on the limited information currently available to Zscaler as of the date thereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Mon, 07 Jun 2021 12:44:09 -0700 Jay Chaudhry Zscaler is the 2021 Zero Trust Champion at Microsoft’s 20/20 Partner Awards Ceremony In my previous blog, I was proud to share that Zscaler was nominated for two awards from the Microsoft community, including the Zero Trust Champion of the year. On May 12, Microsoft announced the award winners at its 20/20 Partner Awards ceremony, a prestigious event recognizing industry excellence in a number of key areas. I couldn’t be more grateful to the Microsoft community to announce that Zscaler has won the Zero Trust Champion of the Year award, beating out a strong field of competitors. This award validates our forward-looking vision and the significant innovation behind our zero trust architecture, which is reimagining how leading enterprises safeguard their digital business in today’s mobile and cloud-first world. This recognition comes on the heels of the landmark Executive Order on Federal Cybersecurity from the Biden Administration that puts zero trust at the forefront of both public and private efforts to transform security to become more agile, resilient, and significantly reduce risk. We believe wholeheartedly in three fundamental principles of zero trust: Zero trust has generated a massive amount of noise across the industry for good reason—it’s the only way to disrupt the attack equation and get ahead of highly intelligent, rapidly evolving adversaries. With users, data, and applications everywhere, there needs to be a different approach; one that is cloud-native, optimized for the needs of the modern enterprise, and adaptable to the ever-changing threat landscape. Zscaler believes a true zero trust architecture must be built on the following three tenets: Zero network access: connect users to apps, not corporate networks to prevent lateral movement. Zero attack surface: make apps invisible so they can’t be attacked. Zero passthrough connections: deny all privileges; utilize a proxy architecture for better cyberthreat prevention and data protection. It has become evident that legacy network security architectures can’t deliver on the promise of zero trust, as adapting traditional solutions to this new era introduces massive complexity and cost without improving security. The Microsoft Zero Trust Champion of the Year award recognizes Zscaler’s approach to delivering a comprehensive zero trust architecture, one made all the more meaningful by being selected by the Microsoft Intelligent Security Association (MISA) members who were solely responsible for voting on this year’s winners. Together with Microsoft, we will continue to deliver exceptional security outcomes to our customers, built on a foundation of the industry’s leading zero trust architecture, the Zscaler Zero Trust Exchange. Thank you to the MISA members and Microsoft for this honor. Recognition amongst our peers in the industry is humbling, and we are grateful for your confidence in our strategy and execution of providing zero trust to our customers. Don’t miss our joint breakout session at Zenith Live In a few weeks, Zscaler will be hosting its virtual Zenith Live conference, with this year’s theme being Full Cloud Ahead. In our joint session, you will hear from experts at Zscaler and Microsoft about actionable cloud-based zero trust solutions and crucial strategies to stay ahead of today’s most advanced threats. Our experts will discuss the strategies and technologies required for a true zero trust architecture and how you can make zero trust a reality for your organization. Register for Zenith Live here: We hope to see you there! Thank you again to Microsoft and the Microsoft Intelligent Security Association for this opportunity and recognition. Mon, 17 May 2021 15:07:00 -0700 Punit Minocha The New Cybersecurity Executive Order The Biden Administration’s new Executive Order on Federal Cybersecurity underscores a growing understanding of cyber vulnerabilities and IT’s vital role in every Federal program and mission. The EO outlines a number of actions, including a significant directive for the Department of Homeland Security to develop a federal cloud security strategy that moves the federal government closer to a true centralized enterprise model based on the principles of zero trust. We had Cloud First, and then Cloud Smart. The new Executive Order moves us into the era of Cloud Secure. Under the new EO, CISA will develop a federal cloud service governance framework; CISA and FedRAMP will together establish a framework to coordinate and collaborate on cybersecurity and incident response activity related to cloud services. And, the new EO includes steps to ensure new levels of software supply chain security -- requirements Zscaler already meets -- that collectively will reduce risks to federal programs, infrastructure, and national security. We are encouraged to see the focus on developing cloud security strategies, technical reference architectures, cloud governance security frameworks. Additionally, we strongly agree that zero trust is a critical and urgent need for effective cybersecurity in the face of evolving threats. It is also critical that we embrace the important cloud security frameworks that FedRAMP and CISA have built, including the Trusted Internet Connection (TIC) 3.0 guidance, as they will shepherd us into the new Cloud Secure era. Zscaler’s Zero Trust Exchange is a powerful tool for agencies as they move forward with their zero trust plans, supporting efforts to work-from-anywhere and access data from anywhere, whether in a sanctioned or unsanctioned environment by securely connecting users, devices, and applications. Core components currently supporting more than 100 federal agencies and federal integration partners include: Zscaler Private Access (ZPA™) which has achieved FedRAMP-High JAB Authorization Zscaler Internet Access (ZIA™) which has achieved FedRAMP “In Process” status at the High Impact level, sponsored by a U.S. Department of Defense (DoD) Command and prioritized for Joint Authorization Board (JAB) authorization currently (authorized at the Moderate Impact Level) Zscaler’s Zero Trust Exchange enables dynamic, context-based access controls to secure cloud transformation and change how agencies defend against modern attacks. Unlike legacy network security approaches that expose applications and open the door for lateral movement, Zscaler: Connects users and devices to apps, not networks, to eliminate lateral threat movement. Makes applications and users invisible to the internet, thus reducing the attack surface. Uses a proxy architecture, not a passthrough firewall, enabling full content inspection and security, including encrypted traffic. We are also encouraged to see the call for improved endpoint detection and response. You can’t manage what you can’t see, and this step is a critical foundation to enabling improved threat information sharing. Zscaler partners with Crowdstrike, a leader in cloud-delivered endpoint protection. CrowdStrike’s AI-powered Threat Graph integrates with Zscaler’s cloud security platform to provide customers with real-time threat detection and automated policy enforcement. Over the past ten years, private industry has spent billions of dollars securing the cloud. And, we’ve seen CISA and FedRAMP take advantage of industry partners and knowledge. The public sector can build on this foundation (rather than re-creating the wheel on programs like TIC 3.0, CMMC, etc.) -- it’s great to see the focus on collaboration. Federal digital transformation dramatically accelerated through the pandemic, and we now have an urgent need to accelerate cybersecurity modernization, including industry best practices like Zero Trust Security. The goals set forth in the EO are ambitious, but we can meet them with strong public/private collaboration and coordination across government as we enter this new Cloud Secure era. We applaud the Administration for launching this all-of-America effort. Join us for our webinar “Strategies for Creating Your Agency’s Zero Trust Playbook” on Wednesday, May 19th to learn actionable steps that you can take to advance your organization’s Zero Trust strategy and deployment. We’ll also be sharing several frameworks to help achieve the targets of the executive order at Zscaler’s upcoming virtual Zenith Live event - register for free today. Thu, 13 May 2021 08:22:19 -0700 Stephen Kovac Partnership with Steel Root to Support CMMC Requirements for Defense Contractors In an effort to strengthen federal supply chain security, it will be necessary for more than 300,000 defense contractors to meet Cybersecurity Maturity Model Certification (CMMC) requirements over the next five years, demonstrating they can protect Controlled Unclassified Information (CUI). While CMMC launched prior to the SolarWinds attack, the massive breach underscores the hard requirement to improve and normalize cyber requirements for the organizations that support federal missions. Not only will CMMC be required on all new DoD contracts, but the DoD will also leverage third-party assessments and certifications to ensure these requirements are being met. This contrasts with the status quo, in which contractors are expected to protect CUI on their own accord, meeting their own internal compliance standards. Steel Root, a leading cybersecurity services firm specializing in compliance for the U.S. Defense Industrial Base, and Zscaler recently announced a partnership to help defense contractors prepare for CMMC certification. Commenting on this partnership, Steel Root Managing Partner Mike Nestor says, “Zscaler is a disruptive force in cloud-based security and has been validated year over year as the only leader in Gartner’s Magic Quadrant for Secure Web Gateways.” He continued, “When the FedRAMP authorization for Zscaler Internet Access was announced in 2020, we immediately recognized the solution as a required component in the cloud-native systems we design and implement. It’s the only zero trust secure access solution in the market that can meet our clients’ compliance requirements.” As the only SASE solution provider to meet the defense industry's most stringent security requirements (FIPS 140-2, validated cryptography, and FedRAMP authorization for cloud services), Zscaler is focused on bringing the most secure cloud-based security services to DoD organizations and the larger defense industrial base community. Steel Root understands the importance of a cloud-first, future-ready strategy, and provides highly effective guidance and implementation services supporting defense contractors as they prepare for CMMC—which is why our partnership with Steel Root furthers our commitment to helping federal organizations improve their cybersecurity posture. As DoD contractors proactively consider how their organizations can achieve the highest level of cloud accreditation through CMMC, they should look to leverage cloud security platforms that have already achieved FedRAMP-High authorization, such as Zscaler’s FedRAMP-High Zero Trust Exchange. Together, Zscaler and Steel Root provide both guidance and implementation services for defense contractors as they prepare for CMMC. As, a result, contractors can focus on supporting DoD missions—and together, the defense community can take steps forward to mature cyber defenses. Mon, 26 Apr 2021 08:00:01 -0700 Drew Schnabel Achieve True Zero Trust with Zscaler and Splunk Zscaler is proud to announce our zero trust partnership with Splunk, giving security analysts more ways to incorporate telemetry from our world-class Zero Trust Exchange into their workflows and strategies. Together, our tightly integrated, best-of-breed cloud security and security analytics platforms deliver unmatched zero trust capabilities for the modern, cloud-first enterprise. Zero trust is based on the notion that a breach is inevitable or has likely already occurred, and therefore any and all access to resources should be limited to the least amount possible for users to be able to do their jobs. This involves segmentation, risk-based access controls, continuous authentication and monitoring, and dynamic coordination between security controls. Citing guidance from the National Security Agency (NSA), “to be fully effective to minimize risk and enable robust and timely responses, zero trust principles and concepts must permeate most aspects of the network and its operations ecosystem.” Zscaler and Splunk work together to do just that. Zscaler’s cloud-native proxy architecture eliminates unnecessary exposure and provides rich data and increased visibility for the SecOps team. With a direct-to-cloud architecture, security teams can ensure that policy is being applied across every transaction; meanwhile, they get boosted insight into users, data, and apps. The zero trust benefits of Zscaler include: Zero attack surface – apps are never exposed to the internet; you can’t attack what you can’t see Direct connections to an app, not a network – segment of one, no exposure of any additional resources or data, no ability to move laterally or connect to C&C servers Proxy architecture, not pass-through – full content inspection including SSL; holds and inspects unknown files before reaching the endpoint Multi-tenant architecture – cloud-native, multi-tenant design; continuous security updates Secure Access Service Edge (SASE) – policy enforced at the edge in 150 DCs (SASE), peering in internet exchanges, hundreds of apps Splunk, meanwhile, provides SecOps teams with centralized log ingestion and analytics to monitor and correlate activities across the entire security environment – including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards – and provides visibility into zero trust with a zero trust analytics dashboard. Further, Splunk Phantom can orchestrate policy, allowlist/denylist, and remediation actions using Zscaler’s API. Splunk delivers: Logging, normalization, correlation, and enrichment of data from your entire security infrastructure in Splunk including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards Robust analytics including Risk Based Alerting (RBA) and User and Entity Behavior Analysis (UEBA) to identify suspicious/malicious behaviors A centralized single pane of glass to remediate incidents Zero trust analytics dashboards that incorporate data from multiple sources, including Zscaler, to provide end-to-end visibility Automation and orchestration of triage, investigation, and response to stop threat actors before they can do damage Centralized security controls and policy management, which can be used to enact changes to the Zscaler platform in addition to other tools Accelerate time-to-value with Cloud NSS log streaming Cloud NSS is Zscaler's innovative new cloud-to-cloud data streaming service that makes it even faster and easier to deploy, manage, and scale log ingestion from Zscaler to Splunk Cloud. This service enables native ingestion of Zscaler’s rich cloud security telemetry to enrich investigation and threat hunting for cloud-first organizations – and is configurable in a matter of clicks. Splunk Cloud correlates the Zscaler telemetry with an organization’s other high-value data sources, providing full visibility into actionable data for investigations within one centralized console. Zscaler’s cloud-native security architecture dramatically reduces the attack surface and provides full inline scanning and analytics, and sends high-resolution telemetry logs directly to Splunk using the cloud-to-cloud log streaming service. The Zscaler app for Splunk further allows for SecOps teams to visualize Zscaler’s threat protection with detailed dashboards and prebuilt queries. Customers benefit from: Fast, reliable integration: Get immediate visibility with pre-built integrations. Splunk and Zscaler work together seamlessly, with high-resolution telemetry data normalized and ingested directly into Splunk. Increase reliability and scalability by sending all logs directly to Splunk via the Splunk HTTP Event Collector with no middleware. Simplified Management: No additional appliances to manage for logging. Direct cloud-to-cloud integration is managed by Zscaler and Splunk. Let your analysts spend more time on preventing, investigating, and mitigating threats and less time on administering logging pipelines. We are extremely excited to offer our customers the benefits of this partnership with Splunk, and look forward to continued collaboration on zero trust. To learn more, check out the Zscaler + Splunk solution brief. If you're already a Zscaler and Splunk customer, download the Zscaler App for Splunk from Splunkbase today. Mon, 26 Apr 2021 09:00:01 -0700 Mark Brozek Best-selling Author Ben Mezrich Joins Zenith Live as Keynote Speaker Zenith Live, the world’s largest cloud transformation conference, is right around the corner—but that hasn’t stopped us from adding to our impressive list of executive and future-forward keynote speakers. Today, we’re excited to announce our latest addition to this year’s event: Ben Mezrich. In his keynote, An Interview with Ben Mezrich: A Glimpse Inside the Rise of Bitcoin and the Modern Tech World, Mezrich will walk through the story behind his latest book, Bitcoin Billionaires, while sharing his unique view on the future of cryptocurrency, the world’s economic future, and, of course, the real story behind the infamous Winklevoss brothers—the world’s first Bitcoin billionaires. From the twins’ falling-out with Mark Zuckerberg, to a beach in Ibiza, to the emergence of the Silk Road—and subsequent SEC hearings—Bitcoin Billionaires exposes the true story behind the brothers’ attempts for redemption and revenge in the wake of their epic legal battle with Facebook. Not only is this story wildly entertaining, Mezrich uses it as a springboard to comment on the future of currency and digital economics, weaving together the complexities of emerging technology and humanity. Mezrich will be recounting this story and sharing his perspective on the ways that cloud computing is reshaping the world as we know it—all in a candid interview with Zscaler CMO, Chris Kozup at Zenith Live. You won’t want to miss this! Here’s how to register. What you can expect at Zenith Live 21 Zenith Live is a virtual conference focused on secure digital transformation, showcasing what’s possible with the flexibility of true zero trust. With over fifty breakout sessions across six tracks, hands-on training, executive forums, and architecture workshops, Zenith Live is designed to show IT leaders across all disciplines how to lead an organization securely into the modern era, where you can innovate faster, reduce risk, and work smarter—all at the speed of cloud. In addition to Mezrich’s keynote, here’s what else you can expect at this year’s event: Expert speakers Hear visionary predictions for the future of the digital world and how CIO, CTO, and CISO pioneers from Fortune 500 companies successfully enacted their secure digital transformation initiatives. In-depth breakout sessions Select from over 50 sessions in six tracks: Foundations Zscaler Expert CloudOps/DevSecOps Network Professional Security Professional Public Sector Architecture Workshops Zscaler experts teach an interactive session on how a zero trust architecture can free you from past constraints so you can move securely to the digital future—at cloud speed. Women in IT Exchange A fireside chat with IT leaders on professional directions and practical approaches to breaking down the barriers to individual success. Live Q&A/Demos Zscaler professionals lead hands-on interactive training sessions on Zscaler’s Zero Trust Exchange Technology. Training Zscaler cloud operations and cybersecurity experts will lead detailed hands-on technical training and certification programs. Register now for this one-of-a-kind, two-day immersive experience. Wed, 21 Apr 2021 20:31:25 -0700 Jessica Hofmann Announcing REvolutionaries, the Revolutionary New CXO Community, and the Zero Trust Academy Digital transformation requires zero trust. But successfully adopting zero trust requires not only getting the right platform but driving the entire organization to adopt a new cultural mindset. Roadmaps must be shared, business and IT priorities must align, and silos must be torn down. The new CXO must be both an innovator and a strategist, applying technology and architecture to drive measurable outcomes for the business. The Customer Experience and Transformation team at Zscaler comprises former CIOs, CISOs, CTOs, and heads of network, security, and architecture from prominent global organizations. These former practitioners bring their own real-world zero trust experience and expertise to their roles. They partner closely with Zscaler customer CXOs and future customers who are embarking on their own digital transformation journeys. Today, I'm proud to announce the launch of two key programs, The Zero Trust Academy and the REvolutionaries CXO Community. First, we all share a collective mission to advance the skills of the security-practitioner community. To that end, Zscaler has created the Zero Trust Academy, a certification training program focused on securing connectivity to private apps, SaaS applications, and the internet with the Zscaler Zero Trust Exchange. Second, digital transformation requires buy-in from and deep engagement with the C-suite and IT leadership. To empower, foster, and connect these leaders, we’re launching the Zscaler REvolutionaries Community. Zero Trust REvolutionaries are true pioneers. The REvolutionaries forum brings together visionary tech leaders to showcase zero trust success stories, share digital transformation best practices, participate in CXO-driven industry events, and connect with like-minded innovators. Featured media will include practical and actionable thought leadership content, industry case studies, news, as well as the latest cybersecurity research from the Zscaler ThreatLabZ team. Through highlighting successful thought leadership, events, insights, and community, we can help other enterprise leaders, we can push forward new technology architectures that will allow businesses to excel at their mission, and we can set standards for a new digital future that lives securely in the cloud. It's time to seize the zero trust moment. Join me and other CXO REvolutionaries at Tue, 20 Apr 2021 05:00:01 -0700 Kavitha Mariappan Entitlements: The Most Overlooked Risk in the Public Cloud Understanding the threat vectors that introduce business risk is an important early step towards developing a strong cybersecurity strategy. The same is true as your organization embraces the public cloud. There are five key areas that can introduce risk when working with the public cloud which must be understood and properly protected. Five key public cloud threat vectors Configuration – This is the realm of cloud security posture management (CSPM) tools. This is where you gain an understanding of the configuration of all of the services and resources in your cloud environments, the corresponding security posture, and misconfigurations that need to be remediated. External exposure – Anything that is exposed to the internet is a potential target for bad actors. But workloads need internet access as well as access to other clouds and to your traditional data centers. Understanding what can be attacked from the outside is absolutely critical. Lateral movement – Even if you’ve appropriately configured all services and have minimized your exposed attack surface, there is still the possibility of someone or something getting in. Knowing and preventing bad actors from moving laterally across your public cloud footprint can help ensure that the impact of any breach is minimized. Crown jewel data and applications – Many organizations are migrating sensitive data and applications to the public cloud. Knowing where these crown jewel assets are and applying additional protections can help minimize the impact of a breach. Entitlements – The final piece of your public cloud attack surface is the one most commonly overlooked: entitlements and permissions. An organization with hundreds of cloud users and thousands of cloud resources will have hundreds of millions of discrete permissions granted. This may include unused permissions, non-federated dormant accounts, misconfigured permissions, and more. Cloud Infrastructure Entitlement Management The emerging category of products addressing the growing cloud permissions problem is known as Cloud Infrastructure Entitlement Management (CIEM). How big is this problem? According to Gartner, “by 2023, 75% of cloud security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.”1 This is why we’re so excited to welcome Trustdome to the Zscaler family. Trustdome is an innovator in CIEM, providing permissions security across all cloud environments, while preserving DevOps’ freedom to innovate. The platform provides full governance over who has access to what across all your clouds, resources, identities, and APIs. You get a 360° view of all your permissions and the ability to automatically find misconfigurations and get remediation plans teams can act on, all from one unified platform. And with zero disruption to DevOps, they’re free to deploy code rapidly, freely, and securely. Key use cases for CIEM include: Cloud permission governance – Discover who can access what and how permissions are utilized across human, machine, and external identities Least privileged configuration – Clean up unused, default, and misconfigured permissions, maintaining a simple and transparent permissions model Guardrail enforcement – Implement a unified cloud permissions guardrail policy across major cloud platforms including IaaS, PaaS, and SaaS The Trustdome product will become Zscaler CIEM, a critical element of Zscaler Cloud Protection (ZCP) services. ZCP simplifies and automates zero trust security for workloads on and between any cloud platform, providing comprehensive coverage for all five threat vectors of the public cloud. To learn more about Zscaler CIEM or to schedule a demo please connect with us directly. 1 Gartner, Managing Privileged Access in Cloud Infrastructure, June 9, 2020, ID G00720361 Forward-Looking Statements This blog contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include our intention to acquire Trustdome, the timing of when the acquisition will be completed and the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this blog, including those factors related to our ability to successfully integrate Trustdome technology into our cloud platform and our ability to retain key employees of Trustdome after the acquisition. Additional risks and uncertainties are set forth our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 4, 2021, which is available on our website at and on the SEC's website at Any forward-looking statements in this blog are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Thu, 15 Apr 2021 04:45:02 -0700 Rich Campagna Join Us Live: Seize the Zero Trust Moment. Accelerate digital transformation with confidence. Join Zscaler for Seize the Zero Trust Moment: a virtual broadcast covering the latest Zscaler innovations, how to implement and leverage zero trust to improve business agility, and personal accounts and stories of digital transformation success. Reserve your spot today. Digital transformation is so much more than migrating a few applications to the cloud, and it’s largely reliant on the Internet as the new corporate network. The benefits of transformation make enterprises more agile, efficient, and modern—but can also make them more vulnerable to attacks if the proper security isn’t in place. Zscaler has helped thousands of customers securely enable their digital transformation through a true zero trust architecture, the Zscaler Zero Trust Exchange. Powered by the world’s largest security cloud, our customers leverage zero trust to securely connect users and applications, prevent data loss, increase visibility into threats, and keep the cloud safe—for all. So, with that in mind, we invite you to our upcoming global broadcast, Seize the Zero Trust Moment. The latest in cloud security will be unveiled. Join us to learn how the latest Zscaler innovations will enable you to accelerate business transformation by embracing zero trust. This broadcast will introduce the technologies, tools, and resources required to protect your business as you embark on your digital journey, including: Taking zero trust to a new level A new normal will be a hybrid workforce where users working both inside and outside the office more prevalently. Zero trust services must be designed to secure this new world, and ensure zero trust for all. A safer world With the internet as the new corporate network, threat actors are devising new ways of stealing data each day. Join us to see how we’re helping customers protect their data. Security doesn’t have to be hard One of the biggest challenges IT security leaders have is that security can be complicated, especially with legacy point products. During our broadcast, we'll dive into how Zscaler aims to make life easier for IT. Hear from some of the world’s top digital transformation experts. We've put together a stellar lineup of IT and security leaders. They will explain how zero trust addresses new business challenges and how Zscaler has helped customers—all with the Zscaler Zero Trust Exchange. Elevating IT together. A security strategy is only as strong as the people driving it and the ecosystem that enables it. That said, Seize the Zero Trust Moment will help elevate the role of IT leaders and executives and empower practitioners through industry-first initiatives. We’ll highlight some of the work being done with some of the world’s most popular security vendors as well. Join us from around the globe. With organizations moving out of the data and into the cloud at record rates, now’s the time for a fundamental shift in how business is done, and how it’s secured. In light of this, we’re bringing this event to every corner of the globe—in three time-zone-friendly sessions: AMERICAS: Tuesday, April 20, 11 AM – 12 PM PT | 2 PM - 3 PM ET APAC: Wednesday, April 21, 10 AM - 11 AM IST | 12:30 PM - 1:30 PM SGT EMEA: Thursday, April 22, 10 AM - 11 AM BST | 11 AM - 12 PM CEST Reserve your spot. When you’re seeking to accelerate digital transformation, it can be difficult to know where to start—but we’re here to show you how you can do it confidently, starting with zero trust. Reserve your spot at Zscaler’s Seize the Zero Trust Moment virtual broadcast. Mon, 12 Apr 2021 14:16:17 -0700 Christopher Hines Full Cloud Ahead: A Journey to Zenith Live 2021 When I joined Zscaler last fall, the company was in the final few days before launching its first all-virtual Zenith Live Cloud Summit. It was an enormous undertaking, and dozens of people had worked for months to make it a dynamic experience, in spite of its being virtual, with compelling speakers and material that attendees would find truly useful. I pretty much arrived at Zscaler just in time to turn on my monitor, enter the virtual conference hall, and tune in. In session after session, I learned so much about the company, the market, and, above all, the realities that Zscaler customers are contending with in the real world, along with their vast community of enterprise CIOs, CISOs, and IT professionals at all levels. There was something else we all learned last fall: with nearly 14,000 people registered for Zenith Live, it was clear that there’s an ongoing thirst for information. That’s why I’m so excited to announce that we will be hosting an all-new virtual Zenith Live this June. This event will be focused on using zero trust as the foundation for accelerating secure business transformation and fueling your company’s growth at cloud speed. AMERICAS | June 15–16 EUROPE | June 16–17 ASIA-PACIFIC | June 22–23 Since our very first conference in Las Vegas, Zenith Live has always been dedicated to secure transformation and, though we’ll miss meeting everyone in person, this year’s event will be no different. But for most organizations, transformation is well underway. With the widespread use of SaaS and the migration of private apps to public clouds, more business traffic is destined for the cloud than the data center. And starting in 2020, with the remote workforce going from the exception to the rule, most user traffic is being routed over the internet, not the corporate LAN or WAN. As this transformation has accelerated, organizations have begun to realize the promise of the cloud, achieving greater resiliency and flexibility, unprecedented productivity and collaboration, and better customer outcomes. But companies that continue to rely on legacy networking and security solutions are holding up progress, hindering their IT leadership teams’ ability to speed innovation, create new revenue streams, and drive the business forward. We believe that transformation is a business imperative, and its benefits can’t wait, so for Zenith Live 2021, the theme is Full Cloud Ahead. What does it mean to go full cloud ahead? It means leaving behind the technologies of the past that are making you vulnerable to attack and that frustrate users with poor performance and dropped connections. It means simplifying your infrastructure and taking advantage of powerful business enablers, such as big data, artificial intelligence, IoT and OT, and machine learning. And for most, it also means greater efficiency and reduced costs. The key to going full cloud ahead is to build on a true zero trust strategy that secures every connection using business policies. At Zenith Live, we’ll be presenting recent innovations in our Zero Trust Exchange platform that will accelerate your transformation with expanded capabilities and greater automation. At Zenith Live, you’ll hear how leading organizations are enabling zero trust right now to achieve their business goals. Learn about trends and innovations during keynotes, panel discussions, and fireside chats with industry leaders. Choose from more than 50 technical sessions and bring real solutions to your organization through architecture workshops and expert-led training. I’m looking forward to being a part of all of it and I hope you will, too. Be sure to register today so you can receive updates on the agenda and notifications when registration for training opens. Tue, 06 Apr 2021 08:00:01 -0700 Chris Kozup Zscaler Recognized as a Microsoft Security 20/20 Partner Awards Finalist for Zero Trust Champion and Security ISV of the Year This week, Microsoft announced that it had chosen its Microsoft Security 20/20 Partner Awards Finalists for the year, a prestigious classification in the Microsoft partner community. I am honored to announce that Zscaler has been chosen as a finalist in two categories: Security ISV of the Year (which Zscaler won last year); and Zero Trust Champion – ISV These nominations validate and underscore Zscaler’s approach to delivering the best and most secure digital experience for our customers. Together with Microsoft, we have secured thousands of enterprises, from major industrial companies such as GE and Siemens, to leading consumer brands including L’Oréal. In total, we have more than 3,000 joint customers that benefit from our seven deep integrations across Microsoft 365 and Azure involving key programs and technologies in support of the zero-trust journey. I would be remiss without thanking our customers for joining us in this journey. The past year has been difficult—to say the least—and our collaboration with Microsoft has shown time and time again what having two innovative companies working together can create. To demonstrate this point, I’m going to share two quick stories, the theme of which you are likely familiar with, but each with an ending that speaks of triumph, innovation, and poise. Racing to get the workforce remote: Zscaler + Microsoft 365 Nearly a year ago to the day, many of us received notice that work wasn’t going to be in the office for some time due to the COVID-19 pandemic. Putting technical hurdles aside for a moment, a question that arose for many enterprises around the world was, “How are we going to get our work done?” With so much of the world using enterprise business and productivity apps on-prem and in the cloud to communicate, organize, write, present, calculate, exchange files, etc, there was no time to waste. People had to go home, but work couldn’t grind to a halt. IT leaders had a lot to think about. “Is my network going to hold up? Does everyone have the access to the apps they need? Is my security for remote workers enough? What do I need to implement to handle growing traffic needs and new attack surfaces?” It became evident nearly overnight that the network architectures of the past had run their course. It was time to try something new, something innovative for the new work-from-home reality. Johnson Controls: 100,000+ office workers required to go remote Johnson Controls is a large, multinational corporation that specializes in the production of HVAC, fire, and security systems for buildings. When the pandemic hit and workers needed to become remote, Johnson Controls turned to Zscaler and Microsoft to alleviate pains with legacy VPNs that became impossible to scale and hurt the user experience. In three weeks, Johnson Controls was able to overcome VPN capacity limitation constraints using Zscaler Private Access and Azure AD, which easily scaled automatically to meet user needs, while significantly improving the end-user experience and implementing a zero trust app access solution. Johnson Controls was able to transform how work was done in a matter of weeks to meet a changing world. DB Schenker: Local internet breakouts for 1,400 branch locations in 80+ countries DB Schenker is a large European-based logistics company with more than 75,000 employees in 80+ countries. DB Schenker looked to Zscaler to enable its move to a SASE architecture that enabled cloud-based applications—including Microsoft 365—and removed IT complexity for branch locations. Together, we: Moved to Microsoft 365 cloud services in 80+ countries Removed appliances and enabled direct-to-internet connections for 1,400 branch locations Created 40,000 “home locations” with direct internet and SaaS access due to COVID-19 mandates Allowed critical, every-day collaboration via Microsoft Teams touching 75,000 employees It’s stories like these that make our collaboration so powerful and unique. When customers need to solve the world’s most pressing IT problems, they can turn to Zscaler and Microsoft. Zero trust is not a nice-to-have, it’s fundamental to digital transformation This is the first year that Microsoft has a Zero Trust Champion award, and we’re extremely proud to be nominated. Zscaler is committed to helping our customers accelerate digital transformation with a focus on zero trust. The Zscaler Zero Trust Exchange, the platform that powers all Zscaler services, is uniquely positioned to protect a changing, hyperconnected yet dispersed world. Business is taking place off your trusted corporate network and outside your security perimeter. Apps now live both in your data center and the cloud Users are connecting from everywhere using a variety of devices Server, IoT, and OT traffic is growing exponentially The internet is the new connectivity layer Zscaler’s Zero Trust Exchange is a cloud-native platform that securely connects users, apps, and devices over any network, in any location, using business policies to increase user productivity, reduce business risk, slash costs, and simplify IT. Together with Microsoft, we’ll continue our stewardship of digital transformation built on zero trust principles. Don’t forget to check out Microsoft Security 20/20 Again, we want to thank Microsoft for the company’s continued collaboration with Zscaler. Our commitment to our joint customers remains steadfast as we expand our integrations across Microsoft’s suites of products, and we stand ready to take on the toughest IT challenges the world has to offer. The second annual Microsoft Security 20/20 awards will celebrate finalists in 18 categories spanning security, compliance, and identity. Microsoft will be unveiling the winners of the Microsoft Security 20/20 Partner Awards, voted on by a group of industry veterans, on May 12, 2021. Wed, 17 Mar 2021 16:22:06 -0700 Punit Minocha These Two Identity Juggernauts Identified Zscaler as a Leader in Zero Trust for Remote Work Security. Communication. Collaboration. These were the three areas that companies invested in most since the beginning of last year. Don’t just take my word for it— reports from both Microsoft and Okta provide insight into the most popular enterprise applications being used to support remote work for business. Zero trust is growing just as quickly as collaboration For years, we have talked about the importance of zero trust for access to apps and its two key foundational elements: identity, and the use of business policies (that can adapt as needed) when it comes to securing user access to critical business services. Identity is the passport needed to determine who a specific user is (no implicit trust of IP address). Business policies are set by IT teams and determine which authorized users can access which specific applications. These policies are enforced, and the user to app connection brokered, by a zero trust exchange service. These business policies follow the user no matter where they are—at home, at their favorite cafe, their Airbnb, or back at the office (hopefully someday soon). As employees join companies, leave companies, and devices get lost or become infected by malware etc., those business policies then automatically adapt using APIs shared across zero trust ecosystem players like Zscaler, Crowdstrike, Microsoft, Okta, and Splunk. For example, this is where our investment in SCIM 2.0 supporting Microsoft, Okta, and others, becomes incredibly useful to our customers. If an employee leaves the company, we consume that information from IDP, and use SCIM 2.0 to revoke access. We can then view logs in real-time and automatically stream them out to a SIEM server for further SOC analysis. We purposely designed our Zscaler platform to be able to integrate with popular identity providers like Microsoft Azure Active Directory, Okta, Ping and several other SAML-based IDP solutions because we believe in the importance of zero trust within the enterprise. So, when I look at the findings from both Microsoft and Okta, two identity juggernauts, the most exciting sub-story that immediately jumps out to me is the fact that zero trust solutions are among the fastest-growing apps on the market–and Zscaler is one of the top solutions! The state of apps by Microsoft identity (Zscaler is #4) Okta Business at Work Report Zero trust, no matter where users are The value of adopting a zero trust strategy has become more evident than ever during COVID-19 life, but one important tip I give to customers is to not make the mistake of thinking zero trust is only valid for remote work. Many customers have told me about the prospect of building plans to support a new, hybrid workforce where employees have the ability to work two days remote and three days in the office. For many IT teams, this still remains to be seen, but whatever the case may be, it’s important to not revert back to traditional methods of connectivity that treat remote employee access to apps differently from in-office employee access, and imply trust by allowing users to connect onto the network using VPN, or simply by residing in the office. FIGHT THE URGE TO DO THIS. I remind them that now that they’ve replaced their remote access VPN (or perhaps plan to soon) with a zero trust solution, they can also use that same zero trust solution to bring employees back to the office safely and securely. The great thing about identity and business policies are that they are omnipresent—they follow the user where they go. So why not take advantage of that? Fewer products for the customer to manage, a seamless user experience from everywhere, and, of course, zero trust access to the business services employees need—who doesn’t want that? The mass transition to zero trust has already begun, and I am looking forward to its continued adoption within the enterprise–especially when the world begins to open back up Wed, 10 Feb 2021 08:00:02 -0800 Christopher Hines My Journey That Began at IIT (BHU) Yesterday, I had the distinct pleasure of addressing the graduates of my alma mater, the Indian Institute of Technology (BHU) in Varanasi. I’ve spoken to many audiences over the past decades about my personal history and perspectives on emerging technologies, security, entrepreneurship, and leadership, but this convocation address was truly special for me. (I invite you to view the video recording below.) .embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } The first time I arrived on the IIT campus to study electronics engineering was more than 40 years ago. It hadn’t been my idea to attend; I had been encouraged by my teachers who believed in my capabilities. The university shaped me in part due to the rigor of the work, but also due to the people I met who would become lifelong friends and colleagues. After graduating, I received a scholarship from the University of Cincinnati, where I earned an MS in Computer Engineering, an MS in Industrial Engineering, and an MBA in Marketing. In recent years, I have been honored by IIT (BHU) with two awards: Alumnus of the year (2015) and Alumnus of the Century in Making (2019). I am humbled by the recognition, and grateful for IIT’s invitation to speak to this year’s graduating class, allowing me to share important life lessons that began at IIT and helped shape my path forward. I had the opportunity to join great companies—IBM, NCR, and Unisys—and worked for 10 years in various technology roles, including engineering, sales, marketing, and management. It was at this time that internet adoption was beginning to skyrocket in the U.S. I was fascinated by the internet, as was every entrepreneur at the time, but my interest was different from the others I knew. This is where my first life lesson really emerged: Take risks and dream big. My family had no history of entrepreneurship. But in the mid-1990s, as the internet was just taking off and internet startups including Netscape had just gone public, I asked myself: Why can’t I do a startup? Instead of viewing the internet at the time as simply a vehicle for commerce, I saw an opportunity to help companies navigate the new security challenges they would face with internet technologies. After pitching my ideas to venture capitalists and failing to raise funding, my wife, Jyoti, and I made the decision to put our life savings into a startup we called SecureIT. I managed sales and marketing, and Jyoti managed finance, human resources, and company operations. As anyone who has started a company can attest, the hours are long and the strain on the family can be difficult. In that way, we were lucky, because Jyoti and I, with our complementary skills, were together 24 hours a day. In 1998, SecureIT was acquired by VeriSign, and most of its employees were able to reap the rewards of their hard work and dedication. The experience with SecureIT taught me a lot about my ambitions and the factors that truly motivated me. I was driven by the sense of accomplishment that came with bringing an idea to life. My advice to young entrepreneurs—to anyone—is to follow your passion. Engage in fulfilling work that boosts your energy instead of sapping it. My second life lesson and one of my favorite mantras is: Uncover your passion and pursue it. If you love what you do, you’ll never work a day in your life. My passion for building and executing fueled three more startups. One was an early SaaS provider, two were in security, and all three were eventually acquired. Even with the success of these companies, I remained driven by the desire to build something new. But as I looked to my next venture, I had a different purpose and I approached it with a changed mindset. I wanted to build something lasting. At the time, enterprises were starting to use the internet as something more than a communications medium. They were conducting business operations over the internet, using services such as Salesforce for CRM and Amazon EC2 for big data analytics and other compute-intensive work. The enterprises had invested heavily in security technologies that provided a secure perimeter around the network, but with more business traffic moving over the internet and more employees using mobile devices off the network, the traditional network security paradigm was on its way to becoming obsolete. About a decade after I graduated, I was at a conference in San Jose, California, and heard a voice that I recognized. It was actually the laugh of K. Kailash, my classmate at IIT (BHU), a brilliant computer scientist, and exactly the person who could help me realize my vision for transforming the security industry. Together, we started what would become Zscaler, the first cloud-native security-as-a-service provider. It was not easy to convince IT leaders that moving their security from the data center to the cloud would decrease risk, improve performance for users, and reduce costs and complexity. But those who saw the promise of cloud-delivered security also saw immediate benefits. Today, over 4,500 enterprises around the world trust Zscaler to help them securely transform their legacy network and security infrastructures for the modern, digital era. Starting Zscaler in 2007, launching our platform and serving customers starting in 2008, going public in 2018, growing to 2,500 employees in 2021, earning industry recognition year after year, and innovating every day—it’s all been the journey of a lifetime, and it all began at IIT. I encourage today’s graduates to consider these two life lessons as they forge their own paths: uncover your passion and pursue it, and take risks and dream big. Mon, 08 Feb 2021 08:00:01 -0800 Jay Chaudhry FedRAMP JAB Certification at the High Impact Level: Another ZIA Milestone Today, on behalf of the entire team at Zscaler, I’m proud to share an important step forward in our commitment to help federal agencies take advantage of modern, cloud-based technology, securely. The FedRAMP Connect program announced that Zscaler Internet Access (ZIA) is prioritized for Joint Authorization Board (JAB) FedRAMP certification at the High Impact Level. ZIA, combined with Zscaler Private Access (JAB authorized at the High Impact Level) are the core of the Zscaler Zero Trust Exchange. The JAB selects an extremely limited number of providers for review each year – the primary criteria is government-wide demand for the solution. Zscaler’s selection underscores the value we are delivering to the 100+ federal agencies, Federal Systems Integrators (FSIs), and partners, and close to one million total users that we currently support; and widespread interest in and need for our solutions across the federal government. The FedRAMP Connect team shared they are “proud to see the scope and scale of innovation and infrastructure modernization that this next group of vendors represent for JAB authorizations.” In 2019, ZIA became the first cloud-based secure web gateway solution to earn FedRAMP certification. In 2020, Gartner recognized Zscaler as the only leader in its December 2020 Magic Quadrant for Secure Web Gateways. Today’s announcement underscores the Zscaler Zero Trust Exchange and Zscaler Advanced Cloud Sandbox as the industry model for the successful implementation of the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Trusted Internet Connection (TIC) 3.0 guidelines, helping to keep civilian agencies and employees safe, productive, and focused on their mission. In 2020, ZPA achieved a FedRAMP JAB High authorization. A JAB High Baseline authorization for ZIA is a significant step forward, enabling Zscaler to offer more comprehensive solutions in the government marketplace, including Advanced Cloud Sandbox, Zscaler Digital Experience (ZDX), and Zscaler Cloud Connector. Certification at the High Impact level also enables Zscaler to support more customers in the Department of Defense (DoD) and Intelligence Community (IC) organizations. High Impact certification signals that the solution can protect government’s most sensitive, unclassified data in cloud environments, including data where loss of confidentiality, integrity, or availability may have a catastrophic effect on operations, assets, or individuals. This progress comes at a critical time. The past year intensified pressure on federal IT teams. The urgent need for secure federal IT transformation is front and center. We are proud to support our customers as they keep employees teleworking safely and productively, while enhancing efficiency with shared services. By providing them with a secure cloud foundation, we are enabling them to take advantage of emerging technologies— AI/machine learning, IoT, and 5G—and build a more innovative and secure future government. To read more about this important achievement for Zscaler, check out our press release here or visit our Zscaler for Government page. Tue, 02 Feb 2021 05:05:01 -0800 Stephen Kovac The Hindsight of 2020 Brings Fresh Perspective for 2021 Happy New Year! None of us could have predicted the tumultuous year that became 2020. Yet the dawn of a new year provides a fresh perspective to better prepare for the opportunities ahead. This past year reaffirmed for all of us, the importance of working together towards a common goal and I am immensely proud of the way in which the Zscaler team worked tirelessly to support the rapidly changing needs of our customers. Almost overnight, organizations around the globe were forced to shift to a work-from-anywhere approach. Zscaler responded quickly to ensure the safety and productivity of employees everywhere. Our Zero Trust Exchange scaled flawlessly as we experienced up to 12x the traffic of pre-pandemic times. Through a comprehensive approach to securing users, data, and applications, Zscaler was able to help customers navigate the unknown with speed and confidence. While our primary focus over the course of 2020 was ensuring the continued productivity of our customers and the safety of our employees, Zscaler had a notable year in several key areas. Market Leadership The entire Zscaler team is humbled and immensely proud to be recognized by Gartner as the only leader in the Secure Web Gateway Magic Quadrant. A result that is the culmination of 10 years of Magic Quadrant leadership and a recognition of our Zero Trust strategy and execution. Going Beyond Limits Zscaler closed 2020 with our Zenith Live virtual event with over 14,000 customers and partners registering to join us to hear the latest innovations in cloud security and digital transformation along with best practices from over 80 customers, including more than 40 CIOs, CISOs, and CTOs. Zero Trust Extends to the Cloud The Zscaler innovation engine is accelerating and we have recently introduced Zscaler Cloud Protection (ZCP), which extends our zero trust capabilities to protect workloads in the public cloud. We are excited that ZCP has been recognized by CRN as one of the top 10 hottest security tools. Trusted Advisor The recent SolarWinds attacks are a stark reminder of the need for continued vigilance. Zscaler has been closely monitoring the situation and is here to help organizations safely navigate questions related to this and other emerging threats. Connect with us to request your security assessment. The Team At Zscaler, we value diversity and view our people as our greatest asset. It’s for this reason that I am extremely proud that Zscaler was the recipient of the 2021 Bay Area Great Place to Work award. As we continue to navigate the weeks and months ahead, Zscaler is committed to being the trusted advisor to organizations seeking to accelerate their secure digital transformation journey. We are here to assist you and your organization in any way we can. Thu, 14 Jan 2021 12:10:00 -0800 Jay Chaudhry My Highlights from Zenith Live 2020 APJ Day Two This post also appeared on LinkedIn. Zenith Live 2020 has come to an end, but only after two days of engaging secure digital transformation customer stories, Zscaler cloud platform product innovations, hands-on architectural deep-dives, and some exciting keynotes. This year, Zenith Live went virtual, with sessions available online (and for free). That served to make the sessions all the more personal, since every speaker was seemingly in the room with me. Below, my highlights from day two. Yesterday, Zscaler President and CTO shared Zscaler’s new innovations in CASB and DLP technology. Today, he kicked off the event with a session titled “Cyberthreats and Cloud Protection Innovations,” and began with the announcement of Zscaler Cloud Protection, an exciting new feature that secures enterprise applications and workloads. He also introduced Jeremy Embalabala, VP of Information Security for insurance brokerage firm HUB International. Jeremy has led secure digital transformation initiatives at HUB, and the switch to Zscaler (and the cloud) has improved both security and transparency. After HUB adopted Zscaler Internet Access (ZIA), explained Jeremy, “[w]e gained new insight into our traffic flow. We were able to understand and categorize what type of traffic was flowing across our network, when previously we didn't have any visibility.” After Amit, we heard from IT leaders with Zscaler customer Takeda Pharmaceutical Company. The Tokyo-based firm is the oldest pharmaceutical company in the world, and is celebrating its 240th birthday! CISO Mike Towers shared the company’s secure digital transformation journey to a zero trust architecture. He noted that Takeda works with more than 30,000 partners, and “nearly a quarter” of them present some level of cybersecurity risk. “The B2B area and the partner ecosystem,” said Mike, “ is another area where zero trust is something that we absolutely need.” Zscaler has been a long-time development partner with Microsoft: The two companies’ cloud technologies complement each other to deliver benefits to enterprise customers. In a partner session today, Microsoft CVP Alex Simons provided an overview of Microsoft and Zscaler components of a unified zero trust architecture, and even invited some joint customers to join him. Matthias Quernheim, Head of Global Connectivity and Security Solutions with French pharmaceutical company Sanofi expressed great appreciation for the way cloud services from the two companies have benefitted his company. “In total,” he said, “we are really happy that we made the right decisions in 2019 going with Zscaler and Microsoft.” In the afternoon keynote, Andy Greenberg—a Wired Magazine reporter and author of the book Sandworm—described his experience tracking notorious cyberattacks on Ukraine power infrastructure and the 2018 Olympics, as well as the genesis of the NotPetya malware release. His story (particularly the detective work behind tracing the attacks to the Russian state-sponsored Sandworm group) was gripping, but he offered some hope in the face of daunting cyber terror. “In this new era of hyper-sophisticated cyber war teams and highly motivated, well-resourced, for-profit ransomware cyber-criminal gangs carrying out targeted attacks,” explained Andy, “we may not be able to avoid being vulnerable...but we can be resilient against them.” I hope you were able to attend and enjoy Zenith Live 2020. If you missed anything (today or yesterday), visit to view event session recordings. And keep an eye out for a future invitation to Zenith Live 2021. It might not be quite as virtual as this year’s event, but I’m sure it will be just as inspiring. Wed, 16 Dec 2020 01:00:02 -0800 Sudip Banerjee Zscaler Expands Kiwi Offerings as Microsoft Announces New NZ Region New Zealand is already home to Lord of the Rings and the formidable All Blacks rugby team, and now it has another powerful asset. To better support Zscaler’s growing client base in the land of the long white cloud, we have created a local deployment of Zscaler Private Access (ZPA). With the announcement of the first Microsoft data centre region in the country, ZPA enables clients to take full advantage of a Zero Trust Network Access (ZTNA) security strategy. ZTNA provides a secure and scalable alternative to traditional Virtual Private Networks (VPNs) and is designed with remote workers in mind. That’s something especially relevant in the current reality of the COVID-19 pandemic. ZTNA makes an enterprise’s most precious digital assets go dark to the outside world. Unless a user has the authority to access an application or data store, they won’t be able to see that it exists. This significantly improves infrastructure security. The new ZPA capabilities, deployed with the support of local technology partner The Instillery, builds on Zscaler’s existing presence in the country. Since 2018, we have provided secure internet services from a local data centre, and this additional capability takes our offering to new heights. The launch of ZPA within this new Microsoft region comes at a time when trends such as cloud platforms, Software-as-a-Service (SaaS), and mobility are reshaping workplaces. The move delivers our clients more support at a time when they need it most. By delivering a ZTNA capability, ZPA gives users secure access to both existing on-premises applications and resources as well as those running on external cloud-based platforms. Performance is not affected, as is often the case when users rely on traditional VPNs. Zscaler’s expanded capabilities in New Zealand will assist both public and private sectors in their journeys toward a cloud-based future. It will also deliver the opportunity to reduce infrastructure costs, improve security, and increase operational agility. The combination of Zscaler and the Microsoft New Zealand Data Centre Region is big news for our current and future clients. As the only cloud security company that is a Microsoft certified networking partner for Microsoft 365, we are able to deliver a compelling package of services to organisations of all sizes. To find out more about how ZPA can deliver value to your organisation, reach out to us today. Wed, 16 Dec 2020 08:00:01 -0800 Clive Levido Zenith Live 2020 APJ First Day Signals a “New Era” of Secure Digital Transformation This post also appeared in LinkedIn. We’ve just completed day one of Zenith Live 2020 for the Asia-Pacific region. It was a day of inspiring presentations, innovative product demos, and even an astronaut! Zenith Live looks different this year: It has “gone virtual,” with all sessions available online (and free of charge). Though they weren’t speaking on an actual stage, speakers were engrossing, inspiring, and enthusiastic during the first sessions of this year’s premier global cloud summit. Zscaler CEO Jay Chaudhry started the day with his keynote address, in which he made the point that the enterprise digital transformation requires a zero trust architecture. He noted this “new era” we have entered, where users work from everywhere, data traffic grows exponentially, the cloud is the new data center, and the internet is the new corporate network. Jay also offered an overview of the Zscaler Zero Trust Exchange platform, and emphasized its four key pillars to drive secure digital transformation: Secure internet and SaaS access, secure private app access, digital experience, and protected apps and workloads. In the next session, Zscaler President and CTO Amit Sinha and CIO Patrick Foxhoven shared some of the exciting new Zscaler product and service innovations. Amit shared the Zscaler “Blueprint for secure digital transformation,” with the key message: It’s time to prioritize platform over point products. He provided technical details of Zscaler integration with partner identity management, endpoint protection, cloud provider, SD-WAN, and security operations solutions. In that same session, we heard from Steve Day, EGM for Infrastructure with National Australia Bank (NAB). Steve told of NAB’s secure digital transformation journey from legacy hardware to the cloud. “Zscaler, and ZPA in particular turned out to be a really good fit for us,” said Steve. “We're now no longer trying to secure networks across 800 locations across Australia. We're just defending individual applications now at the gateway to those applications, which is really the promise of zero trust.” CEO Jay Chaudhry next led a “Voice-of-the-Customer” session with several IT leaders from Siemens, including CIO Hanna Hennig, Head of IT Infrastructure Markus Holzheimer, VP of IT Strategy & Governance Frederik Janssen, and Head of DEC Anthony Atherton. They talked about fostering agility and resilience, two things that can be challenging to achieve in a time of crisis. Yet—in response to the recent pandemic—Siemens was able to pivot quickly to remote work. Hanna, Markus, Frederik, and Anthony led that charge, enabling more than 300,000 employees to work securely from anywhere, with a little help from Zscaler Private Access (ZPA) of course. Zscaler EVP of Customer Experience and Transformation Kavitha Mariappan interviewed Captain Scott Kelly, a former U.S. Navy fighter pilot and astronaut, noted for holding the record for time spent in outer space. Captain Kelly talked about how he pushed himself beyond limits to achieve his (lofty) goals. He also described in detail what it was like to pilot a spacecraft outside of earth’s atmosphere. Zenith Live is known for its breadth of breakout sessions, and this year featured some engrossing customer presentations, partner sessions, and hands-on training. Some popular session topics included a Zscaler Cloud Firewall demo, technical deep-dive into the Zscaler Client Connector, and best practices for network transformation. One session was particularly well-attended: Zscaler Solution Architect Takayoshi Takaoka offered an interactive architectural whiteboard workshop on “Application Transformation for Zero Trust.” Zscaler Director of Transformation Strategy Lisa Lorenzin moderated a panel composed of Asia-Pacific-region IT leaders for the session “Women in IT: Confidence and Collaboration Bring IT Career Success." Lisa was joined by Firuza Karimova, Head of Malware Protection & Network Security for Standard Chartered Bank; Indrani Chandrasegaran, Managing Director of Accenture Security with Accenture; and Jody Davids, former CIO at PepsiCo. They talked about their experience navigating the enterprise IT world, and shared advice for skills development, career advancement, and building support networks. Zenith Live 2020 continues tomorrow at 8:00 AM SGT. (There’s still time to register, by the way!) We’ll hear from Andy Greenberg, the author of Sandworm, who will share his experience tracking the NotPetya malware outbreak. There will also be product innovation news, and customer journey stories from innovative organizations like Takeda Pharmaceutical Company, Sanofi, Unilever, and many more. I hope you can join me for day two! Tue, 15 Dec 2020 01:00:01 -0800 Scott Robertson Mission Accomplished: Zenith Live 2020 Goes Beyond Limits This post originally appeared on LinkedIn. We’ve just wrapped the general sessions for Zenith Live 2020 for the Americas region, and what an event it was all around! Things were a little different this year as the premier global cloud security summit went virtual, yet moving the event online made it even more engaging, with every attendee enjoying a front-row seat. The event allowed for multiple tracks and greater depth for all attendees in various roles across the IT landscape. Listening to customers describe how Zscaler has accelerated their digital transformations, and seeing all of our partners who helped us contribute to our joint customers’ journeys—it was both powerful and humbling. It was also exciting, as it validated for all of us that this is the right time and the right platform to help customers drive transformation success at pace and scale. Customers provided the most inspiring moments at Zenith Live Innovating is in our DNA, but there’s nothing like hearing from customers employing those innovations in the real world. Steven Hernandez, Director of Information Security with Driscoll’s, shared at Zenith Live how the berry-production conglomerate employs Zscaler Cloud Protection to secure data traffic throughout its complex logistics workflows. “We're able to securely manage, monitor, and protect our data and workloads in record time,” explained Steven, “in a fraction of the time of any other solution, without slowing down the business.” Also on the mainstage of Zenith Live was an illuminating “Voice-of-the-Customer” presentation from Takeda Pharmaceutical Company. CISO Mike Towers and Global Head of Intelligence, Analytics, and Response Brent Ball described in detail how the company’s secure digital transformation has delivered tangible business benefits. “[Zero Trust] empowers our workforce to operate from wherever,” said Brent, “to improve their productivity, while maintaining—and in many cases, improving—technology controls and proactively mitigating threats against the organization. Zscaler’s mission was always to go beyond limits When Zscaler was founded in 2008, dozens of vendors were vying to become security leaders, offering bigger boxes and doubling down on legacy approaches. Our CEO and founder Jay Chaudhry and his team were never interested in “improving” the status quo; rather, we looked beyond the technology of the day and took a different route, changing cybersecurity entirely. The mission was to address the new challenges organizations were facing with growing cloud adoption, remote work, and mobile concerns. Zscaler developed a global, massively scalable cloud architecture to help accelerate and secure enterprise customers’ digital transformation. The Zscaler Zero Trust Exchange, a platform through which all connections are securely and intelligently routed, is the world’s largest inline security cloud. Our Zero Trust Exchange cloud processed 10 million transactions, enforced 45,000 policies, and blocked over 6,000 threats in the time it took to read this sentence. Network security vendors used to dismiss our expanding portfolio of cloud security services, but are now racing to catch up as they try and pivot their products and business models. Other vendors are scrambling to prepare for a world where work is no longer tied to a place, and the internal network is no longer the center of gravity. Zscaler was built for this new world. My mission: Build a GTM team without limits Since I joined Zscaler, I’ve made it my mission to recruit team members with the right combination of grit, enthusiasm, and intellectual curiosity. We are growing rapidly, and it is more important now than ever to find innovative people to help us scale the impact we drive for customers. World-class GTM is a team sport. It requires everyone across the organization to be working from the same playbook. Our goal is to build a scalable platform for development and growth that enables success at Zscaler and beyond, for all our teams and our partners. I’m incredibly proud of what we’ve been able to accomplish with our programmatic Sales Strategy and Process, elite Enablement programs, and comprehensive Revenue Ops model. We are disrupting the way security is delivered and sold. It’s not easy to be disruptive. It’s much harder to sell a platform than a point product. But I promise you this: Nothing compares to the satisfaction of driving quantifiable value while solving significant challenges for our customers. This is what customers need right now and we are built to deliver these massive transformational gains. If working with grit and optimism, helping customers succeed no matter the challenges, and going beyond limits is your ethos, take a look at our career opportunities—we’re hiring across the entire GTM organization. We are committed to continuously developing our people across all levels and teams, as that is what top talent deserves, and that is what helps us drive impact for our customers. Wed, 09 Dec 2020 17:28:19 -0800 Dali Rajic Zscaler is the ONLY Leader in the Magic Quadrant I am thrilled about the massive milestone Zscaler has achieved this week with the 2020 Gartner Magic Quadrant for Secure Web Gateways. It is an achievement every entrepreneur dreams of. It starts with the moment when you realize a fundamental change is about to reshape the world. And as entrepreneurs and visionaries, you tie that to a shift in the very basis of how certain capabilities were built or necessitated. It is a long road from there...from realization to implementation, and then an even longer road of execution to show and gain the confidence of the marketplace. Ten years in, it is amazing to see how well the Gartner Magic Quadrant demonstrates that journey. Our first year in the Magic Quadrant was 2011—the market was saturated with numerous vendors, with five in the Leaders quadrant alone. SWG was largely URL filtering and antivirus. However, everyone knew that as internet usage increased, SWG would have to expand to become the DMZ of choice for most organizations. However, all this was expected to be done on appliances in a host of shapes and sizes. Peter Firstbrook and Lawrence Orans had realized that the future was cloud, but it was only a visionary idea. I remember flying with Jay to meet Peter in a small frozen town in Canada to whiteboard ideas for an advisory day. The many conversations with Lawrence over the future of networking in Connecticut. At the time, the Magic Quadrant questionnaire had fewer than five questions (out of 100+) that asked about a cloud form factor. Propelled by Jay’s extraordinary vision and conviction, Zscaler entered that world with a bold, one-of-a-kind born-in-the-cloud product portfolio that rivaled the best appliances. In the very first year, Zscaler secured a position in the Magic Quadrant as the furthest right on the visionary axis—a position Zscaler has proudly continued to own ever since. A new entrant can never beat legacy vendors for revenue or execution on day one. But a new entrant wins a market only if they have better vision and conviction of the future than everyone else. Otherwise, it is only a “me too.” Over the numerous years, our conviction was tested many times. For a company that was started in one of the worst recessions in the U.S., the journey was definitely not a cakewalk. As cloud, Microsoft Office 365, and mobility caught on, the need for a cloud form factor to protect employees became obvious. At the same time, the growth of SaaS, IaaS, and PaaS made it critical for the SWG to become the focal point of network protection. Clear trends like SSL everywhere meant the only relevant point for network protection is the proxy that can inspect all SSL traffic. This resulted in the SWG definition subsuming or adding many previously independent functions (with the Magic Quadrant questionnaire reflecting this change): Coverage for all ports and protocols (Cloud Firewall) Advanced malware detection with IPS, sandboxing, machine learning, and more Data loss prevention and CASB Coverage for handheld form factors (Android and iOS) Remote browser isolation technologies Zero trust As the market adopted this change, the Magic Quadrant has clearly reflected vendors that kept up and were recognized not only by Gartner for vision, but also by the market at large for execution. Through our early years, industry visionaries, including Larry Biagini at GE, saw the need for a new way to ensure the security of their massive organizations. The same realization was happening all over the world across organizations in every vertical. These early customers shaped the outcome of what the SWG needed to become. Each year as SWG became more complex and the importance of the cloud grew, the old leaders started to fall away. Each year, Gartner continued to push clear guidance of cloud being the future. To a point two years ago when the Magic Quadrant questionnaire had 90 percent of its questions focused on the cloud form factor. What a shift, and kudos to Gartner analysts for keeping their ears to the ground and staying one step ahead to guide the market. This year’s pandemic brought the changes Gartner has been espousing into sharp focus. Enterprises that had adopted new approaches—cloud-delivered security, zero trust, CASB, digital experience monitoring—were positioned to quickly enable their employees to work securely and remotely. Those companies that were relying on legacy technologies faced an uphill battle to scale for a fully remote workforce (on unmanaged devices), provide secure access to private apps, and protect data. It is with great pride that we see the Magic Quadrant released this week demonstrating Zscaler’s conviction and hard work paying off. We are the only Leader in the most important security product family that is subsuming all of the past network-based defenses. While we wholeheartedly embrace our role in creating innovative, “disruptive” technology, we’ve always measured our success by that of our customers, who have been keeping the world working, literally. They’re running multinational corporations with their employees safely at home. They’re running financial institutions, government agencies, healthcare systems, energy infrastructure, and much more. We’re immensely proud to serve thousands of organizations around the world and that they trust us to help them meet the challenges of the day while keeping their lifeblood—people, systems, and data—accessible and secure. Customer obsession is a core value at Zscaler, and while we will all spend a moment reveling in the 2020 Gartner Magic Quadrant, we will quickly get back to our work of empowering customers to transform securely to the digital future—no matter what it may bring. That’s the real prize. Please read the blog by Jay Chaudhry in which he responds to 10 years of Gartner Magic Quadrant leadership and this year’s position as the only Leader. And be sure to download your free copy of the Gartner report. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Zscaler. Gartner Magic Quadrant for Secure Web Gateways, Lawrence Orans, John Watts, 8th December 2020. Fri, 11 Dec 2020 12:55:22 -0800 Dr. Manoj Apte Zscaler: The Only Gartner Magic Quadrant Leader for Secure Web Gateways, 2020 I am truly humbled to share that Zscaler has been named the only leader in the 2020 Gartner Magic Quadrant for Secure Web Gateways, cementing 10 consecutive years of being recognized as a Leader. In addition to being this year’s only leader, Zscaler has been positioned the furthest overall in both “Ability to Execute” and “Completeness of Vision.” This achievement wouldn't have been possible without the progressive leaders who have embraced change as an opportunity to gain a competitive advantage, the amazing partners that have joined us on our mission, and of course, our Zscaler family, whose passion and hard work continues to inspire me. We founded Zscaler with the certainty that digital transformation would change entire industries, unlocking productivity gains and empowering organizations to become more agile, intelligent, and resilient. We had conviction that traditional approaches to network security would become irrelevant as users went mobile and applications moved off the network into the cloud, and legacy IT infrastructure was an inhibitor to transformation. We realized that effective security and data protection required SSL inspection at scale, and true cyber risk reduction meant eliminating your attack surface. Today, we see a massive acceleration in what we imagined more than a decade ago: the cloud-first enterprise is now a reality. When all that’s needed to run your business is a laptop or phone and an internet connection, the very backbone of networking and security must transform. We believe the Gartner Magic Quadrant highlights this fundamental shift from point solutions to a best-of-breed platform for better security and IT simplicity, which can only be delivered as part of a cloud-native proxy architecture. Through the Zscaler Zero Trust Exchange, we continue to deliver innovations that push the definition of the Secure Web Gateways category further than anyone thought possible, with Gartner highlighting: How our cloud-native proxy architecture enables us to apply malware detection to all content, including SSL/TLS traffic The addition of inline CASB for cloud application discovery and control, threat prevention and DLP integration, including adding API integration with popular SaaS providers to extend DLP to data-at-rest Our integration of Appsulate technology into Zscaler Internet Access (ZIA) for remote browser isolation Zscaler’s expansion into CSPM and digital experience monitoring (Zscaler Digital Experience) Each new capability further reinforces the power of our platform to enable secure digital transformation, integrating all key security capabilities needed for the cloud-first enterprise, including an industry-leading SASE framework. As always, our first priority is to serve our customers, with each new innovation designed to support them on their transformation journey. As a result, our momentum continues to accelerate, and we are proud to serve more than 4,500 customers in 185 countries, including more than 450 of Forbes Global 2000 organizations. As historic numbers of organizations embrace digital transformation, the Zero Trust Exchange is a secure investment for the future. This past decade has been the journey of a lifetime, and we couldn’t be prouder to have been recognized again by Gartner. To all of our customers, partners, and employees - I want to offer my sincere gratitude for your trust and support. I also want to extend my special appreciation to the forward-thinking leaders at Gartner, who question the status quo and push organizations to create highly differentiated, competitive offerings. Without their support, innovative companies like Zscaler would have a much harder time disrupting legacy technology. Over the years, I’ve had the privilege of working with Lawrence Orans, Peter Firstbrook, Neil McDonald, and many other thought-provoking Gartner analysts, whose conviction in a cloud-native future helped inspire me to keep expanding and growing the Zscaler platform. Ten years ago, I remember drawing my early vision for the Zscaler Zero Trust Exchange on a napkin over lunch with Peter in Thornbury, Ontario, and all the years of feedback with the Gartner team have continued to clarify and strengthen our offerings. As secure digital transformation accelerates, I know that Zscaler is just getting started. We invite you to download a complimentary copy of the 2020 Gartner Magic Quadrant Report for Secure Web Gateways here. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Zscaler. Gartner Magic Quadrant for Secure Web Gateways, Lawrence Orans, John Watts, 8th December 2020. Fri, 11 Dec 2020 09:06:15 -0800 Jay Chaudhry Zenith Live 2020 EMEA Day Two Highlights This post originally appeared on LinkedIn. That’s a wrap for day two of Zenith Live 2020 for the EMEA region. It’s been two days of compelling secure digital transformation customer journeys, architectural deep-dives, and the latest product and service innovations from Zscaler. Yes, things looked a little different this year, as every session moved online (and was made available for free). But going virtual only made the premier global cloud summit better, as every seat was in the front row. (Plus, I watched from the comfort of my couch.) Below, some of my day-two highlights. Like day one yesterday, we began day two of Zenith Live 2020 with some exciting product announcements from Zscaler President and CTO Amit Sinha, whose main-stage presentation was titled “Cyberthreats and Cloud Protection Innovations.” He shared details (and a demo) of Zscaler’s new Cloud Protection service that secures enterprise apps and workloads. He also talked about Zscaler ZDX, a feature that monitors performance, enabling enterprise IT leaders to measure, then optimize user experience. Amit introduced Reckitt Benckiser (RB) Director of Enterprise Architecture John Dawes, who has put ZDX into practice at the U.K.-based consumer goods multinational. John described how RB used Zscaler Private Access (ZPA) to enable remote work for its employees when COVID hit, and then how they’ve improved user experience for this new way of work. “ZDX has given us some great early insights,” said John. “We've identified some regional Office 365 issues, and on more than one occasion we've encouraged our colleagues to prioritize their own device on their home Wi-Fi network so Microsoft Teams works better." Following the product innovations session was an engaging “Voice-of-the-Customer” discussion on security transformation. Zscaler CISO and VP of Security Research Deepen Desai spoke with two IT leaders from shipping firm CMA CGM: Group CISO Michael Perrino and IT Security Architect Sebastien Lemieux. The two discussed the French shipping company’s secure digital transformation, and how they led the move from legacy security to a cloud-based zero trust architecture to protect 110,000 employees across 160 countries, 755 working locations, 750 warehouses, and almost 500 vessels. They also shared the dramatic story of how CMA CGM deployed ZPA to 27,000 customers in 48 hours to mitigate a ransomware attack in progress. In the sincere words of Microsoft Identity Division CVP Alex Simons, “Microsoft and Zscaler are partnering to help [customers] realize a true Zero Trust security model.” Alex spoke on the main stage, and talked about the “new world,” one that “needs a new philosophy for security.” He introduced Gerold Nagel, DB Schenker’s SVP of Global Infrastructure Services, who talked about the German logistic firm’s “cloud-first strategy,” an approach he described as “the key enabler for our digital transformation.” Gerold credited DB Schenker’s Microsoft/Zscaler Zero Trust Cloud Model for the company’s recent accelerated shift to remote work: “This is not only a future-proof cloud topology,” he explained, “but it actually helped us implement a seamless business-continuity solution in the face of the pandemic.” I particularly enjoyed our day-two keynote. Journalist and author Andy Greenberg shared his experience tracking Sandworm, a Russian state-sponsored organization responsible for cyber attacks on Ukraine’s power infrastructure and on the 2018 Olympic Games. The cyber-terrorist group was also behind the catastrophic deployment of the NotPetya malware, which impacted major organizations around the globe. One of many interesting points he made that we can learn from: Ukraine was uniquely positioned to respond to cyber attack. The power companies were staffed with operations personnel who could quickly get out to remote locations to turn the power back on. That simple planning -- intentional or not -- helped minimize collateral damage from the attack. I had a busy day sharing insights from our customers and partners. I had the pleasure to discuss with Siemens´ Anthony Atherton on how to secure OT and IoT workloads using the Zscaler platform. We showed together how Zscaler and Siemens are building new ways of working to ensure the protection of OT platforms for the enterprise. I then discussed just the “art of the possible” in transformation with Sandvik´s Sebastian Kemi & Takeda´s Thomas Likas. Finally, I was also lucky enough to share how Zscaler can help companies understand what their attack surface is, with the Zscaler Attack Surface Tool. After two days of engaging virtual sessions at Zenith Live 2020, I’m already looking forward to Zenith Live 2021 (which I fully expect will be an in-person event!). If you weren’t able to join this week, you can still attend: Visit ZenithLive for more information, and to register to access recordings of this week’s sessions. Thu, 10 Dec 2020 09:56:08 -0800 Nathan Howe Zenith Live 2020 EMEA Day One Wrap-Up This post originally appeared on LinkedIn. Today marked the start of Zenith Live 2020 for the EMEA region. Zenith Live is the premier global cloud summit, and this year it has gone virtual. For the first time, all sessions have been made available online and for free. This year’s theme is “Beyond Limits,” and day one has certainly gone beyond the limits of my expectations. I wanted to share a few highlights from the main stage: The day began with an energetic keynote presentation from Zscaler CEO Jay Chaudhry. He looked forward and one of his “bolder” visions for the future is that network security as we know it is dead. Jay described the global adaptation to a new way of work and presented an excellent architectural overview of the Zscaler Zero Trust Exchange and Zscaler’s new Cloud Protection services. He described these as “Holistic Cloud Security.” Jay provided some perspective, offering a sincere acknowledgement of the hard work and sacrifices of front-line workers, who inspire all of us seeking to preserve business continuity. With this, he also referenced the “extraordinary” accomplishments of two European companies who truly went beyond limits in response to the pandemic. Using Zscaler Private Access (ZPA), Essen, Germany-based DB Schenker moved 20,000+ employees to remote work in two weeks. Similarly, Siemens enabled 300,000 workers to work from anywhere in just three weeks. The responsibility for enabling these accomplishments falls to the stewards of the Zscaler Zero Trust Exchange platform, and Jay brought on Head of Operations Misha Kuperman, who described in detail how Zscaler adjusted to handle increased traffic loads brought on by the global shift to remote work. Next up on the virtual main stage were Zscaler President and CTO Amit Sinha and CIO Patrick Foxhoven, who gave an update on several new Zscaler product innovations. Particularly interesting was how Zscaler is integrating machine-learning technology into its behavioural analysis to deliver better security and user experience. Amit used a great real-world example of Zscaler AI used for advanced anomaly detection to flag a potential data-exfiltration risk. He also introduced Jairo Orea, Global CISO with Kimberly-Clark, who described how his company was able to switch to secure remote work in just two hours with Zscaler. Jay returned to speak with several IT leaders at Siemens: CIO Hanna Hennig, Head of IT Infrastructure Markus Holzheimer, VP of IT Strategy & Governance Frederik Janssen, and Head of DEC Anthony Atherton. Together, this group successfully guided the company’s operations through the recent pandemic. Their innovations are taking IoT/OT security to new levels using a zero-trust architecture, an especially important strategy for an organization with such advanced manufacturing operations. Another highlight was my colleague Kavitha Mariappan’s interview with Captain Scott Kelly. He shared his experiences as a U.S. Navy fighter pilot and astronaut, and described in incredible detail what it’s like to pilot a rocket. The example he set to go beyond limits can motivate all of us. (Also, his description of reentry into the earth’s atmosphere was fascinating.) This year we invited IT leaders from Technip FMC, Johnson Controls, BT, and PepsiCo joining Zscaler Senior Director of Transformation Strategy Pam Kubiatowski for the session “Women in IT: Confidence and Collaboration Bring IT Career Success". They shared their unique perspectives on getting ahead and offered advice for other leaders. Some sage counsel from former PepsiCo CIO Jody Davids: Don’t take it personally, develop resilience, and “when in doubt, act.” Off the main sessions, experts from Zscaler, Zscaler partners, and even Zscaler customers led breakouts and training covering everything from architectural overviews to product updates to in-depth hands-on demos. Some of the more popular topics among European attendees included a technical deep-dive on the new Zscaler Client Connector, an overview of Microsoft 365 deployment best practices, and a new-features-update on ZPA. In case you missed today’s sessions, don’t worry! Recordings will be available soon! And Zenith Live 2020 continues tomorrow at 8:00 AM GMT. I’m looking forward to hearing more details on new platform innovations from Amit and Patrick, as well as compelling customer journeys from CMA CGM, Sanofi, DB Schenker, Unilever, and others. And I’m expecting a great keynote from Andy Greenberg, the noted journalist and author of Sandworm, who will share his investigative reporting into the shadowy cyber-terrorist group behind NotPetya. Wed, 09 Dec 2020 08:35:57 -0800 Ismail Elmas Zscaler Cloud Protection, CXO Voices, Women in IT, and Meeting an Astronaut This post originally appeared on LinkedIn. It's amazing what an enterprise can accomplish when its IT professionals go beyond the limits of legacy applications, legacy architectures, and legacy thinking. Today, I and twelve thousand-plus close friends joined enterprise IT leaders and Zscaler execs for the first day of Zenith Live 2020 for the Americas region. Zenith Live is looking a little different this year. For the first time, the premier global cloud summit is virtual, with all sessions online and available for free. Below, a few day-one highlights. Zscaler CEO Jay Chaudhry kicked off the event with his keynote, in which he highlighted how the cloud has become the new data center and internet has become the new corporate network. He began his talk with a heartfelt thank-you to IT professionals around the globe, noting that in the last ten months, they have been called upon to go beyond their typical call of duty to enable secure remote access for their respective workforces. He cited DB Schenker and Siemens, two companies that were able to pivot tens, even hundreds of thousands of employees to work-from-anywhere in a matter of days. Today, we announced Zscaler Cloud Protection, a comprehensive portfolio that simplifies and automates protection for workloads on and between any public cloud. Zscaler Cloud Protection, combines Cloud Security Posture Management, Workload Segmentation, Cloud Connector, and the proven power of Zscaler Internet Access and Zscaler Private Access. Zscaler President and CTO Amit Sinha was joined by Zscaler CIO Patrick Foxhoven for an illuminating session highlighting several new Zscaler product and service innovations. Amit walked through the four key pillars of the Zscaler Zero Trust Exchange. Patrick shared some of the machine-learning analysis now available for Zscaler Private Access (ZPA) customers, and provided an overview of how ZPA can now perform "rich forms of inspection" of customer data "on the connector," protecting the privacy of the data, and ensuring no impact to throughput or performance. I had the privilege of speaking with Captain Scott Kelly, U.S. astronaut and former commander of the International Space Station. The American record-holder for the most consecutive days spent in outer space, Captain Kelly shared his unique perspectives on perseverance, resilience, and pushing beyond one's limits, and emphasized the importance of taking risks, being willing to make mistakes, and at times even being willing to fail. His mother became one of the first female police officers in New Jersey, and her story inspired him: “She had a plan,” explained Captain Kelly. “She worked hard. And she never ever gave up. And this was the first time in my life I saw the power of having this goal you might not be able to achieve, a plan to get there, and working really, really hard at something." Though I didn't get to join them in every session (!), Zenith Live attendees participated in close to fifty breakout sessions. Top draws for today included presentations on Zscaler CASB features, Zscaler Internet Access (ZIA), and Cloud Firewall/Cloud IPS. Finally, I moderated a panel of four IT leaders in the session "Women in IT: Confidence and Collaboration Bring IT Career Success." I spoke with Jaya Ramaswamy, SVP and CIO at Hitachi America, Ltd.; Amy Brady, CIO at KeyBank; Katie Jenkins, EVP and CISO at Liberty Mutual; and Jody Davids, former CIO at PepsiCo. We discussed career planning, developing support networks, instilling a growth mindset, and achieving work/life balance. Jody stressed the importance of confidence, and counseled attendees to step out of their comfort zones, "develop resilience," and especially to collaborate: "It's good for the team, it's good for the enterprise." Join me tomorrow for day two of Zenith Live 2020. We'll hear Zscaler customer stories from Takeda Pharmaceutical Company, Manpower Group, and other innovators. My colleagues Amit and Patrick will be back with more exciting product announcements, and you won't want to miss our day-two keynote from Wired Magazine journalist Andy Greenberg, the author of Sandworm, and the man who tracked the outbreak of the NotPetya malware. Tue, 08 Dec 2020 18:00:09 -0800 Kavitha Mariappan T-Minus 24 Hours Until Zenith Live Liftoff It’s almost here: Zenith Live mission control is ready to launch the first Zenith Live Virtual Cloud Summit tomorrow, December 8, starting at 8:30 a.m. (PST). The summit begins with an opening keynote from Zscaler CEO and Founder Jay Chaudhry. In addition to welcoming you to our third annual Zenith Live, Jay is sure to inspire with his perspectives on the state of the industry, the changes we saw in 2020, and the need for a zero trust approach to enable secure digital transformation. Quickly following Jay's opening remarks: An Innovation Showcase led by Zscaler CTO and President Amit Sinha, who digs down into current and upcoming innovations from Zscaler’s Zero Trust Exchange, and how they help companies advance their secure digital transformation journey. Voice of the Customer talks with pioneering IT leaders from companies such as Johnson Controls, Cushman & Wakefield, and Takeda Pharmaceuticals Company discussing how zero trust created agility and resiliency in their enterprises. As the American record holder for the most consecutive days spent in space, Captain Scott Kelly (day 1) will share his unique perspectives on testing one’s limits, the infinite wonder of the galaxy, and the indomitability of the human spirit. Wired reporter and acclaimed author Andy Greenberg (day 2) will discuss how a Russian state-sponsored cybercriminal gang launched the most devastating cyber attack ever, all chronicled in his book Sandworm. Microsoft keynote (day 2) where Zscaler’s partner showcases how our combined solutions bring better identity, visibility, and application performance to help enterprises better prepare for the cloud- and mobile-first world. Breakout sessions with content focused on the Zscaler solution foundations, the Zscaler Zero Trust Exchange platform, the secure access service edge (SASE) model, network transformation, security transformation, data protection, digital user experiences, and more. CxO panels where you can learn how CIO, CTO, and CISO pioneers from Fortune 500 companies successfully enacted secure digital transformation and overcame cultural and technological issues. Women in IT panel where you can hear successful IT leaders discuss expanding opportunities for women in the IT industry, share practical approaches and considerations to break down barriers to individual success, and highlight IT executive career progression strategies. Architectural workshops featuring Zscaler expert architects sharing their experiences leading network, security, and application transformations while reinventing safe connections in the cloud- and mobile-first era. Ask the Experts where experts lead an interactive session on how SASE and zero trust architectures can launch your organization beyond limits using secure digital transformation first steps, practices, and outcomes. Live Q&A demos that let you watch Zscaler experts explain exactly how to deploy and configure zero trust in your environments. Training tracks that will build your team's experts in deploying zero trust and SASE to solve your business challenges. Between sessions, be sure to visit the virtual Partner Hall, which showcases our ecosystem of IT transformation partners that help enterprises secure and simplify their adoption of cloud and mobility. And don't forget to participate in the summit-wide virtual game. Get points for every Zenith Live activity: attending a technical breakout, visiting a partner booth, watching a CxO panel, participating in a Q&A session, and more. The highest point earners at the end of the conference win a cool swag package. Register today and join us tomorrow! Mon, 07 Dec 2020 08:00:52 -0800 David Avery