From Blunt Force to Surgical Precision: Elevating Control in Zscaler Internet Access

Search is where work starts. Engineers look for fixes. Analysts look for context. Creative teams look for assets. And in that “normal work” moment, risk can slip in quietly—inappropriate results in a shared environment, accidental IP misuse from a reused image, or controls that don’t scale cleanly across a real org.

That’s why in our recent ZIA releases, we’ve rolled out key enhancements to make search governance more precise in three practical ways, so you can shape search outcomes without turning everyday work into a policy negotiation.

The goal isn’t “web filtering.” It’s Search Governance: guiding what search produces and what users can safely do with it—consistently, and at scale. 

It’s exactly what these ZIA capabilities are built to deliver: moving from broad strokes to surgical control, shaping outcomes without breaking workflows.

Update 1: Moving SafeSearch From a “Blunt Switch” to Precision Governance

SafeSearch is one of those controls that looks small on paper but plays big in real life—especially in shared spaces or regulated contexts. However, until now, enforcing it was often a tenant-wide decision: either "On" for everything or "Off" for everything.

This created a dilemma: to enforce safety on Google Images, you often had to force the same restrictions on YouTube or Bing, potentially blocking training videos or research material. Admins were stuck effectively "blocking the internet" for specific tools just to maintain compliance elsewhere.

What’s new (and why it matters): We have introduced Granular Service Controls for SafeSearch. Instead of a global toggle, administrators can now configure SafeSearch settings with specificity regarding which search engines and services are restricted.

• Earlier: Turn SafeSearch "ON" for all traffic.
• New: Enforce SafeSearch for Google and Bing, but leave YouTube unrestricted for your marketing team.

Why this is Search Governance:

• You’re tailoring outcomes for each application, rather than applying broader network restrictions.

• You avoid the security risk of bypassing SSL inspection just to unblock a specific search tool.

  

Update 2: Rights-Safe Reuse With Creative Commons Search Support

A lot of enterprise “risk” doesn’t show up as an attack. It shows up as accidental misuse.

Creative teams, field marketers, enablement folks—anyone who builds decks, campaigns, training, or customer-facing content—pulls assets from search constantly. And nobody wakes up thinking, “Today I’ll create a licensing problem.”

What’s new (and why it matters): ZIA now supports enabling Creative Commons-focused search results as a governance control This simple toggle helps steer users toward content designed for reuse in supported search experiences.

• Automated Compliance: The search engine ensures results are licensed under Creative Commons, reducing the risk of accidental IP infringement.

• Workflow Efficiency: Users stop fighting security to get their job done. They save time manually filtering results, and the business quietly reduces risk.

  

Update 3: Policies That Scale — Because Pilots Are Easy, Enterprises Are Not

Here’s where most good intentions die. You build a clean policy, and then the "org reality" shows up.

 “We need to create an exception policy for more than 32 users/ 32 groups.”

“We acquired new companies and they were managing per user based exceptions”

“We acquired three companies and none of their groups map cleanly.”

Suddenly, the challenge isn’t what the control does. It’s whether you can express it at scale without hitting ceilings or creating rule sprawl.

What’s new (and why it matters): ZIA has expanded policy criteria limits to support cleaner, more scalable rule design—so you can represent real organizational structures with fewer fragmented policies.

And if you need additional scale beyond defaults, limits can be expanded further via Support (based on tenant needs).

The benefit: less duplication, fewer policy contortions, simpler audits, and governance that stays consistent as the org grows.

The Practical Implementation Playbook

If you want this to read like something an admin could actually run next week, here’s the playbook.

1) Pick Your Governance “North Star”

• Workplace-appropriate discovery → lead with SafeSearch
• Rights-safe reuse → lead with Creative Commons
• Consistent enforcement at enterprise scale → lead with policy criteria / segmentation

You’ll probably land on all three. But naming the primary goal upfront keeps you from building a policy museum full of exceptions.

2) Confirm Prerequisites

If you’re trying to govern search-result outcomes, make sure the traffic is actually governable—SSL inspection is usually the dependency that makes or breaks the whole effort.

3) Start with Rollout

4) Measure Outcomes That Humans Actually Feel

Track:

• reduction in policy exceptions over time
• fewer “why did that show up?” incidents
• fewer internal escalations about content reuse
• admin time saved (because criteria scaling avoids policy gymnastics)

Precision Is the Future of Policy

These enhancements represent our commitment to building a platform that doesn't just secure your traffic, but understands the nuance of your business.

 By moving away from one-size-fits-all restrictions to granular, precise controls, Zscaler ensures that security remains a business enabler, not a bottleneck.

These features are rolling out now. Log in to your ZIA portal and check your Advanced Policy Settings to start refining your rules today.