Zscaler, Inc. is a cloud security company that developed a platform incorporating core security functionalities needed to enable fast and secure access to cloud resources based on identity, context and organization’s policies.
The company pioneered a cloud platform, the Zscaler Zero Trust Exchange platform, which represents a fundamental shift in the architectural design and approach to networking and security.
The company’s Zero Trust Exchange platform eliminates the need for traditional on-p...
Zscaler, Inc. is a cloud security company that developed a platform incorporating core security functionalities needed to enable fast and secure access to cloud resources based on identity, context and organization’s policies.
The company pioneered a cloud platform, the Zscaler Zero Trust Exchange platform, which represents a fundamental shift in the architectural design and approach to networking and security.
The company’s Zero Trust Exchange platform eliminates the need for traditional on-premises security appliances that are difficult to maintain and require compromises between security, cost and user experience. The company’s purpose-built, multi-tenant, distributed cloud platform incorporates the security functionality needed to enable users, applications and devices to safely and efficiently utilize authorized applications and services based on an organization’s business policies.
The company’s cloud-native platform, the Zscaler Zero Trust Exchange, enables customers to secure and connect users, workloads and IoT/OT devices across three core products:
Zscaler for Users — Leverages the company’s comprehensive cloud platform to provide users secure, fast and reliable access to the internet, including SaaS applications, via Zscaler Internet Access, or ZIA, and provides Zero Trust Network Access to internally hosted or managed applications via Zscaler Private Access, or ZPA, in each case, regardless of device, location or network and also regardless of whether the users are internal or external. The company’s unique ZPA technology not only provides secure access to applications, but also secures the applications themselves. The company do this all while optimizing end-to-end user experience with Zscaler Digital Experience, or ZDX, which allows an organization to identify and isolate issues negatively impacting its users. In addition to enabling secure access to the internet and internal applications, the company’s Zscaler Data Protection solution secures customers’ proprietary data that is traversing the public internet (data-in-motion) and data that is stored in the public cloud applications (data-at-rest).
Zscaler for Workloads – Leverages Zscaler’s Zero Trust Exchange to secure workloads, whether in a public cloud or in private data centers, using the company’s cloud-native zero trust access service to provide fast and secure app-to-internet (via ZIA) and app-to-app (via ZPA) connectivity across multi- and hybrid cloud environments. The company’s Posture Control solutions automatically identify and remediate cloud service, application and identity misconfigurations for assets deployed in public cloud infrastructure. The core elements of Zscaler for Workloads address the key security and operations challenges that must be overcome to secure deployment of public cloud platforms such as Microsoft Azure, or Azure, Amazon Web Services, or AWS, and Google Cloud Platform, or GCP.
Zscaler for IoT/OT – Leverages the complete suite of Zscaler solutions to reduce the risk of cyberattacks and data loss, as well as to improve user and facility safety by providing zero trust security for connected IoT and OT devices in branch offices. The company provides secure internet communications for IoT and OT devices, privileged access to IoT and OT devices (e.g. for maintenance), secure access to production applications (e.g. on a factory floor) and deception technology to provide active defense.
Before the company’s Zero Trust Exchange, the corporate data center served as the central hub of IT security, with a physical network perimeter used to separate corporate users, devices and applications from the internet. This traditional network perimeter approach relies on appliances that have become fundamentally less effective as applications, data, users and devices rapidly move off the corporate network, making the notion of a corporate perimeter obsolete. In a world where companies are shifting their most critical IT assets to the cloud, a zero trust architecture is required. The company’s architecture is vastly different from the legacy ‘hub-and-spoke’ corporate network, where traffic from branch offices is routed to centralized data centers for security scanning and policy enforcement before reaching its destination. In contrast, the company’s Zero Trust Exchange acts as an intelligent switchboard that uses business policies to securely connect users, devices and applications over any network and protect against cyberthreats and data loss. The company provides its solutions at scale, processing over 500 billion internet transactions per day. The company’s Zero Trust Exchange eliminates the requirement for organizations to buy and manage a variety of high-cost appliances that need to be maintained by a large number of highly skilled security personnel, who are expensive and in increasingly short supply. The company is integrating its proprietary large language models, or LLMs, with the company’s Zero Trust Exchange to leverage its data lake built on the company’s more than 500 billion daily transactions. Analyzing this volume of high-quality data can continuously improve the company’s LLMs, artificial intelligence, or AI, and machine learning, or ML, models to deliver ever-more powerful security outcomes for the company’s customers.
The company’s cloud native, multitenant architecture is distributed across more than 160 data centers globally which brings security and business policy close to users and devices in over 185 countries and provides fast, secure and reliable access. Each day, the company blocks over 150 million threats and perform over 250,000 unique security updates. The company’s customers benefit from the cloud security effect of its ever-expanding ecosystem, enhanced by the company’s advanced AI and ML capabilities, because once a new threat is detected, it can be blocked across the company’s customer base within minutes.
Many of the largest enterprises and government agencies in the world rely on the company’s solutions to help them accelerate their move to the cloud. The company has over 8,650 customers across all major geographies, with an emphasis on larger organizations, and the company counts approximately 35% of the Forbes Global 2000 as customers. The company’s customers span every major industry, including financial services, healthcare, insurance, manufacturing, automotive, airlines and transportation, conglomerates, consumer goods and retail, media and communications, public sector and education, energy, technology and telecommunications services.
Zero Trust Exchange Platform
The company’s Zero Trust Exchange cloud security platform delivers the company’s core products; Zscaler for Users, Zscaler for Workloads and Zscaler for IoT/OT, through the deployment of the company’s comprehensive and integrated solutions, each built natively in the cloud to power digital transformation.
Secure Internet and SaaS Access - Zscaler Internet Access
ZIA, provides users, workloads, IoT and OT devices secure access to externally managed applications, including SaaS applications and internet destinations regardless of device, location or network. ZIA provides inline content inspection and firewall access controls across all ports and protocols to protect organizations and users from external threats, secure data while at rest and prevent data from leaking out to unauthorized sites. Policies follow the user to provide identical protection on any device, regardless of location; any policy changes are enforced for users worldwide. The company’s cloud security platform provides full inline content inspection to assess and correlate the risk of the content to protect against sophisticated attacks, including ransomware and phishing. The cloud platform applies AI and ML across the company’s over 500 billion daily transactions to quickly identify and block unknown threats and to identify and categorize unknown destinations.
ZIA enables the following capabilities:
Cyberthreat Protection – The company’s threat prevention functionality enables protection against threats using a range of approaches and techniques. The company’s threat prevention capabilities provide multiple layers of protection to prevent sophisticated ransomware, phishing and zero-day cyberattacks. The company provides functionality that traditionally has been offered by disparate, stand-alone products. The company’s core cloud platform threat prevention services include:
Advanced Threat Protection: The company’s advanced threat protection functionality uses techniques including AI/ML, signatures and reputation to deliver real-time protection from malicious internet content like browser exploits, scripts, zero-pixel iFrames, malware and botnet callbacks. Over 250,000 unique security updates are performed every day to the Zscaler cloud to keep users protected. Once the company detects a new threat to a user, the company blocks it for all users. The company calls this the ‘cloud security effect’.
Sandbox: The company’s cloud sandbox enables enterprises to block zero-day exploits and advanced persistent threats by analyzing unknown files for malicious behavior, and it can scale to every user regardless of location. The company’s cloud sandbox was designed and built to be multi-tenant and allows customers, using AI among other analytics, to determine which traffic should be sent for detonation. As an integrated cloud security platform, customers can set policies by users and destinations to prevent patient-zero scenarios and to analyze, hold and detonate suspicious files in the cloud sandbox before they are sent to a user.
Browser Isolation: The company’s cloud browser isolation functionality creates an isolated browsing session that enables users to access any webpage on the internet without downloading any of the web content served by the webpage onto a local device or the corporate network. With cloud browser isolation, users are not directly accessing active web content; instead, only a safe rendering of pixels is delivered to the user. Malicious code that may be hidden in the web content is kept at bay. Customers can select and isolate traffic based on specific policies and/or automatically based on the company’s AI enabled risk determination. The combination of cloud browser isolation and cloud sandbox enables administrators to perform content disarm and reconstruction to flatten, sanitize and securely deliver files free of active content.
Data Protection – The company’s data protection functionality enables enterprises to prevent unauthorized sharing or exfiltration of confidential information across users, devices, servers and workloads, thereby reducing business and compliance risks for the company’s customers. The company provides inline monitoring of data flows between users and applications, workload to workload, API to API and applications to LLMs, reducing the risk of inadvertently transmitting sensitive data and intellectual property. Core cloud platform data protection services include:
File Type Controls: The company’s AI-enabled data classification solution enables enterprise chief information officers to gain visibility of file types across all their IT environments. The company’s file type control functionality allows the company’s customers to define policies to control which file types are allowed to be downloaded and uploaded based on application, user, location and destination.
Advanced Data Classification: The company’s data classification engines leverage a variety of technologies and techniques to identify customer sensitive data. Predefined, custom dictionaries and automated AI discovery tools identify sensitive customer data by leveraging efficient pattern-matching algorithms, regular expressions, AI-based training models and keywords. Additional advanced classification techniques, including exact data match, index document match and ML-based Optical Character Recognition functionalities, further identity sensitive data and enable the company’s customers to populate their own custom databases scaling to billions of unique fields, including structured and unstructured documents.
Data Loss Prevention: The company’s data loss prevention, or DLP, technology enables enterprises to alert and/or block transmission or sharing of sensitive data across exfiltration channels. This includes inline data in motion to external internet destinations and unmanaged endpoints, data at rest in SaaS environments through out-of-band API integrations, securing public cloud infrastructure data in Azure, AWS and GCP and protecting endpoints by preventing printing or copying to local storage, including USB devices. Additionally, the company’s Email DLP solutions secure corporate email traffic, including Microsoft Exchange and Gmail.
Unified SaaS Security: The company’s cloud access security broker, or CASB, SaaS security posture management and the company’s SaaS supply chain security combine to discover and control known and unknown applications, identify SaaS misconfigurations, find and mitigate potentially risky third-party connections into those SaaS applications and scan data residing in those applications for threats and data protection violations. By doing transport layer security inspection at scale, the company provides malware protection, data loss prevention and CASB functions that can be performed both inline and out-of-band, for specific sanctioned and unsanctioned applications. Business policies can be defined with granular access control for specified cloud applications, such as the ability to upload or download files or post comments on videos based on different user or group identity.
Browser Isolation: With cloud browser isolation, users do not directly access active web content; instead, only a safe rendering of pixels is delivered to the user. This approach prevents sensitive data from being downloaded to unauthorized devices in bring-your-own-device environments, as well as offers an alternative to virtual desktop infrastructure, or VDI, for employees, contractors and B2B partners, by effectively keeping sensitive data entirely within a managed environment.
Secure Local Internet Breakouts – The company’s local internet breakout capability means traffic destined for the cloud no longer needs to be routed over a private multiprotocol label switching, or MPLS, network to the data center. Traffic is now routed locally over the internet and directly to the cloud, providing for a faster experience and a significant reduction in MPLS network costs. The company’s core cloud platform services for local internet breakouts include:
Firewall: The company’s cloud firewall was designed to protect users by inspecting internet traffic on all ports and protocols, and it offers user level policies, application identification with deep packet inspection and intrusion prevention.
Bandwidth Control: The company’s bandwidth control and traffic shaping capabilities ensure that business critical applications are prioritized over non-business critical applications, improving productivity and user experience. By enforcing quality of service in the cloud, the company’s platform enables the optimization of ‘last-mile’ utilization of a customer’s network.
DNS: The company’s domain name system, or DNS, filtering solution provides a local DNS resolver and enforces acceptable use policies.
Secure Private Application Access - Zscaler Private Access
ZPA provides Zero Trust Network Access to secure access to internally managed applications, either hosted internally in data centers or hosted in private or public clouds. ZPA is designed around four key tenets that fundamentally change the way users access internal applications: connect users to applications without bringing users on the network; never expose applications to the internet; segment access to applications without relying on the traditional approach of network segmentation; and provide remote access over the internet without virtual private networks, or VPNs.
ZPA enforces a global policy engine that manages access to internally managed applications regardless of location. If access is granted to a user, the company’s ZPA solution connects the user’s device only to the authorized application without exposing the identity or location of the application. As a result, applications are not exposed to the internet, further limiting the external attack surface. This results in reduced cost and complexity, while offering better security and an improved user experience.
The company’s ZPA solution includes broad functionality, which the company categorizes by the following areas:
Cyberthreat Protection and Data Protection: The company’s ZPA solution delivers the same cyberthreat protection and data protection functionality that is applied to internet traffic via the company’s ZIA solution.
Secure Application Access: Since the company’s ZPA solution delivers seamless connectivity to internally managed applications and assets whether they are in the cloud, enterprise data center or both, administrators can set global policies from a single console, enabling policy-driven access that is agnostic to the network the users are on. By creating seamless access to applications regardless of a user’s network, the company’s ZPA solution eliminates the need for traditional remote access VPNs, reverse proxies and other similar products.
Application Discovery: Similar to CASB application discovery reports for internet hosted SaaS applications, the company’s ZPA solution provides granular discovery of internally managed applications to aid in the creation and oversight of segmentation policies. Because the company’s ZPA solution sits on the application layer and is name-based or domain-based, organizations can quickly and seamlessly identify their internally-managed applications and then easily provision appropriate policies.
Application Segmentation: The company’s architecture provides capabilities that enable user and application level segmentation, a vast improvement over traditional network segmentation. As each user-to-application connection is segmented with microtunnels, each of which is a temporary session between a specific user and a specific application, lateral movement across the network is prevented, significantly reducing security risk. Since users are granted access only to applications for which they have permission and are not granted full access to the network, microtunnels eliminate the need for an internal firewall.
Application Protection: The company’s ZPA solution initiates outbound-only connections between authenticated users and internally managed applications using microtunnels. Access is provided to users without bringing them onto the corporate network and without exposing applications to the internet. Internally managed applications are not discoverable or identifiable. With no inbound connections and no public IP addresses, there is no inbound attack surface and therefore no threat of distributed denial-of-service, or DDoS, attacks. For allowed connections, the company’s ZPA solution also provides Web Application Firewall functionality, including OWASP Top 10 protections for threats, such as Structured Query Language injection and cross-site scripting, to block common attack vectors.
Reduce Attack Surface: The company’s architecture utilizes inside out connections that are outbound from users to the Zero Trust Exchange platform, which allows customers to deny all inbound connections. This reduces their attack surface by not exposing IP addresses of all devices, applications, appliances or workloads to the internet. Reduced attack surface results in lower exposure to zero-day application vulnerabilities and eliminates the need for DDoS mitigation.
Browser Isolation: The company’s cloud browser isolation is used with the company’s ZPA solution to provide isolated sessions to internal web applications without allowing data to transfer down to unmanaged devices or active content to be uploaded into sensitive internal applications. Combining cloud browser isolation with browser-based access provides a simplified, more cost-effective alternative to VDI for employees, contractors and B2B partners, by effectively keeping sensitive data off unmanaged devices.
The primary use cases for the company’s ZPA solution include:
remote workforce access to private applications without legacy VPN, providing zero trust from office to data center;
deliver user-to-application segmentation, thus eliminating the risk of lateral threat propagation enabled by legacy Firewall and VPN based security architecture;
providing non-employees with secure access to internal applications;
securely connecting business-to-business, or B2B, customers, service providers and supplier access to applications typically deployed as business to business portals in an extranet;
direct-to-cloud access to internally managed applications hosted in public cloud environments, such as Azure, AWS and GCP; and
access to applications following a merger or acquisition by providing named users with access to named applications, without the need to merge networks.
Experience Management - Zscaler Digital Experience
ZDX is designed to measure end-to-end user experience across key business applications, providing an easy to understand digital experience score for each user, application and location within an enterprise. As users have become mobile and applications have moved to the cloud, traditional network performance monitoring tools have become increasingly irrelevant. Enterprises can no longer collect performance metrics or indicators along the traditional network path as they could when they owned the network and applications ran in their own data centers. When a user's experience is suffering or an event is negatively impacting user experience, ZDX utilizes AI-enabled root cause analysis to allow an organization to isolate where in the network path an issue is occurring and whether it is caused by a user’s device, the WiFi connection, the local internet connection, a service provider in the path or the destination application itself. With ZDX, enterprises can quickly determine if an issue is associated with a single user, application or location or indicates a broader issue potentially impacting other users, applications or locations all via a simple visual workflow without a need for additional hardware or software.
Zscaler Posture Control– Cloud Applications and Workload Data Security
Zscaler data security posture management, or DPSM, extends the company’s cloud security capabilities to protect data in public cloud environments. DSPM provides granular visibility into cloud data, classifies and identifies data and access and offers context around data exposure and security posture. This empowers organizations and security teams to prevent and remediate cloud data breaches at scale. The functionality leverages a unified DLP engine to ensure consistent data protection across all channels. Data classification is integrated with cloud security posture management, or CSPM, to understand data exposure and address cloud misconfigurations. The vulnerability management module enhances cloud risk assessment by identifying vulnerabilities in cloud workloads. Additionally, cloud infrastructure entitlement management, or CIEM, provides deep granularity into identity and privilege access management, ensuring that the right users and entities have access to the appropriate data. Zscaler DSPM ensures highly correlated alerts by combining these multiple modules to generate high-fidelity and actionable insights.
Zero Trust Networking
The company’s Zero Trust Networking solution includes broad functionality, which the company categorizes by the following ideas:
Workload Segmentation. The company’s Workload Segmentation solution secures application-to-application communications inside public clouds and data centers to stop lateral threat movement, preventing application compromise and reducing the risk of data breaches. The company’s Workload Segmentation solution utilizes an innovative, AI-enabled approach that is simpler to deploy and operate than traditional segmentation solutions and improves the security of east-west communication by verifying the identity of the communicating application software, services and processes to achieve a zero trust environment. This reduces the attack surface, resulting in lower risk of application compromise and data breaches.
Zero Trust SD-WAN. The company’s Zero Trust SD-WAN solution provides branches and data centers with fast, reliable access to the internet and private applications with the company’s Direct-to-Cloudarchitecture that provides strong security and operational simplicity, with the ability to deploy locally by virtual machine or by purchasing a plug-and-play appliance. The company’s Zero Trust SD-WAN solution eliminates lateral threat movement by connecting users and IoT/OT devices to applications through the Zscaler Zero Trust Exchange platform. Branch traffic can be securely forwarded directly to the Zero Trust Exchange, where ZIA or ZPA policies can be applied for full security inspection and access identity-based control of branch and data center communications.
Zero Trust Device Segmentation. The company’s Zero Trust Device Segmentation solution provides agentless segmentation for enterprise IT and OT environments, creating a ‘network of one’ where even devices on the same network can only communicate with each other if authorized. The combination of Zero Trust SD-WAN with Zero Trust Device Segmentation extends the Zero Trust Exchange to protect east-west traffic in branch offices, campuses, factories and plants with critical OT infrastructure, eliminating the need for east-west firewalls, network access controls and traditional microsegmentation solutions, while simultaneously delivering operational simplicity.
Risk Management
The company’s Risk Management solutions include broad and differentiated functionality, which the company categorizes by the following areas:
Risk 360. Zscaler Risk360 is a risk quantification and visualization framework for identifying cybersecurity risk across the stages of a potential cyber attack. It ingests data from external sources, Zscaler product sources and proprietary security research from the company’s ThreatLabz team to generate a detailed profile of an enterprise’s risk posture. Zscaler Risk360 leverages over 100 factors within an enterprise’s cybersecurity environment to help customers estimate potential financial losses (derived from industry data), highlight top cyber risk drivers, recommend investigative workflows, show trends and peer comparisons and provide actionable information to be shared across the enterprise, including at the executive and board level.
Deception. The company’s deception solution augments the company’s customers' ability to detect the presence of an adversary in their network by deploying decoys and lures. These decoys can be leveraged to disrupt the adversary by detecting their presence in the network and initiating mitigation using automatic orchestration via the Zscaler platform and other third party solutions. Customers can quickly deploy these capabilities by leveraging a diverse library of built-in decoys including various types of applications, network components and IoT services. The high-fidelity low-volume alerts allow customers to implement meaningful automation workflows to prevent lateral spread.
Unified Vulnerability Management. The company’s unified vulnerability management solution provides dynamic and customizable prioritization, streamlined reporting, zero-copy analytics and contextualized, risk-based assessment of a customer’s threat landscape. This solution is powered by the company’s data fabric for security, added through the company’s 2024 acquisition of Avalor Technologies, which utilizes more than 150 data connectors, built for all major security platforms, to ingest, normalize and unify data across enterprise security and business systems to deliver actionable insights, analytics and operational efficiencies. This enables the company’s customers to significantly enhance and fully automate analytics and decision-making in real-time without the complexity of data aggregation and collection.
Identity Protection. Attackers commonly target users and identities as the point of entry and use that access to escalate privileges and move laterally. The company’s Identity Protection capability provides continuous visibility into identity misconfigurations and at risk permissions by scanning common identity providers. Identity Protection augments this visibility with guidance in the form of scripts, commands and tutorials to remediate these issues and reduce customers’ internal attack surface. In addition to preventive capabilities, Identity Protection also provides high-fidelity detection for identity-based attacks like stolen credentials, multi-factor authentication bypasses and privilege escalation techniques that typically pass through existing defenses in cases of identity compromise.
Technology and Architecture
The company is driven by technology and innovation. The company developed a highly scalable, multi-tenant, globally distributed cloud capable of providing inline inspection of internet and SasS traffic, securing access to private applications, protecting cloud applications, managing digital experience and scanning for exposures and misconfigurations. The company designed a purpose-built three-tier architecture starting with the company’s core operating system and adding layers of security and networking innovations over time. The company’s cloud platform is protected by more than 580 issued and pending patents in the United States and other countries. The company’s cloud is distributed across more than 160 data centers on five continents and processes over 500 billion requests per day from users across over 185 countries.
The company’s platform is designed to be resilient, redundant and high-performing. It is built as software modules that run on standard x86 platforms without dependency on custom hardware. The platform modules are split into the control plane (Zscaler Central Authority), the enforcement plane (Zscaler Enforcement Nodes) and the logging and statistics plane (Zscaler Log Servers) as described below:
Zscaler Central Authority: The Zscaler Central Authority monitors the company’s entire security cloud and provides a central location for software and database updates, policy and configuration settings and threat intelligence. The collection of Zscaler Central Authority instances together act like the brain of the cloud, and they are geographically distributed for redundancy and performance.
Zscaler Enforcement Nodes: Customer traffic is directed to the nearest Zscaler Enforcement Node, where security, management and compliance policies served by the Zscaler Central Authority are enforced. The Zscaler Enforcement Node also incorporates the company’s differentiated authentication and policy distribution mechanism that enables any user to connect to any Zscaler Enforcement Node at any time to ensure full policy enforcement. The Zscaler Enforcement Node utilizes a full proxy architecture and is built to ensure data is not written to disk to maintain the highest level of data security. Data is scanned in RAM only and then erased. Logs are continuously created in memory and forwarded to the company’s logging module.
Zscaler Log Servers: The company’s technology is built into the Zscaler Enforcement Node to perform lossless compression of logs, enabling the company’s platform to collect over 130 terabytes of unique raw log data every day. The company does not collect customer data other than logs, and those logs are encrypted and transmitted to the company’s log server at a destination of choice selected by the customer without ever writing to disk at the enforcement nodes. Logs are transmitted to the company’s logging servers over secure connections and multicast to multiple servers for redundancy. The company’s dashboards provide its customers visibility into their traffic to enable troubleshooting, policy changes and other administrative actions. The company’s analytics capabilities allow customers to interactively mine billions of transaction logs to generate reports that provide insight on network utilization and traffic. The company does not rely on batch reporting; the company continuously updates its dashboards and reporting and can stream logs to a third-party security information and event management, or SIEM, service as they arrive. Regardless of where users are located, customers can choose to have logs stored in the United States or the European Union/Switzerland. Customer data is isolated as part of the company’s multi-tenant architecture.
The company’s platform is a critical integration point positioned in the data path providing secure access to the internet, cloud and internal applications. The company complements and interoperates with key technology and cloud vendors across major market segments, including identity and access management device and endpoint management, as well as SIEM for reporting and analytics. Many of these vendors, like the company, were developed in the cloud and together provide a foundation for a modern access and security architecture.
Growth Strategies
As a provider of a fully integrated, multi-tenant cloud security solution, the company enables its customers to accelerate this secure transformation to the cloud and the company is uniquely positioned to maximize value as they undertake these transitions.
The key elements of the company’s growth strategy include continuing to win new customers; expanding in existing customers; leveraging channel partners to participate in cloud transformation initiatives; expansion and innovation of services; and expansion into additional market segments.
The company sells to enterprises of all sizes. As of July 31, 2024, the company had over 8,650 customers, including approximately 35% of the Forbes Global 2000. Many of the company’s customers include major global enterprises that send virtually all of their internet traffic through the company’s cloud security platform. The company’s customers operate in a variety of industries, including automotive, airlines and transportation, conglomerates, consumer goods and retail, energy, financial services, healthcare, insurance, manufacturing, media and communications, public sector and education, technology and telecommunications services. Approximately 50% of the company’s revenue was from customers outside the United States for all periods presented.
Sales and Marketing
Although the company has a channel sales model, the company uses a joint sales approach in which its sales force develops relationships directly with its customers, and together with the company’s channel account teams, works with its channel partners on account penetration, account coordination, sales and overall market development. The company’s customer care and success teams maintain high-touch relationships with the company’s customers to deploy and manage the company’s cloud platform, identify, analyze and resolve performance issues and respond to security threats. Customer service touchpoints are opportunities to further develop the company’s relationship with its customers and potentially generate incremental revenue through the addition of new users and services.
The company’s channel partners consist of global telecommunications service providers, system integrators, value-added reseller partners and public cloud marketplaces, and the company leverages their relationships to expand its reach, improve procurement and accelerate customer fulfillment.
The company enters into agreements with its channel partners in the ordinary course of business. The contracts typically have a one-year term and renew automatically, subject to cancellation by either party upon 90 days’ notice. These agreements contain standard commercial terms and conditions, including payment terms, billing frequency, warranties and indemnification. The company’s channel partners generally place purchase orders with the company after receiving orders from customers. The company generally maintains privity of contract with customers through end user subscription agreements.
The company expects to continue investing in its channel partners as the company provides them with education, training and programs, including supporting their independent sales of the company’s solutions.
The company’s marketing strategy is focused on platform and brand awareness, which drives the company’s opportunity pipeline and customer demand. This strategy is account-based, enabling the company to pursue targeted marketing activities across both digital and non-digital channels. The company anticipates increasing its marketing team headcount and are investing in programs designed to elevate the company’s brand in the market and engage new enterprise accounts. The company also participates in a number of cloud and security industry events. In addition, the company has a deeply integrated ecosystem of channel partners, with whom the company engages in joint marketing activities.
Data Center Operations
The company operates its services across more than 160 data centers around the world, which are built to be highly resilient, have multiple levels of redundancy and provide failover to other data centers in the company’s network. The company’s data centers are co-located within top-tier internet interconnection hubs that have direct connectivity, known as peering, to major telecommunication service providers, SaaS providers, public cloud providers, internet content providers and popular internet destinations. A number of the company’s data centers are also located with the company’s service provider partners.
Compliance
Since successful completion of an initial independent third-party assessment in 2014, the company’s platform has received numerous industry standard and internationally recognized certifications upon successful completion of further independent third-party assessments, including ISO 27001, ISO 27701, ISO 27018, ISO 27017, SOC2, CSA-STAR, HIPAA and NIST 800-63C.
The company also built a leading U.S. and international government compliance portfolio. The company is authorized at the FedRAMP High level and Impact Level 5 with the DOD for ZPA. In addition, in the U.S., the company is authorized at both the FedRAMP Moderate and high levels for ZIA and ZPA. The company also holds ITAR, FIPS, CJIS and VPAT 508 in the company’s U.S. Government portfolio. The company also became the first cloud-based SaaS security company to achieve StateRamp for state and local governments. Internationally, the company is IRAP Protected and APRA in Australia, Cyber Essentials and G-Cloud in the UK, C5 in Germany, ‘in process’ for ITSG-33 Prob B in Canada, ISMAP in Japan, MTCS in Singapore, and most recently, Spain Gov CPSTIC catalog listing and ENS-High.
Intellectual Property
As of July 31, 2024, the company had more than 580 issued patents and pending patent applications, including more than 260 issued patents in the United States and other countries. The company’s issued patents expire between 2028 and 2043 and cover various aspects of the company’s cloud platform. In addition, the company has registered ‘Zscaler’ as a trademark in the United States and other jurisdictions, and the company has registered other trademarks and filed other trademark applications in the United States. The company is also the registered holder of a variety of domestic and international domain names that include ‘Zscaler’ and similar variations.
Research and Development
The company’s research and development expenses were $499.8 million for the year ended July 31, 2024.
History
Zscaler, Inc. was founded in Delaware in 2007. The company was incorporated in state of Delaware in 2007.
