 Welcome back to theCUBE, I'm Peter Burris, Chief Research Officer of SiliconANGLE and General Manager of Wikibon. And we're, as part of our continuing coverage of the RSA Show, we have a great guest, Zscaler, Amit Sin. Ha! Amit, welcome to theCUBE. Thank you for having me here. It's a pleasure to be here. So Amit, what exactly does Zscaler do? Zscaler is in the business of providing the entire security stack as a service for large enterprises. We sit in between enterprise users and the internet and various destinations they want to go to. And we want to make sure that they have a fast, nimble internet experience without compromising any security. So that, if I can interpret what that means, that means that as more companies are trying to serve their employees that are mobile or customers who aren't part of their corporate network, they're moving more that communication in the cloud. Zscaler is making it possible for them to get the same quality of security on that communication in the cloud as they would get on-premise. Absolutely. If you look at some of the big business transformations that are happening, workloads for enterprises are moving to the cloud. For example, enterprises are adopting Office 365 instead of traditional exchange-based email and your desktop applications. They might be adopting Salesforce for CRM, NetSuite for finance, Box for storage. So as these workloads are moving to the cloud and employees are becoming more and more mobile, they might be at a coffee shop, they might be on an iPad, and they might be anywhere in the world. That begs the basic security question. Where should that enterprise DMZ, the security stack, be sitting? Back in the day, enterprises had a hub and spoke model. They might have 50 branch offices across the world, a few mobile workers, all of them came back over private networks to a central hub. And that hub was where racks and racks of security appliances were deployed. Maybe they started off with a firewall. Later on, they added a proxy, some URL filtering, some DLP, down the road, people realized that you need to inspect SSL. So they added some SSL offload devices. Someone said, hey, we need to do some sandboxing for behavioral analysis. So people started adding sandboxes. And so over time, the DMZ got cluttered and complicated. And fast forward to today, users have become mobile, workloads have moved to the cloud. So if I'm sitting in a San Francisco office on my laptop, trying to do my regular work, my email is in the cloud, my core applications are sitting in the cloud. Why should I have to VPN back to my headquarters in Cincinnati over a private network, incurring all the latency and the delays? Just so that I can get inspected by some legacy appliances that are sitting in that DMZ, right? So we looked at that network transformation and we started this journey at Zscaler eight years ago. And we said, look, if users are going to be mobile and workloads are going to be in the cloud, the entire security stack should be as close as possible to where the users are. In that example I described, I'm sitting here, I'm going to Salesforce, we're probably going to the same data center in San Francisco. Shouldn't my entire security stack be available right where I am? And my administrator should have full visibility, full control from a single pane of glass. I get a fast nimble user experience. The enterprise doesn't have to compromise on any security. And that's sort of the vision that we are executing towards. But it's not just for some of the newer applications or some of the newer workloads. We're also seeing businesses acknowledge that the least secure member of their community has an impact on overall security. So the whole concept of even the legacy has to become increasingly a part of this broad story. So if anybody accesses anything from anywhere through the cloud, that those other workloads increasingly going to have to come under the scrutiny of a cloud based security option. Absolutely, I mean, that's a brilliant point, Peter. Think of it this way. Despite all those security appliances that have been deployed over time, there are still security breaches happening. And why is that? That is because users are the weakest link, right? If I'm a mobile user, I'm sitting in a branch office, it's just painful for me to go back to those headquarter facilities just for additional scanning. So two things happen. Either I have a painful user experience or I bypass security, right? And more and more of the attacks that we see leverage the user as the weakest link. I send you a phishing email. It looks like it came from HR. It has a Excel sheet attached to it to update some information. But inside is lurking a macro, right? You open it, it is from a squatted domain that looks very similar to the company you work for. You click on it and your machine is infected. And then that leads to further malware being downloaded, data being ex-filtrated out. So the Zscaler solution is very, very simple conceptually. We want to sit between users and the destinations they go to all across the world. And we've built this network of 100 data centers. Why? Because you cannot travel faster than the speed of light. So if you're in San Francisco, you better go through our San Francisco facility. All your policies will show up here. All the latest and greatest security protections will be available. We serve 5,000 large enterprises. So if we discover a new security threat because of an employee from, let's say, a general electric, then someone from United Airlines automatically gets protection. Simply because the cloud is live all the time. You're not waiting for your security boxes to get the weekly patch updates for new malware indicators and so on, right? So you get your stack right where you are. It's always up to date. User experience is not compromised. Your security administrators get a global view of things. And one of the things that we haven't talked about here is the dramatic cost savings that this sort of network transformation brings for enterprises. To put that in perspective, let's say you're a fortune 100 organization with 100,000 employees worldwide. In that hub and spoke model, you are forcing all those workloads to come to a few choke points, right? That is coming over very expensive, MPLS circuits, private circuits from service providers. You're double tromboning traffic back and forth. You know, you and I are in a branch. We might be on a Skype session or a Google Hangout session. All our traffic goes to HQ, goes to the cloud, comes back to HQ, comes back to you, or this is too much back and forth and you're paying for those expensive circuits and getting a poor user experience. Wouldn't it be great if you and I could go straight to the internet and that can only be enabled if we can provide that pervasive security stack wherever you are. And for that, we've built this network of 100 data centers worldwide, always live, always up to date. You get routed to the closest Z-scaler facility. All your policies show up there automatically and you get the latest and greatest protection. So it seems as though you end up with three basic benefits. One is you get the cost benefit of being able to have, being able to leverage a broader network of talent and skills and resources. You reduce your risk, not the least of which is that the cost and the challenges of configuring a whole bunch of appliances has not gotten any easier over the last five, six years. And so not only do you have user error, but you also have administrator error. Absolutely. Benign, but nonetheless, it's there. And then finally, this is what I want to talk about. Increasingly, the cloud is acknowledged as the way that companies are going to improve their portfolio through digital assets. Absolutely. Which means new opportunities, new competition, new ways of improving customer experience, but security has become the function of no within a lot of organizations. Absolutely. So how does Z-scaler facilitate the introduction of new business capabilities that can attack these opportunities in a much more timely way? By reducing, or does it reduce some of those traditional security constraints? Absolutely, right? And we call it the department of no, right? We've talked to most people in the industry, they view their IT folks, their security folks as the department of no. Why? Because there's this big push from users to adopt newer, nimble, faster, cloud-based solutions that improve productivity, but often IT comes in the way. Now, if you look at what Z-scaler is doing, it's trying to transform the adoption of these cloud services that do improve business productivity. In fact, there is no debate now, because there are many, many industries that have adopted a cloud-first strategy. What that means is, as they think of their network and their security, they want to make sure that cloud is front and center. What Z-scaler does is it enables that cloud-first strategy without any security compromise. Now, I'll give you some specific examples. Eight out of 10 CIOs that we talk to are thinking about Office 365, or they have already deployed it, right? One of the first challenges that happens when you try to adopt Office 365 is that your legacy network and security infrastructure starts to crumble. Very simple things happen. You have your laptop. Suddenly, that laptop has many, many persistent SSL connections to the cloud, because exchanges move to the cloud. Your directory services are moving to the cloud. If you have a small branch office with 2,000 users, each of them having 30, 40 persistent connections to the cloud, well, your edge firewall chokes. Why? Because it cannot maintain so many active ports at the same time. We talked about the double tromboning of traffic back and forth if you try to not go direct to the internet, but force everyone to go through a couple of hubs. So you pay for all the excessive bandwidth. Your traditional network infrastructure and your security infrastructure might need forklift upgrades. So a cloud transformation project quickly becomes a network and a security transformation project. And this is where Z-scaler helps tremendously. Because we were born and bred in the cloud, many of these traditional limitations that you have with appliance-based security or networking in the traditional sense don't exist for Z-scaler, right? We can enable your branch offices to go directly to the cloud. In fact, we've started doing some very clever things. For example, we peer with Microsoft in about 20 sites worldwide. So what that means is when you come to Z-scaler for security, there's a very high likelihood that Microsoft has a presence in the same data center. We might be one or two or three millisecond hops away because we are in the same Equinix facility in New York or San Jose. And so not only are you getting your full security stack where you are, you're getting the super fast, peered connections to the end cloud services that you want to go to. You don't have to worry about your edge firewalls not keeping up, you don't have to worry about a massive 30, 40% increase in backhaul costs because you were now shipping all this extra traffic to those couple of hubs. And more importantly, you've adopted these transformative technologies and your users don't have to complain about how slow they are. Because most of the millennials hitting the workforce are used to a very fast, nimble experience on their mobile phones with consumer apps and then they come into the enterprise and they quickly realize that, well, this is all cumbersome and old and legacy stuff. And me. So let's talk a little bit about, let's talk a little bit about this notion of security being everywhere and increasingly as we move to a digital business or a digital orientation with digital assets being the basis for the value proposition. Which is certainly happening on a broad scale right now. It means that security, going back to the idea of security being the department of no, security has to move from an orientation of limiting access to appropriately sharing. Security becomes the basis for defining the digital brand. So talk to us a little bit about how you look out, how you see the role that you think security is going to be playing in ultimately defining this notion of digital brand, digital perimeters from a not a IT standpoint, but from a business value standpoint. Absolutely, I would love to talk about that. So at Zscaler, our cloud today sees about 30 billion transactions a day from about 5,000 enterprises. So we have a very, very good pulse on what is happening in large enterprises from a cloud app perspective or just what users are doing on the internet. So here are some of the things that we see. Number one, we see that about 50, 60% of the threats are coming inside SSL. So it's very important to inspect SSL. The second thing that we observe is without visibility, it is very difficult for your security guys to come up with a crisp policy. If you cannot see what is happening inside an SSL connection, how are you going to have a data leakage policy? Maybe your policy is no PII information should leak out, no source code should leak out. How can you make sure that an engineer is not dropping something in his folder that which is syncing to Google Drive or Dropbox in an SSL tunnel, right? How do you prioritize mission critical business applications like Office 365, over streaming media, right? So first step to crafting good policy is 100% real time visibility. And that's what happens when you adopt the Z-Scalar network. You can see what any user is doing anywhere in the world within seconds. And once you have that kind of visibility, you can start formulating policies, both security and otherwise, that strike a good balance between business productivity that you want to achieve without compromising security. And that's the policies. But then more than that, you can also enact decisions. Yes, right? So for example, you can have a more relaxed social media policy, right? You can say, well, everyone is allowed access but they can maybe streaming media is restricted to one hour a day, you know, after hours. Or you can say, I want to adopt storage applications in the cloud. Here are some sanctioned apps. These other apps we're not going to allow, right? You can do policies by users, by locations, by departments, right? And once you have the visibility, you can be very, very precise and say, well, Box is my sanctioned storage app. Other apps are not allowed, right? And here are the things that a particular group of users can do on Box or they cannot do because we're seeing every transaction between the user and going to the destination. And as a result, we can enable the enterprise administrator to come up with very, very specific policies that are tailored for their users. You said something really interesting. I'm going to ask you a more question but I'm going to make a comment here. And that comment is that the power of digital technology is that it can be configured and copied and changed and it's very mutable, it's very plastic. But at the end of the day, it has to be precise. And I've never heard anybody talk about the idea of precise security. And I think it's a very, very powerful concept. But what are, what's these scale are talking about at RSA this year? Well, we're going to talk about a bunch of very interesting things. First, we'll talk about Zscaler Private Access. This is a new offering on the Zscaler platform. We believe that VPNs have become irrelevant because of all the discussions we just had. Enterprises are treating their intranet as though it was the internet, right? Sort of a zero trust model. They're moving the crown jewel applications to either private cloud offerings or sort of restricting that in a very micro segmented way. And the question is, how do you access those applications, right? And the Zscaler model is a very straightforward. You have a pervasive cloud, users authenticate to the cloud and based on policies, we can allow them to go to the internet, to sites that have been sanctioned and allowed. We make sure nothing good is leaking out, nothing bad is coming in. And that same cloud model can be leveraged for private access to crown jewel applications that traditionally would have required a full blown VPN, right? And the difference between a VPN and Zscaler Private Access is VPNs basically give you full network access, sort of keys to the kingdom, right? Whether it's a contractor, whether it's an employee, just so that you could access a intranet application, you allow full network access and we're just kind of getting rid of that whole notion. That's one thing. We're going to showcase lots of cloud wide analytics. As I mentioned, we process 30 billion transactions a day to put that in perspective, Salesforce reports about four and a half to five billion transactions. There are about three and a half billion Google searches done daily, right? So it is truly at an internet scale. We're blocking over a hundred million threats every day for all our enterprise users. So we have a very good pulse on what's an average enterprise user doing? And you're going to see some interesting cloud wide analytics, just where we talk about, hey, what are the top prevalent cloud apps? What are the top threats by vertical, by geographies? And then as the platform has emerged, we started off as a sort of a proxy in the cloud and we've added sandboxing capabilities, firewall capabilities in our overall vision, as I said, is to be that entire security stack that sits in your inbound and outbound gateway in that DMZ as a pure service. So everything from firewall at layer three to a proxy at layer seven, everything from inline AV scanning to full sandboxing, everything from DLP to cloud application control, right? And all of that is possible because we have this very scalable architecture that allows you to do sort of a single scan multiple action in that appliance model that I described. What ends up happening is that you have many bumps in the wire, right? One of the examples we use is if you wanted to build a utility company, you don't start off with small portable generators and stack them in a warehouse, right? That's inefficient. It requires individual maintenance. It doesn't scale properly. Imagine if you build a turbine and then started your utility company, you can scale better, you can do things that traditional appliance vendors cannot think about. So we build this scalable elastic security platform and on that platform, it's very easy for us to add, you know, here's a firewall, here's a sandbox and what does it mean for end users? You know, you don't need to deploy new boxes. You just go and say, I want to add sandboxing capabilities or I want to add private access or I want to add DLP. And it is as simple as enabling a SKU, which is what a cloud service offering should be. Right, so we're- No hardware, no software, pure software. So we're talking about lower cost, less likelihood of human error, which improves the quality of security, greater plasticity and ultimately a better experience especially for your non-employees. Absolutely. All right, so we are closing up this particular, Amit, I want to thank you very much for coming down to our Palo Alto studio as part of our RSA coverage. I'm Peter Burris and we've been talking to Zscaler Amit Sinha, thank you very much and back to the Q.