 from our studios in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. Hello and welcome to the CUBE Studios in Palo Alto, California for another CUBE Conversation where we go in depth with thought leaders driving innovation across the tech industry. I'm today's host, Peter Burris. Every business is talking about cloud transformation as a consequence of their effort to do a better job with digital business transformation. Cloud transformation too often is associated with just thinking about moving applications and data to some as yet undefined location. Whatever approach enterprises take, they will absolutely have to touch upon a couple of crucial steps along the way. At the center of those steps will be how do we think about the network transformation is going to be required to achieve and attain our cloud objectives. How do we do it? Well, I have that conversation. We're here today with Jay Chondry who's the CEO of Zscaler. Jay, welcome to the CUBE, welcome back to the CUBE. Thank you. So before we get into this very important conversation, give us an update on Zscaler. So Zscaler was designed as a cloud security platform for the world of cloud and mobility. When applications that are in the cloud users are everywhere, they're traditional security that builds a castle and moat model no longer works. So I started with Clean Slate 11 years ago to start this company. Today some of the largest companies in the world are protected by Zscaler. We went public last year on Nasdaq. The sales have done very well. Our customers are very happy, our employees are very happy. So we are having fun building this lasting company and making cloud and internet a safe place to do business. That's great. Now let's talk about that because you're talking to a lot of customers about making the internet a safe place to do business. What are you encountering as you discuss their challenges? So with the mobility, with the desire to do digital transformation, CIOs and CDOs and CSOs are trying to figure out how do I get there? The biggest thing that's holding the back is security. It's a new thing for them. If my data is sitting in the cloud somewhere who is protecting it, how do my users access it while the bad guys don't? So security ends up being at the center of the whole discussion. In fact, a few years ago, CSOs would talk to me and say, security is not getting enough attention. It's being ignored. Now the same CSOs are complaining a little bit that I'm being asked to present to the board every quarter. So it's a good thing. But the CSOs have a challenge of figuring out what solutions work for the cloud, what do not. Because quite often when the market changes, the encampments, the legacy vendors kind of whitewash the solutions overnight and everyone becomes a cloud security provider. We get a lot of marketing responses. I think one of the centerpieces of this whole thing is digital business really places an emphasis on the value of data as an asset. And how it changes the way you engage your customers, how it changes the way you think about operations, how it impacts the way you govern the overall business. When data emerges as the asset, we move away from a focus, especially the security world, from securing devices to securing the new classes of data. Is that kind of solution direction that you're seeing companies taking, is how do I think about up-leveling beyond perimeter to actually building security embedded deep within my workings? You're right. To really understand how security came about, early on it used to be, I protect my device with antivirus software. Then we built networks and we expected users to be on the network and applications and data to be sitting in my data center on my network. So the easiest way to secure your enterprise was to secure the network by building a motor on your data center. That's why we call it network security, securing your network. It made sense for years. But now, with applications sitting in Azure, AWS, Office 365, Workday and the like, and your users being everywhere at airport, coffee shops, at home and wherever, how do you protect the network? The users aren't even on your network and applications aren't even on your network. So notion of network security is becoming irrelevant. At the end of the day, the sole purpose of IT is that a user should be able to access an application, no matter where the application is and no matter where the user is. So hold this network and security and all are a byproduct of that. So when I started Zscaler, I said, what needs to be protected? Data. Where does data? Data is generally sitting with the application behind the application. So rather than building this mode, rather than doing this network security, rather than trying to build an appliance and try to move it to the cloud, let's, they could look at it totally differently. Assume that we need a policy engine, a business policy engine that sits in hundreds of locations around the globe. A user connects to the policy engine. The policy engine looks and says, should this user have access to this application or not? Based on that, we connect a user to an application, internal or external, no matter where the user is coming from. So that's the approach that's needed. And that's the approach Zscaler pioneered. And that's why the biggest of the big companies from GE to Siemens to DHL, they all are becoming Zscaler customers. So we are helping them transform from this old world where network is a hub and spoke network, security is this castle and mode to the new world where a user can go directly to the application over any network. And network is important. It's an important transport, but it doesn't need to be secure. Security is about securing the right user to a right application irrespective of the location of the user or the application. So I want to build on this because what a lot of companies are starting to recognize is that they want to get their application and the services provided by the application and the data proximate to the commercial activity that generates, that pays the rent, so to speak. And that means an increasing distribution of function often. So the notion of the cloud is a place where we're going to centralize things is giving way to a notion of the cloud as a technique for further distributing. And that means ultimately that the services that we're going to provide have to have security embedded in them in policy so that the data, the security, and all those services are moving to where they're required. Yes, so in my view, cloud was never meant to say things must be centralized. Actually the data centers were highly centralized. The cloud notion should be it's a responsibility of the cloud provider to make sure that data and application can be pushed where they need to be. So when Microsoft is offering Office 365, your emails aren't sitting at one place. It's Microsoft's job to make sure if your employees are in Singapore, some of these things move to Singapore so you can have faster access to it. So that's the application side of it or the data side of it. A company like Zscaler, we sit between the user and the application as a check post. In fact, think of us as an international airport. When you go in and out, you need to make sure that the person is authorized to do so and isn't carrying any guns and weapons that could cause damage to somebody out there. So a user going to Salesforce or a user going to Office 365 or a user going to application in Azure. They simply connect with us. The business decides, defines a policy. Says this person is okay to go here. And based on that, we are connecting those people securely. Now, if you're in London, you want to go through Zscaler's check post in London. If you're in Tokyo, you want to go through a check post in Tokyo because you want the shortest path. The old approach where we built a hub and spoke network, you brought people back to the data center. Back to the hub. To a hub, to go out. It's very painful. Imagine flying from San Fran to Chicago via Houston. It's very painful. And that's what gets done in the old world of security appliances because you can build only so many modes. And that's what Zscaler is making redundant or irrelevant. So with a hundred plus locations around the globe, with multi-tenant technology, you fly to Paris tomorrow as soon as you connect to the internet from your hotel or the airport, we automatically redirect your traffic through our Paris data center. Your policy and security magically shows up, gets enforced, you're getting localized content, you're getting amazing response time without having to do anything. You're getting the same services that you'd get anywhere else because it's policy-driven with a common infrastructure for ensuring that the issue of distribution is not the determining consideration. So it is the heavy lifting we did to make sure your policy can automatically show up where it is. And to do that, you had to build some serious technology. The old technology was, policy needs to be pushed once in a while. Let's do a batch push. That's what traditional security appliances like firewalls do. The single tenant. We came with a concept policy on demand per user. It works beautifully. And then logs. Any time you go through any check post, the logs are created. Just like when I go in a building, they have me sign that say, J went to see Peter at this time. Same kind of logs are created, and they must be secured. So you may be going to our 50 data centers. But your logs are created in 50 locations, but in line, in real time, without ever writing the disk locally, they get sent to one central logging cluster. And they're available within seconds. That's really an example of a purpose-built security cloud as compared to what we're calling imitation clouds, where people take a stack of appliances, stick them as virtual machines in Google or AWS cloud, and they become a cloud service. I was talking to a customer the other day. He said, hey, here was a network security vendor making the pitch. And he said, I thought of it as if someone is trying to build a Netflix service using a bunch of DVD appliances. All right, so to do security right, one has to build it for the world of cloud. It's multi-tenant, it's distributed. And we've seen it before. Think of Salesforce.com, single workday. These were young companies a few years ago. My Siebel used to dominate CRM. People used to dominate HR. What happened to them? Well, the world moved to this cloud, world moved to SaaS service. And these companies tried to use that legacy technology, tried to move to the cloud. It just doesn't work. And that's why all these investors and customers love ZSkillers platform. We like to call it born in the cloud for the cloud platform. So you've got, one of the things you didn't mention is that when you're not doing that huge amount of backhaul traffic, your costs are going to go down pretty dramatically. So if I kind of summarize what you've talked about, we're going to go through, we're in the midst of a cloud transformation, we have to rethink applications in the context of improved security, bake it right in, which is going to lead to a rethinking of network, and then finally a rethinking of security. That's correct. When your network changes from hub and spoke to direct to cloud, you can't have a direct path without security. So it drives security transformation. So that's where a security platform like ZSkiller comes in. So your traffic from any of your, say, X100 branches, or from your mobile device, or from your laptop, it simply goes through ZSkiller to get the same policy, same protection. So ZSkiller gets viewed as an enabler of cloud transformation because without us, you can't transform the network and then security has to be done right. Right. So you've had a lot of conversations with customers. Give us some sense of what kinds of, how it's changing the way they work, how it's changing their operations, how it's changing their cost profiles. You know, three, four, five years ago, we had to do a fair amount of evangelism, but when you're the pioneers, you expect to do that. Like three years ago, three CIOs will tell me, I like cloud, I'm moving in that direction. Three will say, I'm thinking about it. And remaining four will say, hmm, I don't think cloud will happen today. All of them want to embrace cloud because they've seen the benefits of it. It's making business more agile, more comparative. Now they're figuring out how do we do security right? How do I do this transformation without, if I may say, messing it up? And that's where it all starts with thought leader visionary customers. When I saw G.E.'s Larry Bighini, a global CTO, global CISO, driving cloud eight, nine years ago, seeing Siemens saying, I need to make my business more comparative. And these are the type of leaders who actually help drive adoption because when they do this stuff, others follow it. Yeah, their ecosystem responds. Exactly, exactly. Jay Chaudry talking about cloud transformation and the crucial role that security is going to play in that transformation. Thanks very much for being on theCUBE. You're welcome, thank you. I appreciate the opportunity. And once again, we've been speaking with Jay Chaudry, who is the CEO of Zscaler. Thanks for joining us for another CUBE Conversation. I'm Peter Burris, see you next time.