Simplifying separations with Zscaler

Divestitures are sensitive, complicated operations that can have far-reaching effects on share value, competitive advantage, and compliance posture. Our cloud-delivered capabilities streamline separation processes.

You’ll be able to logically separate entities, drastically reduce risk, and save significant effort, such as the need for certain transition service agreement (TSA) services, turning them from potentially massive value sinks into elegant business enablers.

Simplifying separations with Zscaler

The Zscaler Zero Trust Exchange™ brings ease and speed to your IT divestiture playbook, providing:

Simpler separation

Simpler separation

Manage security and connectivity through policy instead of network access controls and segmentation.

Mitigated shared risk

Mitigated shared risk

Minimize exposure and grant zero trust access to divested or TSA’d resources while removing divested users from your network.

Costs scale with effort

Costs scale with effort

Demand-based pricing means costs scales to your needs, with no major capex spend or unpredictable costs to worry about.

Lower support demands

Lower support demands

Hand over security and access controls for divested assets, reducing your TSA burden and easing your timeline.

How Zscaler helps

Maximizing value as you disentangle ecosystems can be a difficult. When low-value, high-effort domains—like network and security—block your way forward, they put serious pressure on your timelines. With the Zero Trust Exchange, your way forward is clear.

Zscaler accelerates divestitures to let you action the separation more quickly, helping your business:

  • Logically remove divested assets, users, and data flows from your network ecosystem—quickly, securely, and with low overhead—on Day 1
  • Apply zero trust access to applications under TSAs for divested users
  • Convey more controls on Day 1, quickly lowering your TSA burden from the newly formed or purchased entity
  • Protect your crown jewels from exfiltration by a new buyer during the TSA period
How it works

Establishing a frictionless divestiture

Industry perspectives on obstacles to achieving successful divestitures


of business synergies have technology dependencies

(Source: PwC)


of M&A/divestiture deal-makers cite cyber as the No. 1 transaction risk

(Source: McKinsey)

18 mos.

duration of the average IT transition services agreement (TSA)

(Source: Deloitte)

Zscaler customers can overcome these challenges


reduction in IT infrastructure M&A integration/separation costs

(Source: Zscaler customers)


Reduction in integration/
separation risk

(Source: Zscaler customers)


acceleration in the next M&A integration/divestiture

(Source: Zscaler customers)

Benefits throughout the integration lifecycle

Carve-Out Benefits: Day 1

  • Logically segment in-scope users and resources to protect your security posture during the TSA period
  • Hand over security policy control by conveying the carve-out Zscaler tenant to the divested entity
  • Reduce the need for extended TSAs while retaining appropriate controls and auditability
  • Grant conveyed users zero trust access to apps under TSA without placing them on your network or exposing your data

Separation/Stand-Up Benefits: Day 2 and Beyond

  • Offer an uninterrupted user experience by connecting users to any app, anywhere, to support interim app rehosting
  • Exit security- or network-based TSAs quickly by standing up or taking control of the Zscaler tenant
  • Realign traditional network resources to more valuable opportunities with zero IT footprint through Zscaler
  • Complete secure, efficient carve-outs with no concerns over circuit provisioning, capex, or supply

How Zscaler streamlines divestitures

How Zscaler streamlines Divestitures

Divestitures roadmap


  • Create a carve-out Zscaler tenant and deploy the Zscaler client to conveyed employees


  • Deploy app connectors to allow conveyed user access to TSA’d applications and resources in a zero trust architecture
  • Forgo the need for a "clone-and-go" network by leveraging the Zero Trust Exchange as the intermediary for conveyed applications
  • Move conveyed employees to public Wi-Fi, effectively removing conveyed users from the network while staying productive


  • Integrate other risk profiling capabilities to provide dynamic policy based on security posture
  • Use workload-to-workload zero trust capabilities to further separate conveyed or TSA application traffic

TSA exit

  • Close out any network or security service TSA
  • Hand over tenant administration to the separated entity’s IT provider
  • Remove the divested entity's identity provider, if any, from the carve-out tenant’s policy
  • Remove any legacy VPN access or similar to TSA’d or conveyed applications

Suggested Resources


Ensuring Cyber Integrity Throughout a Divestiture or Carveout


Divestiture - Zero Trust Approach means Zero IT Footprint


Adopting Zero Trust for IT Separations (Divestitures, Carve-outs, and Spinoffs)

See testimonials, case studies, and more

We’ve collected stories and insights from
customers across various industries.

When you’re ready to secure your deal value, our M&A and divestiture experts can help.

Sign up for a custom Zscaler Divestitures demo