 Welcome to theCUBE's continuing coverage of AWS re-invent 2021. I'm your host, Lisa Martin. We are running one of the industry's most important and largest hybrid tech events of the year this year with AWS and its ecosystem partners. We have two live studios, two remote studios and over 100 guests. So stick around as we talk about the next 10 years of cloud innovation. I'm very excited to join by another Lisa from Zscaler. Lisa Lorenzen is here with me, the field CTO for the Americas. She's here to talk about Zscaler's mission to make doing business and navigating change a simpler, faster and more productive experience. Lisa, welcome to the program. Thank you, it's a pleasure to be here. So let's talk about Zscaler and AWS. Talk to me about the partnership of what you guys are doing together. Yeah, definitely. Zscaler is a strategic security ISV partner with AWS. So we provide AWS customers with zero trust secure remote access to AWS. And this can improve their security posture as well as their user experience with AWS. Zscaler recently announced that we are the first and only cloud security service to achieve the FedRAMP-IO5 authorization to operate. And that FedRAMP ZPA service is built on AWS GovCloud. Zscaler is also an AWS marketplace seller where our customers can purchase our zero trust exchange services as well as request our high value security assessments. We're excited about that as we're seeing a rapid increase in customer adoption of Zscaler via the AWS marketplace. We've vetted our software on AWS Edge services that support emerging use cases, including 5G, IoT and OT. So for example, Zscaler runs on wavelength, outposts, snowball and snow cone. And Zscaler has strategic partnerships with leading AWS service providers and system integration partners, including Verizon, NTT, BT, Accenture, Deloitte and many of the leading national and regional AWS consulting partners. Great summary there. So you mentioned something I want to get more understanding on. It sounds like it's a differentiator for Zscaler. You said that you guys recently announced you're the first and only cloud security service to achieve FedRAMP-IO5-ATO built on AWS GovCloud. Talk to me about IO5-ATO and what the significance of that is. So the IO5 authorization to operate means that we are able to protect federal assets for the Department of Defense as well as for the civilian agencies. It just extends the certification of our cloud by the government to ensure that we meet all of the requirements to protect that military side of the house as well as the civilian side of the house. Got it, super important there. Let's talk about Zero Trust. It's a super hot topic. We've seen so many changes to the threat landscape during the pandemic. How are some of the ways that Zscaler and AWS are helping customers tackle this together? Well, I'd actually like to answer that by telling a little bit of a story. Gromark is one of our Zscaler and AWS success stories. When they had to send everyone home to work from home overnight, the quote that we had from is, the users just went home and nothing changed. ZPA made work from anywhere just work and they were able to maintain complete business continuity. So even though their employers might have had poor internet service at home or maybe challenging infrastructure, if you've got kids on your wifi, bunch of kids in the neighborhood doing remote school, everyone's working from home, you don't have the reliability or maybe the bandwidth capacity that you would when you're sitting in an office. And Zscaler private access is a cloud delivered Zero Trust solution that leverages dynamic resilient TLS encrypted tunnels to connect the user to an application rather than putting an endpoint on a network. The reason that's important is it makes for a much more reliable and resilient service even in environments that may not have the best connectivity. I live out in the county. I really some days think that there's a hamster on a wheel somewhere in my cable modem network and I am a consumer of this, right? I connect to Zscaler over Zscaler private access. I'm protected by Zscaler internet access. And so I access our internal applications that are running in AWS as well this way. And it makes a huge difference. Gromark really started with an SAP migration to AWS. And this was long before the pandemic. So they started out looking for that better user experience and the Zero Trust capability. They were able to ensure that their SAP environment was dark to the internet even though it was running in the cloud. And that put them in this position to leverage that Zero Trust service when the pandemic was upon us. That ability or that quote that you mentioned it just worked was absolutely critical for all of us in the every industry. And I'm sure a lot of folks who were trying to manage working from home with spouses from home, kids doing, you know, school online also felt like you with the hamster on the wheel. I'm sure their internet access but being able to have that business continuity was table stakes especially early on for most organizations. We saw a lot of digital transformation a lot of acceleration of it in the last 20 months during the pandemic. Talk to me about how Zscaler helps customers from a digital transformation perspective and maybe what some of the things were that you saw in the last 20 months that have accelerated. Absolutely. Another example there would be Jefferson Health and really as we saw during the pandemic, as you say it accelerated a lot of the existing trends of mobility but also migration to the cloud. And when you move applications to the cloud honestly it's a complex environment and maybe the controls and the risk landscape is not as well understood. So Zscaler also has another solution which is our cloud security posture management. And this is really ensuring that your configuration and your environment that those workloads run in is controlled, understood, correctly coordinated and configured. So as Jefferson Health migrated to the cloud first model they were able to leverage Zscaler's workload posture to measure and control that risk. Again, it's environment where the combination of AWS and Zscaler together gives them a flexible resilient solution that they can be confident is correctly configured and thoroughly locked down. And that's critical for businesses in any organization especially as quickly as how quickly things changed in the last 20 months or so. I do wonder how your customer conversation has changed as I introduced you as the field CTO of the Americas for Zscaler. I'm sure you talk with a lot of customers. How has the security posture, Zero Trust has that risen up within the organizational chain? Is that something that the board is concerned about? My gosh, yes. And Zero Trust really has gone through the Gartner hype cycle. You've got the introduction, the peak of interest, the trough of despair and then really rising back into what's actually feasible. Only Zero Trust has done that on a timeline of over a decade. When the term was first introduced, I was working with firewall VPN and NAC technology and frankly we didn't necessarily have the flexibility, the scalability or the resilience to offer true Zero Trust. You can try to do that with network security controls but when you're really protecting a user connecting to an application you've got an abstraction layer mismatch. What we're seeing now is the reemergence of Zero Trust and this was greatly accelerated honestly by the cybersecurity executive order that came out a few months ago from the Biden administration which made Zero Trust a priority for the federal government and the public sector but also raised visibility on Zero Trust for the private sector as well. When we're looking at Zero Trust as a way to perhaps ward off some of these high profile breaches and outages like the colonial pipeline whole situation that was based on some legacy technology for remote access that was exploited and led to a breach that they had to take their entire infrastructure offline to mitigate. If we can look at more modern delivery mechanisms and more sophisticated controls for Zero Trust that helps the board address a number of challenges ranging from obviously risk management but also agility and cost reduction in an environment where more than ever belts are being tightened new ways of delivering applications are being considered but the ability to innovate is more important than ever. It is more important than ever to be able to innovate but in it really changing security landscape. I'm glad to hear that you're seeing this change as a result of the executive order that President Biden put down in the summer. That's good news. It sounds like there's some progress being made there but we saw you mentioned colonial pipeline. We saw a lot in the last 20, 22 months or so with ransomware becoming a household word also becoming something that is a matter of when companies in any industry get hit versus if it's no longer kind of that choice anymore. So talk to me about some of the threats and some of the stats that Zscaler has seen particularly in the last 20, 22 months. Oh gosh. Well, let's see. I'm just going to focus on the last 12 months because that's really where we've got some of the best data. We've seen a 500% increase in ransomware delivered over encrypted channels. And what that means is it's really critical to have scalable SSL inspection that can operate at wire speed without impeding the user experience or delaying critical projects, server communications, activities that need to happen without any additional latency. So if you think about what that takes the Zscaler internet access solution is protecting users outbound access in the same way that Zscaler private access protects access to private resources. So we're really seeing more and more organizations seeing that both of these services are necessary to deliver a comprehensive zero trust. You have to protect and control the outbound traffic to make sure that nothing good leaks out, nothing bad sneaks in. And at the same time, you have to protect and control the inbound traffic and inbound is a much broader definition of apps in the data center in the cloud these days. We're also seeing that 30% of malware is delivered through trusted applications like file shares or collaboration tools. So it's no longer enough to only inspect web traffic. Now you have to be able to really inspect all flavors of traffic when you're doing that outbound protection. So another good example where Zscaler and AWS work together here is in Amazon workspaces. There's a huge trend towards desktop as a service, for example. And organizations are starting to recognize that they need to protect both the user experience and also the connectivity onward in Amazon workspaces the same way that they would for a traditional end user device. So we see Zscaler running in the Amazon workspaces instances to protect that outbound traffic and control that inbound traffic as well. Another big area is the ransomware infections or not the problem, it's the result. So over half of the ransomware infections include data theft or leakage. And that is a double whammy because you get what's called double extortion where not only do you have to pay to unlock your machines but you have to pay not to have that stolen data exposed to the rest of the world. So it's more important than ever to be able to break that kill chain as early as possible to ensure that the user or the server traffic itself isn't exposed to the initial infection vector. If you do happen to get an infection vector that sneaks through, you need to be able to control the lateral movement so that it doesn't spread in your environment. And then if both of those controls fail, you also need the outbound protection such as CASB and DLP to ensure that even if they get into the environment they can't exfiltrate any of the data that they find as a result. We're seeing that the largest security risk today is lateral movement inside the corporate network. And that's one of the things that makes these ransomware double extortion situations such a problem. Last question for you. And we've got about a minute left. I'm curious, you said over 50% of ransomware attacks are now double extortion. How do you guys help customers combat that? So we really deliver a solution that eliminates a lot of the attack surface and a lot of the risk. We have no inbound listener unlike a traditional VPN. So the outbound only connections mean you don't have the external attack surface. You can write these granular policy controls to eliminate lateral movement. And because we integrate with customers' existing identity and access management we can eliminate the credential exposure that can lead to a larger spread in a compromised environment. We also can eliminate the problem of unpacked gateways which led to things like colonial pipeline or some of the other major breaches we've seen recently. And we can remove that single point of failure so you can rely on dynamic optimized traffic distribution for all of these secure services. Basically what we're trying to do is make it simpler and more secure at the same time. Simpler and more secure at the same time is what everyone needs regardless of industry. Lisa, thank you for joining me today talking about Zscaler and AWS Zero Trust, the threat landscape that you're seeing and also how Zscaler and AWS together can help customers mitigate those growing risks. We appreciate your insights and your thoughtfulness. Thank you. For Lisa Lorenzen, I'm Lisa Martin. You're watching theCUBE's coverage of AWS re-invent, stick around, more great content coming up next.