ZScaler copycat

iboss:
https://www.iboss.com/
https://www.iboss.com/why-iboss-beats-zscaler/

tj

2 Likes

Latest estimate is $35 million in annual revenues vs. $300 million for Zscaler, with Zscaler growth accelerating. In 2017 iBoss had 50% revenue growth.

Tinker

9 Likes

I’v not done a comparison of Zscaler to anything else, because there was nothing else to compare it to. I’ve not done anything but scratch the surface by looking at the iBoss comparison chart. The only thing that jumped out for me was “Complex policy support including Policy Inheritance and Policy Layers.” To most of you that probably isn’t a big deal, but let me assure you, it is a big deal.

Why? Security policies are often less than straightforward assertions of right to perform create/read/update/delete (CRUD). And this is not comprehensive, extend to print, email, copy, etc. On top of this, there can be numerous contingencies, related to user citizen/resident status, job code, training, etc. All this results in complex policies. The more that can be encoded into the policy, the easier it is to maintain security for a large user group. For example, if a training requirement must be met every year, a policy can be written to look up trainings and make the decision. A human will not be required to manually review trainings for all the users. Inheritance is the ability to transfer all the parameters of a security policy to all child members of a hierarchy. This eliminates the need to create and maintain multiple identical policies.

The implication from the iBoss chart is that Zscaler does not support this functionality with respect to security policies. I never looked, I assumed that Zscaler at least supported inheritance. This single administrative service, if not met with similar functionality in Zscaler could be significant.

If not me, somebody needs to dig in on this. This does not immediately mean that iBoss will be stealing current Zscaler customers, or even winning competitive bids, but it is certainly worth finding out more and watching the numbers of both companies.

13 Likes

Brittle,

I don’t know if these are applicable, but this is what I came up with doing a quick search for Zscaler.

https://help.zscaler.com/zpa/about-policies
https://help.zscaler.com/zia/configuring-policy-using-zscale…

I have not idea what all the gibberish means. Perhaps you do.

Tinker

1 Like

Gartner Magic quadrant shows ZS as clearly the leader

https://www.gartner.com/doc/reprints?id=1-5V82IH0&ct=181…

6 Likes

Gartner Magic Quadrant. It’s worth keeping an eye on Iboss as they are gaining traction each year, but so is ZS. Surely, there’s room for both?
They are pretty far along as visionaries and with in a year or two could start executing as good as ZS.

Thanks Tinker,
SAML (Security Assertion Markup Language) is implemented within Zscaler. SAML is a open standard, special case XML technology used specifically for creating security policies. SAML was created by OASIS (an open source standards body). The general format of a SAML policy (referred to as an “assertion”) is:

Assertion A was issued at time t by issuer R regarding subject S provided conditions C are valid

This is a more powerful format than it might first appear, but in general there are no security conditions in the digital domain that can not be addressed by one or more SAML assertions (there are any number of reasons that a security administrator might prefer to apply multiple assertions rather than just one).

I am not a SAML expert - far from it, but I have a general idea of what it is and what it does. I do not know for certain that it addresses inheritance, but I would be surprised if it failed to do so.

In a nutshell, I find the iBoss comparison with Zscaler somewhat misleading in this respect, in that it suggested that Zscaler did not accommodate policy formulation and inheritance. It appears that Zscaler does support these functions through SAML.

BTW, you don’t need a SAML expert on staff to use it. Many simple assertions that cover a large percentage of common policies are pre-written and can be downloaded from the web. The administrator is still required to fill in the blanks, but the XML is already in place.

9 Likes

Inheritance is a non-trivial issue. E.g., a given policy might apply to all members of a department, but members of a group within that department might have additional privileges. Defining the second group from scratch and then then having to maintain each independently is much worse than the second group inheriting from the first. Worse yet, there might be individuals in many groups who had special privileges that others in any of the groups had, so multiple inheritance would greatly simplify both construction and, more importantly, maintenance.

Tamhas,
Exactly, this is why I highlighted inheritance as a critical issue in the first place. The folks at OASIS are industry heavyweights, drawn from the software and other industries that are heavy users of computing. I can’t imagine that they would overlook this critical capability.

Early in my career, every application created its own security functions. Permissions were assigned one by one for each user and each application depending on their job function. As I was in IT and did a lot of testing at the time, I had numerous sign on IDs in order to take on different user roles during testing. Security maintenance was often a full time job and error prone as users transferred, quit, got reassigned and so forth.

3 Likes