00:00
Hi everybody. Welcome to DEMO, the show where companies come in and they show us their latest products and services. Today, we have a special episode: Zscaler is going to be here, and they’re going to show us their Zscaler private access, but they’re not here. So instead, we’re going to go out to San Francisco and meet with one of our co-hosts, Brandon Mahne. Brandon, take it away.
00:16
Thanks, Keith. I’m here with the Zscaler team with Joby Menon. Welcome, Joby.
00:20
Thanks, Brandon, nice to be here.
00:22
We’re so excited to have you. We’re so excited to hear about zero trust network access. What are you showing us today?
00:29
Today, I’ll be showing you the Zscaler Private Access product, which pioneered the zero trust network access market segment, if you will. And I’ll be showing you the most comprehensive and unified solutions for all private application access via ZPA.
00:44
Outstanding. So when we think about the landscape of users, of buyers, who is this really targeted at? Who would use these products?
00:52
So ideally, this product is bought by the CIO and CISOs of any corporate or enterprise. And they buy this product for their end users, whoever they are serving, any knowledge worker, any employee, any third-party businesses that they do business with, and they need to provide secure access to private applications. So they will buy this product and deploy it for those end users to access it.
01:15
I know as a chief technology officer, we’re always trying to evangelize security is everybody’s responsibility. Whether you’re a CISO, you’re a CIO, like you said, when you think about those users, why do you think and why does Zscaler believe that they should be prioritizing and thinking about zero trust network access?
01:35
If you think about how the businesses have evolved in the last few years or so, applications are everywhere, and all the enterprises are going digital. Several digital applications, even applications like McDonald’s, or any others will say, ‘Okay, if it takes one more second for an order to be received, it’s a business loss forever.’ So there’s tons and tons of applications that are being built and they’re distributed globally. It’s not one place. And with this era of distributed applications and users who want to work from everywhere, most of the organizations have become global companies because the markets are expanding. So in that mode of how do you provide access to applications, where both ends are moving targets — applications are moving, the users are moving, and you need to be able to provide secure access to all these moving parts in such a way that it enables the business and not deter them or put them backwards. Security cannot be a blocker anymore. Security has to enable these businesses. So you have to do it in a modern way. And that’s what ZPA is about: get rid of the legacy way of doing things, which is castle and moat, bring everybody to a central place and put them in a cage, if you will, and then get them access to something. This is about a new way of doing things, no matter where the business is, no matter where the application is, no matter where the user is, provide safe and secure access to those resources for the applications and enable business security.
03:03
I love that explanation. The things that keep me up at night are exactly what you said. How do we do this and not get in the way of business outcomes? How can we be secure and still be enabling? It’s super important. One question that I have is, if not for Zscaler, what else would somebody be using? What are some other things?
03:24
That’s a very interesting question. If they don’t buy this, what they will do is they will maintain the status quo. Sound familiar? The way I think about it is, “Okay, I have a car. It runs. It has 300,000 miles on it. Can I run it to the ground?” Yeah, sure. You can keep trying it. Safety. What are you compromising, safety and risk. Availability. So you’re risking safety and availability. The car may break down anywhere in the freeway, or whenever you actually need the most, when you have a most important meeting, that’s when it will not start. So you can ride it, sure, absolutely, but you’re risking it. It’s the same way. Previously, there were several independent, disjointed and disintegrated technologies are in the market for you to provide these use cases, for example, remote access. VPNs existed for about 20 to 25, years now. That’s the way for you to provide access. The application? Can it work? Yeah, absolutely. It can provide some access in the same way. But sometimes people will bypass that. Sometimes [they] will say, Oh, because the applications are moving, I’m just going to expose it to the internet so that people can access this, because my VPNs won’t scale, and so they’ll keep maintaining that status quo. So in my opinion, it’s a ticking time bomb. You’re just waiting for that to disrupt your business in a given day, and then you will be scrambling to buy a finite solution. So before that, it’s best for you to pre-plan and buy the right software that will allow you to scale, yeah, and make the business availability.
05:06
Well, that is a great intro and way into some of our demos. So where are we going to start today?
05:12
I’m showing you in the slide. So this is what we’re going to show, we added several new capabilities to the product in order to enable these use cases that I just mentioned. So one of the use cases that I’m going to talk about is, okay, I’m moving forward, but I still have some of those legacy stuff left in my environment. So what do I do as a business, as an enterprise, as a CIO and CISO, I cannot get rid of them. So I’m going to show you how ZPA can adopt to that environment as well.
Now it’s not just about modern, but also supporting where you are, right now, right then. I’m also going to show you how you can provide access to applications that are hosted by your business partners. You’re not doing business in a vacuum. You need to be able to provide support and work with B2B. So how do I provide application access from there, on top of that, how do I enforce you or allow you to have least privilege access. So how do I use AI ML technologies in order to look at your policies, look at your configurations, look at your transaction logs and give you recommendations on how you can actually implement least privilege access. On top of that, we will also show how you can write adaptive and conditional access policies on top of CPI and last, but not the least, availability. My business cannot be disrupted. So business continuity like, what are your business continuity plan? Okay, you’re buying the latest and the greatest technology. I want to be able to answer the question, what if? What if Zscaler cloud is down for whatever reason? Nation-state attack, anything could happen. What is my business continuity plan? So I’m going to show you how you can how you can plan for that as well.
06:43
Fantastic. Let’s get into it.
06:45
So let me show you a demo of the product capabilities. Okay, so this is how we are showing, for example, one of the traditional ways of people doing business calls. Voice over IP, telephony. People need to access that. So this is I’m showing how a call can be now routed over ZPA, Zscaler Private Access. This requires network to network connectivity, and here we are providing the access. So in the ZPA app, you will see that now we have two types of tunnels, the zero trust tunnel and a VPN tunnel that will allow for these legacy use cases to be supported right within the tool, and the users can make calls, provide connectivity. And it is configuration built right into the ZPA tool itself, where you go to the admin profile, do some basic configuration of where do you want to deploy this technology, which global location, around the globe, and you provide those configurations as to say, Okay, now how can ZPA support this, these legacy, one-off use cases that the customers are still stuck with. So modern plus legacy, all supported from one single platform. Ease of mental peace for our customers.
Then this is, I’m talking about applications, if those applications are hosted by a business party. Third-party, B2B use cases, if those applications are hosted by this and they don’t want to deploy any infrastructure in their environment, how can we provide application access to those hosted environments? So here I’m just showing how you connect that infrastructure to Zero Trust Exchange, which is the Zscaler cloud, without having to deploy any infrastructure on the business side. You define the locations where exactly those businesses exist, where exactly those applications are, and you do some of those connectivity configurations in our product UI. You come here, you select how the traffic is going to flow through those systems. And once you have done that, then you go into the configurations that you can be doing right in our product UI. And after you’re done with this location, you go and configure your applications. What are the applications that you want to allow access for this, where are these applications hosted? So it is what we call as in our product UI, is called application segments. So you configure these application segments and you just say, Okay, where are these external resources located? Because we just did the configuration of locations, you just link the two together, and then you go into your access policies to say, Okay, now I have configuration. I have applications. Now I’m connecting users to provide access to these applications. Which user can access these applications hosted by the third party? As simple as that, just configure some scheme groups provide those access and build right into the ZPA admin itself. You don’t have to go to 10 different places, no products. And the users, just like this, they will come and access these applications. For example, they just go to the browser, try and access and they get access to the to the partner applications.
So the next capability, like I said, least privilege access. The least privilege access is a very important element of ZPA. How do you actually implement these least privilege access policies? The idea here is we are now running lots of AI ML tools behind the scenes to look at your config, look at your access policies, look at your transaction logs, which users are accessing what applications. When are they using it? How are they accessing it? H, what port their applications are accessed? So we give all of that taken into consideration, and then we run AI ML model to tell you what should your policy look like, and we’re telling you how much your attack surface could be reduced by just acknowledging and adopting the recommendations that we are putting right in the product UI. Manually it will take people months and years to figure out who’s accessing what how do you write these policies? But these tools are built to be able to do that. On top of that, I’m also showing you, okay, you implemented this policy. How are those policies working? Take a look at this like very visually rich graphic interface for you to be able to see who’s accessing what applications, not just that. You can download that and you can see, okay, am I overly permissive in the scenarios, or am I underly permissive? How much am I blocking, or how much am I allowing all of those in a very rich visual, graphical interface. And you can view that by application groups, or you can view by user groups. You can decide how do you look at those views, and then you can even download these details. Not only that, we will also tell you policy usage. One of the biggest risk factors in this one is unused policies, because policies grow and people just leave them. So we are telling you, like, Okay, how many unused policies are in your configuration? Remove those unused policies nobody has hit them in the last 30/90 days. Or how is the policy usage looks like? So that they can react to those and reduce your risk constantly. That’s the idea.
Now, on top of that, we also allow you to do adaptive access and conditional access. For example, if the user is trying to access a very basic application, you’re connected to those applications and you just continue to access them, no friction in your path. You’re just accessing your applications. But if your risk changes, and if you’re accessing more sensitive applications based on certain criteria, we can challenge the users to ask for more severe authentication, or more secure authentication. For example, in this scenario, he’s asking for developer hub access, and we block that access. We say you have to verify. Now before you get access, granted access to these scenarios, the user has to go and do a second level of authentication, biometric, AL3, AL4, whatever level you want to set, and they do this higher level of authentication before they get access to the applications. Now, this is risk based, this is adaptive access based your usage based, any criteria can be used to define whether you want to do it, and now, because it did the authentication, now the user gets access to the application.
Now, last, not the least, what we talked about, business continuity. All of these features are great, but if the service is down, it’s of no use to anybody, and that’s why our Zscaler cloud is built for 99.9999% of availability, and it’s all there. Redundancy is built in the cloud. But we still want to answer that. What if question for our customers, what if the cloud is down, or what if my internet connectivity is down? What happens there? So you just come into the ZPA admin UI, and you write your business continuity policies, pre-built everything, and you deploy some custom infrastructure on the customer side, because we are giving now the control back to you, the customer. So bring the power of the cloud to your own control, to your own data centers, to your own private infrastructures. You can deploy that, and then all you need to do is come and do some of those configurations, and you say this is what you want to happen. Then the software takes care of the rest, even if there is any discontinuity in your business access. For example, in this scenario, the user is connected, working fine. Everything is going great. Oh, I lost my connection. Now what happens? The system automatically figures the piece out. It got connected automatically to your private infrastructure. User is up and running like completely transparent to the end user. They just go ahead and type their applications and they get access to the applications. Nothing interrupted from a user’s perspective, it all happened in the background. All you needed to do was set these things up in a business continuity mode. Any piece of the infrastructure could go down. It could be the local user’s internet is down. It could be the customer’s internet is down. It could be Zscaler cloud is down. So all of those considerations are taken into account before we build this business continuity plan for our largest customers (banking customers, healthcare customers, government regulated industries). One minute of system down is millions of dollars of business lost for them. We cannot have that. So 100% business continuity availability in the power of the customers is what we have. All these features, capabilities now available to the customers in a business continuity mode as well.
14:38
That is a impressive suite. I always talk about belt and suspenders. How do we make sure that we’re ready for anything that could or could not happen? It seems like, with all of these tools, your number one focus is a lot on usability, on democratizing and letting more admin administrators help you, and then being able to deploy this in multiple places. It seems like a very strong solution.
15:00
The idea of zero trust network access was pioneered by Zscaler. Zscaler private access is the name of the product, and just look at the market. Everybody has named their product as a company name private access. So they are all copying it. So that’s a great testament of how far we have come along on this journey. But this new set of capabilities extends that company to a whole new level. Doesn’t matter whether you have legacy applications, doesn’t matter whether your applications are hosted by a business partner. How do you actually implement least privilege access? It’s a very, very, very critical aspect of it. People say, Oh, just write user-to-application access. So we have built tools for the customers to be able to accelerate the journey and get that actually implemented, not just pie in the sky kind of a thing. You have to be able to do it right. And then on top of that, we just said, business continuity is very, very, very key for anything that the customer does, and that’s what we have done. We have reduced or removed any barrier or any sales objection that the customers may have in order to adopt ZPA, built for the user.
16:14
That is very evident. Outstanding. Any other final thoughts that you wanted to share today as we wrap up our demo?
16:21
The final thought is, come and try this out. We have all these new capabilities. It’s also available on our website as an on-demand webinar. If you wanted to dive deeper into each of these capabilities, you just go to our website, register at Zscaler.com. Go there, and you can just search for ZPA new releases in in Google, it will take you right there. We had a massive launch, 502,000 customers joined our live webinar, so that recording is available on our website, so anybody can come and watch the details of everything that I’m showing you here.
17:14
Well, thank you so much, Joby, we appreciate you being here. This was a great demo. Keith, sending it back to you.
17:22
Thanks, Brandon, that’s all the time we have for today’s show. Be sure to like the video, subscribe to the channel and add any thoughts you have below. Join us every week for new episodes of DEMO. I’m Keith Shaw, thanks for watching.