Zscaler is… “a cloud-native company that offers the market a complete set of the entire security stack that any client requires to connect their office or employees abroad in a Zero Trust model”, says Miguel Ángel Martos, Regional Sales Director for Spain, Italy and Portugal for a few months. “When I say abroad I mean the Internet, SaaS applications, external datacenters, public or private clouds…”, he adds.
In other words, any company that wants to protect its access to the Internet will need a proxy, a firewall, an IPS, antivirus, SSL interception tools, a DLP to prevent information leaks; and if in addition that Internet connection goes to clouds, you will need a CASB connection. “We really are a complete cloud security platform. Any client could have their entire connection to the outside world, in the broadest sense, simply by protecting themselves with the Zscaler cloud platform”, concludes Martos.
What sets Zscaler apart from other competitors? “The first thing is that we are a one hundred percent cloud company and this is quite relevant, because you no longer buy technology, you do not buy licenses, but you subscribe to a cloud service and our contracting method is by subscription”, says Miguel Angel Martins. This allows customers to have their security needs covered at all times, no matter what Internet usage patterns change “and you forget about patching equipment, having to properly size your infrastructure, anticipating investments…”, whatever comes being, in the purest sense, the advantages of the cloud and of the as-a-service models.
Zscaler is a well-known company in Spain, with some relevant clients, “but we believe that at this time in the market, Zscaler’s message makes much more sense than ever,” says Miguel Ángel Martos. The company is preparing with a strong investment in talent: 12 people in Spain “and we continue to grow”; a team that has commercial, pre-sale, post-sale, evangelization components…
Miguel Ángel Martos says that Zscaler is a company that was born eleven years ago, but that it was born to be at this moment, in this market change. What is happening? “Companies have stopped buying servers, they already subscribe to cloud services; they no longer buy licenses, but instead subscribe to services; developers no longer buy an entire infrastructure to develop, but go to DevOps mode; even networks are moving from a model of purchasing equipment to software-defined networks that you subscribe to. We believe that security must also adapt to this model; a model has to be adapted in which, without giving up the best technical features or a good user experience, it also adopts these subscription models for use”.
Martos says that in Spain we have seen how many companies in the financial and industrial environment have adopted cloud models very aggressively, seeking more agile mechanisms; It is something that, according to the Zscaler manager, is being seen now, in the midst of a health pandemic, when many companies continue to operate “thanks to the fact that they adopted digital transformation models.”
Platform vs best-of-breed
Platforms have become fashionable. Others speak of architectures. It does not matter. As threats grow and become more sophisticated, while attack surfaces have multiplied in the absence of a perimeter, simplicity is sought. A platform capable of bringing together different security tools makes the task of security managers easier. Have we forgotten the famous best-of-breed that became fashionable years ago that invited us to choose the best of everything with a layer of orchestration on top? “I would say that I don’t have to give up anything anymore. If you can count on a leading technology and you can also have a platform for that technology and a model of acquisition or consumption of that technology that is perfect, why are you not going to accept it?
Miguel Ángel Martos says that every day it is more difficult to be able to operate a network with multiple technologies and that the Zscaler platform does not cover the entire spectrum of security that a client may have.
He adds that Zscaler is promoting a way of operating security under the Zero Trust model whereby I can no longer trust my infrastructure; “Our approach to cybersecurity is to become the intermediary of your network and your users with the rest of the world, and I guarantee the connection in Zero Trust mode with the rest of the applications and services they access. I don’t think you’re giving up anything, on the contrary, I think you’re making security really operable.”
If, in the end, the security manager does not have to worry about managing vulnerabilities, sizing their infrastructure, operating the platform… then what role is left for the CISO? “I believe that precisely hiring security as a service frees the CISO from routine and low-value tasks and can dedicate their people and high-value resources.” These tasks are seen by Miguel Ángel Martos in two aspects, on the one hand, in trying to explain and identify the needs of the business to align them with that of security. And the other is that they can dedicate themselves to tasks that are truly relevant in terms of the security of their company; Why can’t a CISO dedicate resources, for example, to analyzing the vast amount of data they may have to identify KPIs and identify vulnerabilities? Why should a CISO be concerned about whether the firewall patch has been updated, about the rules applied, if his team has already negotiated the purchase of a technology, or if we have done the capacity planning correctly? “Don’t worry about that, which are tasks that, in my opinion, do not add the value that a CISO really has to have within the organization, which is to lead the security policy aligned with the business and anticipate needs that may arise. ”.
Impact of COVID and Telecommuting
“I believe that what COVID-19 is doing is accelerating a process that was already in the minds of many of our clients,” says Martos, pointing out that teleworking has shown that, although companies had a successful idea of teleworking , there have been two things that have not been taken into account. On the one hand, the dimension or scope that a company that dimensioned teleworking for between 5% and a maximum of 20% of the workers in a normal company could normally have, when in reality today we are talking about 80-85% of the workers in many cases have had to go home to work. This has meant that, although they had thought of a model to offer telecommuting, that model does not scale when I have to apply it quickly to a much larger mass of workers. “The second thing is that, if I really want to apply a real Zero Trust model for users, wherever they are, I may have to rethink the way I offer telecommuting services,” says Martos.
The manager mentions two great services of his company: Zscaler Internet Access, which is basically the entire security stack from inside your company to the outside, and Zscaler Private Access (ZPA), which is everything that has to do with the access of your user or elements outside your organization to your applications. “This ZTA is the part of Zscaler that is growing the fastest at the moment because this tool provides users outside the company, even if they are the employees themselves, but from outside the company, secure access in Zero Trust mode to the applications to which they belong. which they have to access, regardless of whether they are in the cloud or in a client’s private datacenter, and it provides a very interesting differential value”.
About this value, Martos explains that until now the way to provide access to these applications was done with a traditional VPN, and that providing access to the network represents a potential vulnerability, it exposes an attack surface because someone who accesses the network can investigate what happens on the network, in addition to accessing the service. “In our model, what we do is offer secure access only to the application you want to access, and we do it through our cloud service. In no case is your network directly exposed to the Internet. We are always in safe mode in the middle; We are the access gateway for your users, at your service and we do it one hundred percent securely. It is a unique mechanism that is also deployed without having to carry physical hardware, which has allowed us to help many clients deploy their telecommuting mode in a zero-trust mode, without having to physically deploy immediately.”
It is therefore a natural evolution of VPNs that, according to Martos, eliminates user experience problems, eliminates network access problems to be able to make lateral movements and, furthermore, does not require hardware.
At this time, Zscaler does not have a wholesaler, explains Miguel Ángel Martos, adding that they have direct agreements with partners, which are “very important” for the company.
The director of the telcos speaks as one of the figures with whom he works. At the telco level, “we have very important agreements with all the relevant operators”, including Telefónica or BT. “Many operators work with Zscaler and offer our cloud protection capacity in service mode, each with its own strategy. Some as part of their deployment of telecommunication lines, others as a fundamental part of their security structure”.
The second figure is the VARs, system integrators or consulting companies, “a model in which we strongly believe”. The Zscaler manager says that his company provides a technological value, a value also in the simplicity of deployment or predictability of spending, “but we do not provide, much less, all the layer that our clients need”. Cybersecurity is part of one element of many others that make up an entire network of infrastructures and this deployment requires operation, it requires adapting to the best uses, adapting to the specific problems of the client; “a client needs someone to advise and accompany him in this process”.
Martos mentions the figure of the Customer Service Manager (CSM) within Zscaler, whose function is to meet with each of the clients in a structured way in the company of the partner to talk with that client about the use they are making of Zscaler technology , find out if it’s what they expected, and offer advice on where you think you can improve.
There is also the Value Creation Team, a department whose mission is to sit down with the client “and study how the deployment of these Zscalers in an infrastructure has an economic impact and what savings the client can achieve.” These savings can come simply from the adoption of one technology over another or from the consolidation of technologies, but there is a battery of incredible costs that can result in savings that are also measurable, such as not having to dedicate time and people to operate this infrastructure. , not having to assume incidents because I have not done a correct update of the infrastructure. “I have yet to see a single example of a customer not seeing savings. Zscaler is proud that the clients we have are satisfied clients and many of them offer themselves as public reference, and I dare to tell you that 60 or 70 percent expressly mention cost savings as one of the reasons why they work with Zscaler ”.
What would be the typical Zscaler client? “I think they all fit. Given that Zscaler’s offer model is a subscription-based and cloud-based model, it is a model that, in our view, is perfect for the digital transformation strategy of any of our clients,” says the Regional Sales Director for Spain, Italy and Portugal. He adds that it is a suite of products valid for any client, for those who are very large and who have digital exposure to their clients, such as the financial sector; those who, due to their geographical dispersion, are considering, for example, reducing the cost of MPLS telecommunication lines, given that now all their services are in the cloud and they can connect directly to their services wherever they are, Zscaler as an intermediary cloud service is an immediate application to solve your security needs.
“In Spain we have clients that have tens of thousands of users of our technology, but there are clients with 400, 300 and 20 employees”, and the fact is that the cloud model is very well suited to precisely this.
In any case, Martos is clear about one thing: “I cannot imagine a client that does not adopt cybersecurity as a service as a principle.”
The right company at the right time
We are ending the interview with Miguel Ángel Martos, known since the days of Blue Coat, when he talked about firewalls, SSL and CASB traffic, or DLPs, web security or sandboxing in the days of Symantec. He told us at the beginning of the interview what later ended up being the headline: “Zscaler was born eleven years ago to be in this market change”. Zscaler. A company that offers, as a service, next generation firewall, web security, sandboxing / advanced persistent threat protection (APT), data loss prevention, SSL decryption, traffic shaping, policy management, threat intelligence… A company which, eleven years later, lands in the hands of Miguel Ángel Martos. It seems like destiny, the last of his shoe, a man for whom, a crush…
Miguel Ángel, was Zscaler destined for you? “I have been in the IT world for many, many years. You know that, unfortunately, the last stage of Broadcom has allowed us to have some time to plan our future and I have found two things: the company that I wanted and I have also been able, because I have had time, to check to see if I was sure. I have been lucky to be able to choose the company that fits and also compare and take my time. As I was saying, Zscaler was born to be in the market at this time. The goal is to become a One Billion company in less than three years”.
It is not a trivial objective nor is it achieved in two days, but the strategy seems appropriate and southern Europe has an expert.