What is our primary use case?
There's a different mechanism and modules. For example, ZIA is primarily for internet access from the user's side. We can forward the traffic using the ZIA client connector agent installed on user machines like laptops and desktops.
Users can log in using their credentials and even use single sign-on. Once logged in, their traffic is forwarded to the Zscaler cloud.
Based on the user profile, we can define policies on what type of content they can access, like streaming or specific file types. It provides data protection as well.
Alternatively, there's another configuration. If we can't install an agent, we can forward traffic using a PAC file URL to Zscaler servers.
What is most valuable?
With Zscaler, there are various modules like ZIA, private access, and digital exchange. All focus on internet access, but there's a concept where all traffic is forwarded using the Zscaler agent.
Previously, they used a different portal where traffic from tools like Jira and FortiGate was allowed. The issue was that third-party applications weren't always supported. We had to configure them manually, and often we had to forward traffic to the Zscaler Cloud.
What needs improvement?
On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement.
Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.
For how long have I used the solution?
I have been using it for the last three years.
What do I think about the stability of the solution?
If I had to provide a rating between one to ten, I'd give it a seven out of ten. Some areas need improvement, like classification understanding, general and fingerprinting. Some classifications aren't adequately addressed by the DLP rules they provide.
What do I think about the scalability of the solution?
How are customer service and support?
The customer service and support are very good because we have dedicated team support on that and a dedicated customer success manager also. If the technical team doesn't resolve within the alert timing, I can escalate, and they assign a senior person to the call.
Which solution did I use previously and why did I switch?
The current era is moving towards having a single agent manage everything. We can set up the SAP. Previously, we were using the proxy solution. This is on-prem and very hectic to manage. And policy synchronization was also a challenge.
Zscaler is a SaaS-based solution, making it easy for users from any location to connect. It's very easy to use with minimal operational challenges. Not just Zscaler, but other SaaS solutions like NetScope and Palo Alto as well.
How was the initial setup?
As for the DLP, there's a web-based version and a hosted ERP version. I haven't tested the OS DLP capabilities yet, but the web-based version is in line.
What about the implementation team?
There are around 50,000 end users in our organization. In my organization, I'm part of the COE group, Centralope Accelerate, and I'm in charge of projects, implementations, and escalated support issues.
I have three team members under me at a proxy level, and then there are about ten people at level one. They handle basic troubleshooting, and if they can't resolve issues, they escalate to level two or even to me.
What was our ROI?
When I look back two or three years, I feel it's worth it. The product has been good for our infrastructure and has positively changed our user experience.
However, in the current scenario, we need to think more strategically and consider integrating other services like private access, DLP, CASB, etc.
What's my experience with pricing, setup cost, and licensing?
It's expensive currently. But when purchasing for a large number of users, there's room to negotiate. It's really up to the procurement team.
From my experience, it's a pricey product, but with a larger user count, there's flexibility in the pricing.
What other advice do I have?
If your requirements are at an intermediate level and you need to access DMC, then I would recommend this solution. If you require more detailed data classification, you might want to consider Netscope as they provide very granular classification. However, it really depends on the company's needs and requirements.
Overall, I would rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.