ZScaler CEO interview

On January 31, 2022 an article and interview published on Venturebeat: https://venturebeat.com/2022/01/31/zscaler-ceo-network-secur…

A lot of what was said really highlighted Zscaler’s leading position and expected continued growth! ZS is currently my third largest position in my portfolio and the recent fall in price was an excellent opportunity to average down the cost basis.

I think zero trust is now driven by every CIO and CISO I talk to. Fifteen months ago, when I talked to CIOs or CISOs, probably a third would say, “Yeah, I’m interested in zero trust.” Now it’s nine out of 10 that would say, “I’m interested, and I have a budget for the project.”

In 2021, Zscaler expanded its offerings to provide zero trust for workloads.
“Just like users need to access applications, applications need to access applications–workloads need to access workloads,” Chaudhry said. “So that’s a new offering we brought to the market, and there’s tons of interest in it. I don’t even know anyone offering zero trust workloads at this stage.”

…In 2022, we expect this to be a big year for adoption of zero trust for workloads. Because that’s a relatively new area…

An illustration of Zscaler’s approach can be seen in how it’s protected customers from exploits of the remote code execution vulnerability in Log4j, he said. The vulnerability, disclosed in December, has affected a broad swath of enterprise applications and is considered trivial to exploit.
The flaw is the “most dangerous vulnerability” imaginable – but Zscaler customers have benefited from keeping their applications hidden by the Zero Trust Exchange, Chaudhry said.
“I had a number of customers who reached out to me and said, ‘Thank God I am hidden behind Zscaler. I need to patch my systems, but I’m not sweating. I have time to patch them, because they can’t be discovered and seen from the internet,’” he said. “So the faster the market embraces zero trust, the safer we will get.”

[Zero trust] started replacing VPN in 2020. In 2021, it became more than just a VPN replacement–it became their entire DMZ. Because if zero trust is only [replacing] VPN, then zero trust is too narrow. When customers deploy a zero trust [platform] like Zscaler, they replace all of their old-school appliances. Typically, in the DMZ they’ve got their global load balancers, their DDoS protection, their external layer of firewalls, IPS, and VPNs. With Zscaler Zero Trust Exchange, all of that goes away. We do all of that…

…then Siemens came and said, “This is wonderful, but I want to do the same thing for IoT and OT.” They have lots of plants and factories, lots of these IoT devices, lots of OT systems. And they want to enable them for zero trust. So we have some of the core offerings available [in IoT/OT]. Probably in the next three months, we’ll have the next release coming up with some additional key functions.

The [total addressable] market for zero trust for the user that we’re pursuing is about $49 billion. The TAM for workloads we are pursuing right now is about $22 billion. So it’s about a $72 billion total market we are pursuing. And we are very much leading – especially on the higher end. You take Fortune 500 companies, and 35% of them are Zscaler customers. And the number is growing pretty well. With Global 2000 companies, we’re over 25%. But there’s still a big market ahead of us.