Zero trust for everyone?

I have been a long time owner of ZS. I think my first buys were below $40. I think anyone not using zero trust is asking for trouble. I have also owned NET for sometime. It also has its own zero trust capability. Can someone tell me the difference between these two security solutions?

Thanks in advance to the more tech savvy on our board…


Gordon, there are a few posts about this.

Here is one:…

And an overview type of post:…

Those are links to my posts, but all those threads have major contributions from nay techies on the board about security and Zero-Trust specifically.


Thanks for the reminder on those various posts. I’m still not clear on how NET’s zero trust compared to Z Scalers.

In august the company talked about installing a physical presence in 1000 of the largest office buildings. Does anyone know how this effort is progressing? I have just written investor relations, but thought/hoped someone here might have the info. It seems to me that this will give us an indication of the company’s ability to execute on its plans.


1 Like

I won’t go through all the features. There are just too many and I’m not at all qualified. Those that are please correct anything I write that may be misleading, please.

From reading Muji before his paid service began and since behind his paywall, Cloudflare has been keeping up with Zscaler’s Zero Trust capabilities, begining two years ago. That was when I bought Cloudflare at $34/share. And Cloudflare has been keeping up since, IMO.

Muji-Updates on Cloudflare’s Zero-Trust and SASE, Muji on 7/23/21:
Now they need to sell it. My only question from here is how well the sales team can pivot more into enterprise and governmental sales for Zero Trust and SASE Networking, instead of the DevOps audience they normally serve with Application Services (web app developers). The large lands they mention in earnings calls are a good sign that enterprise sales are starting to hum. And on the governmental side, they finally showed up in the FedRAMP Marketplace this month, a sign they hit “In Process” status. Per a slide in a Cloudflare Connect session, they are expecting FedRAMP Moderate in 2022. Unfortunately, they seem a bit behind in this – Zscaler is already at FedRAMP High for its Zero Trust ZPA product. (To be clear, Cloudflare already have the FBI, Dept of State, Dept of Interior, and Library of Congress as customers. FedRAMP approval is to make it easier for all the other governmental agencies to start using Cloudflare One without the friction of getting it internally approved.)




This topic has come up before so here’s from my notes 8/24/20.

Both Zscaler and Cloudflare provide services that protect all traffic end-to-end across the entirety of their global edge network. Traffic from endpoints securely enter their global network and are now able to be protected all the way to the final destination (SaaS service, internal APIs, etc), then back again. They are protecting both outgoing requests (from a customer’s users to the SaaS services they utilize), and incoming requests (from a customer’s customers or workforce to the internal services they utilize).
Cloudflare has their Argo Tunnel product to bring their edge network all the way into your data center (protecting the edge-to-origin above). Their Magic Transit product goes a step further, and brings Cloudflare’s platform directly onto your enterprise network. They then added another product, Cloudflare Access, to protect incoming traffic, allowing users to safely access a company’s origin server, regardless of where it lives (in the cloud or an on-prem data center). This is accomplished through Zero Trust capabilities they have built, which are possible due to the software-defined networking architecture they’ve adopted.
Using those software tunnels, the only unprotected part left was the Last Mile between the endpoint (requesting device) to the nearest edge server. So Cloudflare then created a Secure Web Gateway (SWG) product called Cloudflare Gateway, to protect the traffic from the endpoint making requests to the SaaS services that an enterprise uses. Between outgoing traffic production in Gateway and incoming traffic protection in Access, Cloudflare now offers end-to-end protection of network traffic for an enterprise’s users.
If this combo sounds familiar, it is because this is entirely what Zscaler (ZS) has built. They protect outgoing traffic from endpoints to external servers (ZIA, their Secure Web Gateway) and incoming traffic from endpoints to origin servers (ZPA, their Zero Trust secure access method). Cloudflare evolved their Gateway and Access products into a new competiting platform called Cloudflare for Teams. [See more details on Cloudflare for Teams in my Cloudflare deep dive from March].

Thanks Muji.




Jason, thanks. This is the answer I was hoping to learn. NET is one of my highest conviction holdings. That the company can provide ZS-like protections whole providing faster access makes it seem like a no-brainer.


1 Like

as Jason mentioned, i’ve discussed the dynamics between these companies a lot in any posts on Zscaler and Cloudflare.

for those new to Zero Trust, i recommend reading up on the ecosystem first, which is public post from a while back: while more recently, i extensively broke down Zscaler’s platform in December:

Zscaler is the godfather of this industry, what is now being dubbed the SSE (secure service edge) combination of SWG + Zero Trust (ZIA + ZPA), which is about allowing secure & performant access from enterprise users to apps (external apps via SWG, internal apps via Zero Trust). It’s all about securing the user traffic over the enterprise. Cloudflare entered this arena with Cloudflare for Teams (Gateway + Access) in Jan-21.

SASE Networks are the next extension of the Zero Trust mindset, to interconnect all the disparate networks securely through a managed network-as-a-service. Zscaler is starting to move into this more, and is huge moves into cloud-native security and machine-to-machine Zero Trust (protecting workload-to-workload or app-to-app traffic across cloud and on-prem environments). But Zscaler’s approach is workload-specific, not network-specific. Cloudflare, in contrast, is further along in SASE Network capabilities to interconnect between all the network environments (in Magic WAN).

Both have enterprise focused GTM. I think Zscaler is a heavier lift to implement, typically requiring an all-or-nothing shift via system integrators. Cloudflare seems to allow for more piecemeal adoption through simpler methods (tunnels & WARP). I believe they go head-to-head in customer evals into Zero Trust.

Zscaler is WAY better situated with Federal business, though, having FedRAMP High. Cloudflare, while heavily used by fed agencies, is still waiting for FedRAMP Moderate (should come any day now – and Datadog just got their Moderate designation in Jan-22). However, Cloudflare have a huge deal with Accenture to provide secure DNS services to CISA for all federal agencies, so it too is getting a piece of pie as US Fed govt shifts to Zero Trust. I wish they were further along in FedRAMP though, for the coming wave. Zscaler seems well positioned to win a lot of it.

  • muji