 Hello, and welcome to theCUBE Studios in Palo Alto, California for another CUBE Conversation where we go in-depth with thought leaders driving innovation across the tech industry. I'm your host, Peter Burris. Every enterprise is responding to the opportunities of cloud with significant changes in people, process, how they think about technology, how they're going to align technology overall with their business and with their business strategies. Now, those changes are affecting virtually every aspect of business, but especially every aspect of technology, especially security. So what does it mean to envision a world in which significant new classes of services are being provided through cloud mechanisms and modes, but you retain and in fact even enhance the quality of security that your enterprise can utilize. To have that conversation, we're joined today by a great guest. Amit Sinha is the president and CTO at Zscaler. Amit, welcome back to theCUBE. Thank you, Peter. It's a pleasure to be here. So before we get into it, what's new at Zscaler? Well, at Zscaler, our mission is to make the internet and cloud a secure place for businesses. And as I engage with our global 2000 customers and prospects, they are going through some of the digital transformation challenges that you just alluded to. Specifically for security, what is happening is that they had a lot of applications that were sitting in a data center or in their headquarters and that center of gravity is now moving to the cloud. They've probably adopted Office 365 and Box and Salesforce and these applications have moved out. Now, in addition, their users are everywhere. They're accessing those services, not just from offices, but also from their mobile devices and home. So if your users have left the building and your applications are no longer sitting in your data center, that begs that question, where should the security stack be? It cannot be your legacy security appliances that sat in your DMZ and your IT closets. So that's the challenge that we see out there and Zscaler is helping these large global organizations transform their security and network for a more mobile and a cloud-first world. And a distributed world. So let me make sure I got this right. So basically, because I think I totally agree with you, but just to test it, that many regarded the cloud as a centralization strategy. What we'll really see happening is we're seeing enterprises more distribute their data, more distribute their processing, but they have not updated how they think about security. So the presumption is, yeah, we're going to put more processing data out closer to the action, but we're going to backhaul a whole bunch of stuff back to our security model. And what I hear you saying is no, you need to push those security services out to where the data is, out to where the process, out to where the user is. Have I got that right? You have nailed it, right? Think of it this way. If I'm a large global 2000 organization, I might have thousands of branches. All of those branches traditionally have used a hub and spoke network model. I might have a branch here in Palo Alto, but my headquarters is in New York. So now I have an MPLS circuit connecting this branch to New York. If my exchange server and applications and SAP systems are all there, then that hub and spoke model made sense. I'm in this office. I connect to those applications and all my security stack is also there. But fast forward to today, all of those applications are moving and they're not just in one cloud. You might have adopted salesforce.com for CRM. You might have adopted Workday. You might have adopted Office 365. So these are SaaS services. Now if I'm sitting here in Palo Alto and if I have to access my email, it makes absolutely no sense for me to VPN back to New York, only to exit to the internet right there. What users want is a fast, nimble user experience without security coming in the way. What organizations want is no compromise in their security stack. So what you really need is a security stack that follows the user wherever they are. And the data. And the data. So my data, Microsoft has a front door service here in Redwood City. And if you are a user here and I'm trying to access that, I should be able to go straight with my entire security stack right next to it. That's what Gardner is calling Sassy these days. Well, let's get into that in a second. But it almost sounds as though what you're suggesting is that the enterprise needs to look at security as a SaaS service itself. 100%. If your users are everywhere and if your applications are in the cloud, your security better be delivered as a consistent as a service right next to where the users are and hopefully co-located in the same data centers where the applications are present. So the only way to have a pervasive security model is to have it delivered in the cloud, which is what Zscaler has been doing from day one. Now, a little spoiler alert for everybody. Look, Zscaler's been talking about this for 10 plus years. So where are we today in the marketplace starting to recognize and acknowledge this transformation in the basic security architecture and platform that we're going through? So I'm very excited to see that the market is really adopting what Zscaler has been talking about for over a decade. In fact, recently Gartner released a paper titled Sassy. It stands for Secure Access Service Edge and there are I believe four principal tenants of Sassy. The first one, of course, is that compute and security services have to be right at the edge. And we talked about that. It made, it makes sense. But where the service is being delivered? You can't backhaul traffic to your data center or you can't backhaul traffic to Google's central data center somewhere. You need to have compute capabilities with things like SSL interception and all the security services running right at the edge, connecting users to applications in the shortest path. So that's sort of principle number one of Sassy. The second principle that Gartner talks about, which again has been fundamental to Zscaler's DNA, is to keep your devices and your branch offices light. Don't shove too much complexity from a security perspective on the user devices and your branches. Keep it simple. Or the people running those user devices in the branch. Yeah, so keep your branch offices like a light router that forwards traffic to the cloud where the heavy lifting is done. The third principle they talk about is to deliver modern security. You need to have a proxy-based architecture. And essentially what a proxy architecture allows you to do is to look at content. Gone are the days where you could just say, stop a website called evil.com and allow a website good.com. It's not like that anymore. You have to look at content. You might get malware from a Google Drive link. You can't block Google now. So looking at SSL encrypted content is needed and firewalls just can't do it. You have to have a proxy architecture that can decrypt SSL connections, look at content, provide malware services, provide policy-based access control services, et cetera. And that's kind of the third principle. And finally what Gartner talks about is sassy has to be cloud-native. It has to be sort of born and bred in the cloud, a true multi-tenant cloud-first architecture. You can't take sort of legacy security appliances and shove it in third-party infrastructure like AWS and GCP and deliver a cloud service. And the example I use often is just because you had a great Blu-ray player or a DVD player in your home theater, you can't take 100,000 of these and shove it into AWS and become a Netflix. You really need to build that service from the ground up in a multi-tenant fashion. And that's what we've done for security as a service through the cloud. So we are now, the market seems to be kind of converging on some of the principles that Zscar has been talking about for quite some time. When we think about 2020, how do you anticipate enterprises are going to respond as a consequence of this convergence in acknowledging that the value proposition and the need are starting to come together? Absolutely, and I think that we see the momentum picking up in the market. We have lots of conversations with CIOs who are going through this digital transformation journey. Transformation is hard. There's immune response in big organizations to change. Not much has changed from a security and network architecture perspective in the last two decades. But we're seeing more and more of that. In fact, over 400 of global 2000 organizations are 100% deployed on Zscaler. And so that momentum is picking up and we see a lot of traction with other prospects who are beginning to see the light, as we say it. Well, as you start to imagine the relationship between security and data, one of the things that I find interesting is many respects to cloud, especially as it becomes more distributed, is becoming better acknowledged almost as a network of services as opposed to, well, AWS is a data center here and that makes it a cloud data center. It really is this network of services which is going to happen from a lot of different places, big cloud service providers, your own enterprise, partners providing services to you. How does the relationship between Zscaler and kind of an openness going to come together so that you can provide services from a foreign enterprise to the enterprises, partners, customers, and others that the enterprise needs to work with? That's a great question, Peter. And I think one of the most important things I tell our customers and prospects is that if you look at a cloud-delivered security architecture, it better embrace some of the sassy principles. One of the first things we did when we built the Zscaler platform was to distribute it across 150 data centers. And why did we do that? We did that because when a user is going to destinations, they need to be able to access any destination. The destination could be on Azure, could be on AWS, could be Salesforce. So by definition, it has to be carrier-neutral, it has to be cloud-neutral. I can't build a service that is designed for all internet traffic in a GCP or AWS, right? So how did we do that? We went and looked at what are the world's best co-location facilities that provide maximum connectivity options in any given region? So in North America, we might be in an Equinix facility and we might use tier one ISPs like GTT and Zail that provide excellent connectivity to our customers and the destinations they want to visit. When you go to China, there's no GCP there, right? So we work with China Unicom and China Telecom. When we are in India, we might work with an Airtel or a SIFI. When we are in Australia, we might be working with Telstra. So we work with world-class tier one ISPs in best data centers that provide maximum connectivity options. We invested heavily in internet exchange connectivity. Why? Because once you come to Zscaler, you've solved the physics problem by building the data center close to you. The next thing is you want to quickly go to your application. You don't want security to be in the way of application access. So with internet exchange connectivity, we have peered in a settlement freeway over BGP with Microsoft, with Akamai, with Apple, with Yahoo. So we can quickly get you to the content while delivering the full security stack. So we had to really take no shortcuts. Back to your point of the world is very diverse and you cannot operate in a walled garden of one provider anymore. And if you really build a cloud platform that is embracing some of the sassy principles we talked about, you have to do it the hard way by building this one data center at a time. Well, you don't want your service to fall down because you didn't put the partnerships in place and harden them as much as you've hardened some of the other traffic. So as we think about kind of where this goes, what do you envision Zscaler's kind of big customer story is going to be in 2020 and beyond? It's obviously, the service is going to be everywhere, change where you think about security. But how, for example, is the relationship between the definition of the edge and the definition of the secure service going to co-evolve? Are people going to think about the edge differently as they start to think more in terms of a secure edge or where the data resides in the secure data? What do you think? I mean, let's start off with five years and go back, right? Work our way back. Well, five years from now, hopefully everyone is on a 5G phone with blazing fast internet connections on devices that you love. Your applications are everywhere. So now think of it from an IT perspective. You know, my span of control is becoming thinner and thinner, right? My users are on devices that I barely control. My network is the internet that I really don't control. My applications have moved to the cloud or either hosted in third-party infrastructure or run as a SaaS application, which I really don't control. Now in this world, how do I provide security? How do I provide user experience? Imagine if you're the CIO and your job is to make all of this work. Where will you start, right? So those are some of the big problems that we are helping our customers with. Well, let me ask you a question because here's where I was going with the question. I would start with, if I can't control all these things, I'm going to apply my notion of security and say I am going to control that, which is within my security boundary, not at a perimeter level, not at a device level, but at a service level. Absolutely. That's really the crux of the Zscaler platform service. We build this zero trust architecture. Our goal is to allow users to quickly come to Zscaler and Zscaler becomes the policy engine that is securely connecting them to all the cloud services that they want to go to. Now in addition, we also allow the same users to connect to internal applications that might have required a traditional VPN. Now think of it this way, Peter. When you connect to Google today, do you VPN to Google's network to access Gmail? No. Why should you have to VPN to access an internal application? I mean, you get a link on your mobile phone, you click on it and it didn't work because it required a separate form of network access. So with Zscaler internet access and Zscaler private access, we are delivering a beautiful service that works across 150 data centers. Users connect to the service and the service becomes a policy engine that is securely connecting you to the destinations that you want. Now in addition, you asked about what's going to happen in a couple of years. The same service can be extended for partners. I'm a business. I have hundreds of partners who want to connect to me. Why should I allow legacy VPN access or private circuits that expose me? I don't even know who's on the other end of the line. They come onto my network and you hear about the target breaches because some HVAC contractor had unrestricted access. You hear about the Airbus breach because another contractor had access. So how do we build a true zero trust cloud platform that is securely allowing users, whether it's your employees, to connect to named applications that they should or your partners that need access to certain applications without putting them on the network or decoupling application access from network access. And there's one final important linchpin in this whole thing. Remember we talked about how powerless organizations feel in this distributed model. Now imagine, your job is to also ensure that people are having a good user experience. How will you do that? And what Z-Skiller is trying to do now is we've been very successful in providing the secure and policy-based connectivity. And our customers are asking us, hey, you're sitting in between all of this. You have visibility into what's happening on the user's device. Clearly you're sitting in the middle, in the cloud and you see what's happening on the left-hand side and what's happening on the right-hand side. You have the cloud effect. You can see there's a problem going on with Microsoft's network in the China region. Correlate all of that information and give me proactive intelligence around user experience. And that's what we launched recently at Zenit Live. We call it Z-Skiller digital experience. So overall, the goal of the platform is to securely connect users and entities that to named applications with zero trust principles. We never want security and user experience to be orthogonal requirements. That's just traditionally been the case. And we want to provide great user experience and visibility to our customers who've started adopting this platform. That's a great story. It's a great story. So once again, I want to thank you very much for coming in. Amit Sinha, who's the president and CTO at Z-Skiller, focusing a lot on the R&D types of things that Z-Skiller is doing. Thanks again for being on theCUBE. It's my pleasure, Peter. Always enjoy talking to you. And thanks for joining us for another CUBE conversation. I'm Peter Burris. See you next time.