Main content

Zscaler pitches cloud-based Internet security suite to midmarket

Phil Wainewright Profile picture for user pwainewright October 22, 2014
Zscaler believes its SaaS-like approach to delivering a cloud-based Internet security and compliance suite will help stem embarrassing breaches at midsized enterprises

© kreizihorse -
It's always seemed absurd to me for anyone to do Internet security anywhere else but in the cloud. After all, the cloud is where the threats come from. What's the sense in bringing malware into your own infrastructure in order to deal with it?

Then there's the question of economies of scale. When new threats arise, how can it be sensible for every enterprise to separately carry out its own analysis and detection? Far better to have a single shared facility in the cloud that monitors everyone's perimeter and instantly locks down any new threat for all, as soon as it attempts its first attack.

Yet conventional wisdom in enterprise computing says that Internet security is something that sits on an appliance guarding your network perimeter. This is the approach that US retailer Target was using, for example, when it suffered the loss of millions of customers' credit card details to Russian hackers during last year's holiday shopping season. Which I feel kind of proves my point.

Don't be a Target

Zscaler, which announced a new release of its cloud-based Internet security and compliance platform this week, feels the same way as I do [disclosure: I got to know the company last year working on a paid marketing project]. It believes its solution, which routes all traffic to and from the Internet through its own high-speed global proxy network, is a better alternative than the FireEye appliances that Target had installed. As its CMO Dan Druker told me in a briefing last week, FireEye is good at identifying threats but doesn't deliver an end-to-end solution.

We have built very rich capabilities in the cloud for that and it combines with the rest of our platform. We'll block threats from happening, whereas FireEye just reports.

Because we see all Internet traffic we can block threats immediately. All this stuff that's built into the platform, we've all integrated that together to be a really comprehensive protection.

Where ZScaler differs from other solutions is in its ability to act a as a filter that scans all traffic going to and from the Internet from all of an enterprise's devices, whether they're laptops out in the field, cash registers in stores or desktops and servers in the office. Because it sits in the cloud, it can act like a fine mesh laid across all of those devices. In one direction, it stops malware or unwanted content coming from the Internet, while at the same time it identifies and halts restricted types of data — such as credit card records or social security numbers — from being transmitted out to unauthorised destinations.

Does that mean Target wouldn't have lost data if it had been using Zscaler to protect its Internet connections? Druker wisely declines to give a blanket guarantee.

We would have made it much more difficult for the bad guys. We would never allow a cash register to try to talk to Russia.

In security it is all about how high is your wall and how hard do you make it for the bad guys?

SaaS versus appliances

An additional advantage for Zscaler is that it's delivered as SaaS, and in its latest release that includes a user-friendly management console. This makes it far easier to monitor and use than what you'll find with an appliance, says Druker.

If I'm Target or Home Depot, I might have a hundred appliances scattered all over the place. Because they're appliances they all suck at user experience. It's not the nice interface you expect from Salesforce or Workday. Zscaler's got that now, so you don't forget to set up your firewall so a cash register can talk to Russia.

Druker believes the SaaS positioning will help take Zscaler out to midmarket companies with 250 to 3000 employees. Newly recruited channel partners such as CDW are leading the sales charge.

Having an army of people to talk to people is key. We have to move the channel to the SaaS model.

The message to the midmarket is, get the same security as GE and Coke and Nestlé and NATO for less than the price of a Starbucks per user. Just send the traffic this way and you're safe.

This is an Internet security platform. You'll get the same security GE has for $2 per employee per month.

Being able to offer a complete solution as a service will also appeal to this market, says Druker.

The security market's always been appliances, and an appliance by definition is a point solution. Security hasn't gone to suites because the main form factor is an appliance.

We are very much positioning as a broad Internet computing platform. We're doing ERP for security.

This week's announcement also includes the launch of an ecosystem of partners that plug into Zscaler's APIs. There are networking products that use the APIs to automatically route Internet traffic out to Zscaler; analytics and management products that suck in Internet threat data; mobile device management providers that use the API to manage controls on packet forwarding and bandwidth quotas; and identity management vendors that can correlate usage patterns to individual users and give early warning of unsafe behavior.

Druker's parting shot was to point out the inherent contradictions of premises-based Internet security in an age when work is increasingly done out of the office. At the time of our call, I was attending last week's Dreamforce conference and using a mixture of hotel, conference center and airport wifi networks to access diginomica's cloud applications.

If I'm trying to protect Phil Wainewright on the Dreamforce wifi network when he's filing a story in Office 365 or whatever, how the hell does an appliance have anything to do with keeping you safe? If you were a Zscaler customer your traffic would be going through our global mesh on the way to the cloud, keeping you safe.

The idea that you're going to backhaul all that to a firewall somewhere, in the modern connected world that is just dumb.

Disclosure: The writer completed a paid consulting project for Zscaler last year.

Image credit: © kreizihorse -

A grey colored placeholder image