If you were talking to someone whose organization is considering Zscaler Internet Access, what would you say?
How would you rate it and why? Any other tips or advice?
Zscaler is a great solution. We have a very good representative here in Honduras and it was easy to set up. It's a very strong solution with the cloud infrastructure that meets our needs and most of the needs of our users. We are very happy with the solution.
Make use of the Zscaler Client Connector as much as you can, with all of the functionality that comes with it. Also, do not allow the users to disable the Zscaler Client Connector, because then you don't know if traffic is actually going through Zscaler or not. If it's always on, you know that if something is not working, it's your policies that are doing something to the traffic. We used to make it possible for a user to disable the Zscaler Client Connector, which then made it impossible for us, as the team that troubleshoots problems, to know if the traffic was actually going through Zscaler or not. If you don't have that control, you don't know where the problem is. Now, at least we know that it's either on the client or it's on Zscaler or it's on the destination that they're trying to reach. As for saving time with this system versus deploying and managing traditional network security hardware, it depends on how you build your management of the solution. We have opted for a solution where we manage everything centrally. We have one IT team that manages all of the Zscaler Internet Access policies and settings. But there is an option, and it's one of the strengths of Zscaler, to delegate control of parts or all of the solution to other teams. For instance, you could have URL Filtering policies that are managed by a local IT team in a given country. We don't do that. We manage everything from one team and we control everything, for our whole organization, from this management platform. We control the forwarding policies, the application access policies, the URL Filtering policies—pretty much everything.
Overall, it is a secure platform. I actually interviewed with Zscaler to work with them because I have been impressed with their technology overall, especially over Palo Alto Networks technology who is their competitor and has a SaaS solution as well. From the top to bottom, Zscaler Internet Access is a great security product that protects my end users and remote users in the cloud. If you want total cost of ownership and zero-trust architecture, Zscaler is the right solution to fit the needs of any environment. I would rate the solution as 10 out of 10.
In summary, this is a good product and I completely recommend it. I would rate this solution a nine out of ten.
We're just a customer. I would recommend other users also have a glance at other solutions. Options like Prisma Access by Palo Alto or Check Point may be ideal, depending on the needs of the business. Zscaler seems easy to understand and easy to use, however, there is probably some room for improvements. At my former company, we were using Check Point. This was also pretty good. Zscaler seems more modern, however, I'm referencing an experience from some 10 years ago. Overall, I would rate the solution seven out of ten.
I'm currently consulting clients, and have worked with this solution extensively in the past. Most of my clients are moving from a private cloud to a hybrid cloud deployment model. The way Zscaler has shaped their product is very good. Now they need to expand the coverage and to have a more global service. For mid-players and sometimes top-players, multiplying the numbers of providers to build an integrated solution is a complex endeavor. If Zscaler expanded their services, that would remove some complexity, I would rate the solution seven out of ten.
With MSS service providers, they prefer to have an on-prem OPEX-based deployment model. Like telecom providers or data center service providers, they buy the service and roll it out to customers or sell it to their own customers for a monthly fee. We have a mix of clients who prefer to have private clouds and hybrid models. There is competition, with, for example, iboss and Fortinet in the region. iboss is hardware-free but the company is young and still growing. It's not there yet. Zscaler, however, the way they have matured the market and have become a mature model, makes them preferred over other vendors or other brands. In terms of implementing Zscaler, it's quite straightforward, but even having a straightforward technology like Zscaler requires a consultative approach of which are the critical areas where the service needs to be deployed first. That needs to be studied as per the cybersecurity guidelines so that the right protocols are implemented. I would rate the solution seven out of ten. They still have some features to integrate. The solution is still evolving.
We use the ZIA Business Suite, a version of Zscaler Internet Access. We use the public cloud deployment model. The solution is very straightforward. That's what we like about the cloud - all the capabilities that are there, and that are available immediately. There are things customers really have to have before they integrate the Zscaler. They need to understand ADFS and have it integrated properly into their own network. As long as the customers that you work with do the work required of them before integrating Zscaler, then it's seamless. The problems we encounter happen when customers don't get to the point they need to in order to take it on as a product. I would rate the solution nine out of ten.
Check if a product like this makes sense for you. And look at the specifics: what you need in terms of security and what features you would like to have in it. Zscaler is one solution. It's a good solution, but it doesn't do everything. First of all, analyze a few solutions and make a demo. Without a demo, I do not recommend moving forward, because any security solution comes with a price. There is also the financial price, to know if that is okay for your company. Usually Zscaler works best for companies that have users that do not stay in an office. They have road warriors. I would recommend it for companies that have a lot of users moving from here to there. I would rate Zscaler as eight out of ten. It's not an ideal solution, one of the things is that I do not have my IP fully inside it. For example, you have countries where they don't have a lot of presence and then sometimes they go to another country where they have a presence or data center. When you come back to the other country, and you have to open a fiber, it can be geographically restrictive. I find my country and am going through by neighborhood. When I come back to my country, I cannot see it because I'm geographically restricted. I'm not part of that country, so that's one reason Zscaler isn't ideal.
It was also one of four other products I believe but the Zscaler I can say that for bandwidth control, it is good, so we are not using at the moment data loss prevention feature so I cannot comment on that, but I believe, when you use Zscaler, you are not protected from all malware and malicious attacks, so you may need another tool just to cover these gaps. Zscaler is not enough for advanced protection. You need an additional tool. Bandwidth control, reporting, and visibility are good but the cloud-based and the advanced protection aren't so great so I would give it a six out of ten.
My advice to other users would be to determine if the reporting meets their requirements. They should get their whitelists, blacklists, groups and active directory set up properly before trying to implement it because it has a very strong integration with the active directory. Therefore, if you have your active directory well set up, you can classify your users and create groups as to who can go where and who can do what on the internet. If I have to rate this product, I will give it a nine out of ten - simply because I never give anything a ten.
Pay attention to the Zscaler recommended best practices. Don't try to figure it out on your own. Go with what they say to do. I would rate it an eight out of ten.
The solution's great, but you have to put it into context because of the pricing and the way it basically protects the device from anywhere. It is really more meant from highly distributed organizations, for organizations that have a lot of work from home and those with road warrior workers. That's what it is designed for.
Which is better and why?
Let the community know what you think. Share your opinions now!