Inter’s Data Security Journey: Protecting 33 Petabytes with Zscaler

At Inter, data security is core to how we serve our 40 million global customers. As one of the leading digital-first financial institutions in the Americas and beyond, we offer a broad range of financial and non-financial products and services—from savings and investments to insurance, online shopping, and credit cards—all in one platform designed to provide a streamlined and secure customer experience. 

Data security is a critical component of our broader business strategy. We process more than 33 petabytes of customer and financial data across AWS, Azure, and Google Cloud, as well as on premises. That scale demands a unified, pervasive approach to security. 

As we follow our ambitious growth path, our responsibility to protect customer data and comply with regional regulatory laws is paramount. Managing that much sensitive data demands a new level of control and visibility. When we embarked on our zero trust modernization journey, Zscaler became our guide, helping us define what good data security should look like: unified protection everywhere, from cloud to AI models.

Fragmented tools in a high-risk environment

Before adopting Zscaler, we relied on a collection of basic siloed on-premises point products: standard DLP, endpoint DLP, email DLP, and a disjointed, siloed DSPM solution. We knew that this approach could never scale to protect all the data in Inter’s complex infrastructure or satisfy regulatory scrutiny. One of the biggest gaps was our lack of visibility into how users were accessing and using data. Without knowing which applications or domains they were connecting to, we had no way to see where data was shared or exposed. At the time, policies were focused mostly on basic block-and-allow functions and slowed down productivity without truly reducing risk.

A recent breach resulting in the theft of 1 billion reals (about USD $180 million) from Brazil’s financial system underscored the need for stronger data security resilience across our own ecosystem. To avoid such incidents, we needed scalable, context-aware adaptive controls capable of matching the speed and scale of our evolving digital footprint. It became clear that we had to evolve our entire data security strategy. 

Another major driver of improving our data security was cost avoidance in the form of regulatory penalties, legal fees, and the cost of investigation, remediation, and repair. Indirect costs include reputational damage that may lead to future revenue losses. From our experience, we have observed that breaches can result in as much as six months of lost revenue from potential new customers. 

The turning point: Project Data Dome

To determine precisely where we needed to close the gaps, we launched Project Data Dome with support from AWS and Deloitte. Over six months, every IT and security team audited datasets, workloads, and processes to map where sensitive information lived and how it was used.

Data Dome confirmed that our siloed controls couldn’t scale with our business. We discovered that we had shadow data sprawl across IaaS, SaaS, endpoints, and GenAI. These insights spawned a new strategy built on unified, context-aware protection—one that demanded a fundamentally different approach. To protect data consistently and ensure compliance across multiple jurisdictions, we implemented the Zscaler Data Security platform, which unifies Data Security Posture Management (DSPM) and Data Loss Protection (DLP). We chose Zscaler because it is the only vendor that offers comprehensive protection across all our environments—cloud, SaaS, on premises, endpoint, email, web, and AI for both data-at-rest and data-in-motion.

Unified data security across every channel

Before deploying Zscaler Data Security, we were already using Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) to provide employees and contractors with secure zero trust access to apps and the internet, so expanding our platform to include data protection was a logical next step.

Zscaler’s integrated capabilities—including web and email DLP, endpoint DLP, inline SSL/TLS inspection, and multimode CASB—are managed through a single, unified pane of glass. Now we have visibility into all structured and unstructured data across every channel under one consistent policy framework. We no longer spend weeks manually configuring policies for each region. With Zscaler, we can define and enforce policy instantly across multiple geographies. 

Zscaler DSPM provides something we were missing previously—complete visibility into where sensitive information resides, how it moves, and who has access to it. Before DSPM, finding sensitive data across our clouds was nearly impossible. By providing 100% visibility across clouds, SaaS, databases, virtual machines, and private GenAI apps, Zscaler DSPM has also changed how we work. It classifies sensitive data, identifies misconfigurations and unauthorized excessive privileges, and alerts us in real time when exposure occurs, so we can react and close the gaps before any harm is done. As a result, we’ve reduced detection and containment time dramatically—from days to minutes. 

Outcomes: Efficiency, compliance, and confidence

Since adopting Zscaler Data Security with DSPM, we’ve achieved:

• Faster M&A integration: With a holistic view into the data security posture of acquired organizations, remediating protection gaps is faster and more streamlined. 
• Compliance confidence: Unified, auditable policies meet regulatory requirements across Brazil, the U.S., Argentina, and Europe.
• Analyst efficiency: Managing 33 petabytes of data manually used to be a daunting task. Now, policy updates and enforcement can be accomplished with a single click, which makes our teams more efficient, increases job satisfaction, and contributes to employee retention.

Securing the next wave: AI and data lineage

At Inter, AI is integral to innovation. Our SuperApp, for example, utilizes 135 AI models. Our developers use these tools every day to build new products and services, so protecting the data behind them is critical. 

Our AI environment is evolving constantly at a rapid pace. We have multiple private LLMs deployed, and that number changes nearly every week. Zscaler AI-SPM gives us more visibility into those internal models, which are deployed on Claude through Amazon Bedrock. Together, DSPM and AI-SPM reduce risk of exposure by providing deep scanning into sensitive data usage in AI models to prevent oversharing, accidental exposure, and potential compliance violations.

Looking ahead, Zscaler is empowering us to achieve our vision of ensuring that the data ingested by our AI models is reliable, traceable, and up to date. Since cloud development environments often collect and store outdated and irrelevant data, working toward a true data lineage solution will enable us to understand where data originates, how it changes, and whether it remains trustworthy. This is key to building accurate, unbiased AI systems. Data lineage will also help our development team prevent data poisoning in AI models by uncovering potentially malicious or corrupted inputs.

This joint collaboration with Zscaler is important not just for compliance, but also for business intelligence and for integrating safe and accurate AI models into our products and services. Zscaler doesn’t just give us tools—it helps us invent what’s next for data security.

Data security as a growth enabler

Protecting 33 petabytes of data is no small task, but it’s essential to our business strategy, helping us to sustain customer trust, drive continuous innovation, and expand confidently into new markets. 

Our mission is to make sure all new products and features—especially those using AI and machine learning—align with privacy and security standards from day one. Zscaler is a key part of that strategy. The security guardrails it provides enable us to move faster, bring new products to customers safely, and deliver secure connectivity to assets for our global users.

Together, we’re building a digital ecosystem where innovation and security work hand in hand. When customers see that their data is safe, they stay longer, invest more, and bring others with them. That confidence is the true return on our investment in security.

Learn more about Inter’s broader Zscaler journey by reading the case study.