"We are revolutionizing the tech landscape through comprehensive, cost-effective protection for internet-connected devices," says Scott Robertson VP APJ at Zscaler.
Zscaler is fast emerging as a powerful catalyst that is bringing cloud computing to internet security. Scott Robertson, Vice President, Asia Pacific and Japan, Zscaler on an India visit spoke exclusively to CSO India on the company’s focus on cloud and the road ahead for modern organizations. The big benefits -- technology-wise and economy-wise -- from Zscaler cloud platform becomes the most compelling part of the digital transformation journey for the modern organizations, he says.
What according to you are the new age pain points of CSOs and CISOs in APJ? Are they unique to countries like India?
At a broader level, particularly with CIOs, CTOs,CSOs across organisations in APJ are presently struggling to deal with the journey or the shift towards the digital world. Primarily from different angles including proliferation of mobile devices, ‘work from home’ cultures, perimeter less networks, more workloads moving to cloud whether it is SaaS solution, private or public cloud. More of those workloads are quickly shifting outside of the datacentre.
Five years ago, the investments by organizations were around building a castle of hardware architecture and the perimeter around the network. That old IT infra set-up is now a thing of the past and it does not work much beyond a point. The challenges of modern CIOs revolve around adopting an architecture that addresses these challenges, containing cost of IT, simplifying IT with a robust layer of security.
The India market is much similar to APJ though it does have some local challenges. The change of government has seen a surge in investments to make India digitally enabled. A key challenge in India is the time spent during travelling which accelerates the culture of home or flexible working hours by the companies. That’s where the mobility piece comes to the forefront.
Companies are not just continually buying more technology anymore. They want technologies with a direct correlation that helps solves their IT or business related problems much faster.
Digital companies with social, cloud, mobile, IoT open a newer and wider attack vectors for hackers. That’s an enormous pressure on CSOs and secondly for security companies to plug more gaps than ever before?
There is an immense pressure on the organisations to innovate and adapt new IT infra. And at the same time the market trends are shifting rather swiftly. Almost half a decade ago the key IT role was in fact building big datacentres and big towers as the company’s business and operations increased. The cost benefits of moving to cloud environment quickly negated the initial security and control cost to manage your own perimeter.
Today’s organisations are moving more workloads to AWS or Azure and more Apps are now SaaS. Therefore security landscape has to evolve too. Innovative companies like Zscaler and a host of other companies are building solutions to provide security for the mobile digital cloud world. There are plenty and more opportunities for Zscaler to innovate and disrupt the traditional old appliance based world.
Have cloud SLAs changed over the years? What are their three ‘top-of-the-mind’ expectations from ZScaler?
We are a cloud based service company versus traditional hardware based model. Typically the SLAs of our customers revolve around key performance areas and uptime wherein we have five 9s uptime with delivery as a service. CIOs and CTOs expect minimal latency with cloud providers to push workloads to other places (third party DCs or Cloud Providers) without impacting their company productivity.
Data security which may not be limited to SLAs per se is nevertheless a crucial requirement of CIOs and CSOs. We have a robust data privacy statement for all our customers including some largest ones globally in financial, government, education and manufacturing to name a few.
Zscaler claims to be industry’s first security as a service platform. Are CSOs still reluctant to put financial data or customer facing data on cloud based platforms?
From cloud perspective, the first movers were the non-critical apps. We have moved the first phase and more organisations are moving sensitive Information into the cloud. There are SLAs in the industry to protect company information in ERPs and financial data. We see larger organisations going down the cloud path while some continue to hold financial data close to them.
Zscaler cloud is not about hosting your information in our cloud. Zscaler’s Security Cloud is a comprehensive, carrier-grade internet security and compliance platform running in 100 plus data centres distributed across the globe. The policies are enforced individually from wherever the employee is accessing applications securely without impacting the company critical information. Security checks and balances are built in our solutions which is about nothing bad getting in and nothing good going out from the network. We are not just about protecting those Apps but provide a secure access over the internet to Apps across private or public cloud or mobile devices.
Zscaler has been a leader in Gartner quadrant for six consecutive years for secure web gateways. What keeps you ahead of fierce competitors like Blue Coat (now Symantec), Forcepoint, Cisco and others?
We are thrilled that a company of our size and tenure has been leading the domain of web security gateway. We have many competitors in various domains of the security world beyond secure web gateway (an important part of Zscaler cloud security).
We have web application solutions that compete with traditional APT vendors, nextgen firewall capabilities that puts us face to face with NFGW guys. We offer bandwidth control, DLP and other parts of the security conundrum. We don’t compete particularly with one security vendor direct because they don’t everything that we offer.
The companies appreciate the value proposition and cost reduction when they move to Zscaler security cloud. They don’t need to invest in appliances anymore and they can move from Capex and shift from Opex model. The big benefits - technology-wise and economy-wise -from Zscaler cloud platform becomes the most compelling part of the digital transformation journey for the modern organisations,
Over the next twelve to eighteen months, more workloads will move over 365, Gmail and majority of the communications of the customers will move to cloud based providers and Zscaler as an enabler would move the workloads to the cloud in a secure way.
Your list of trends in the security space to watch out in next couple of years.
We see a continuation of ransomware which is now serious business threat than as a individually targeted activity a few years ago. Botnets that will have critical implications on the organizations’ security posture. Also nation and state cyber-attacks are expected to be on the rise in 2017 and beyond.
Machine learning is an interesting emerging area as well as drones. New forms of IoT means more threats vectors seen recently with Mirai malware impacting millions of IoT connected cameras. Proliferation of IoT interconnected devices estimated to be 20 billion plus in the next few years is a serious concern as many of these devices will come with minimal security baked into it.
Murkier threat land space means good business for security vendors like Zscaler.
That’s the way the world is and the organisations are well aware of the multiple threat vectors facing them today. The business is good for companies into cloud based and security as a service companies like us.
However there is more evangelism needed across the entire ecosystem of channel companies, technology consultants and CSOs /CTOs of end customers to move away from traditional appliance based era to the new cloud world.
Scott Robertson’s 5 security trends for 2017
1. Ransomware to continue as a serious business threat.
2. Botnets to impact the organisations’ security posture.
3. Nation and state cyber-attacks expected to rise more.
4. Machine learning, AI, drones to come to the forefront.
5. IoT to widen the multi-vector surface threat for hackers.