What is most valuable?
I like its ease of use. It has a single pane of glass for the ZIA and ZPA pieces. It is very manageable.
It is also very easy to deploy for secure access, and it gives half-decent coverage for visibility in terms of what the users use and what data is being proxied through the access gateway.
What needs improvement?
It has massive room for improvement. The Zscaler product itself is okay, but it doesn't give enough granularity for us as an organization to stipulate rules or processes, especially for data-driven services. For instance, we can stick on SSL inspection, but it's just a click box. It doesn't allow us to go any further into the detail of the SSL inspection. We also can't pull it out without having an additional logging server. It just doesn't give us enough granularity.
They should give us more control over the interfaces because it is all backend. They weren't very open to discussing their backend architecture with us in terms of their own data centers. They can maybe a little bit more open about what components are there and how the backend infrastructure works alongside Zscaler.
Its licensing can be better. Some of the additional licensing costs are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it.
Their support should also be improved. I initially had a consultant from Zscaler for its deployment, but the support that I had throughout the deployment of the project wasn't the best.
Which solution did I use previously and why did I switch?
We weren't using any other solution.
How was the initial setup?
It is very easy. There were some constraints trying to deploy the access gateway and the endpoint client to some of our regions due to processes being blocked. They gave a list of processes that need to be allowed through ADM endpoints and our sort of antivirus products so that they're not scanned, and they're allowed through to function. However, I had some issues in following the guide and trying to get them initially deployed and allowed through. The firewall has to be off regardless of whether the port allocations were opened or not, but this could potentially be a regional issue. Other than that, the deployment was very easy.
What about the implementation team?
I went through a subsidiary company of Zscaler. I initially had a consultant from Zscaler themselves, but the support that I had throughout the deployment of the project wasn't the best. They were very much technical sales as opposed to technical consultants. I myself had to work through and resolve a lot of issues that I faced during the deployment and setup.
What's my experience with pricing, setup cost, and licensing?
It has been relatively reasonable for what it does. Some of the additional license costs based on the advanced next-generation firewall functions are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. Overall, the cost seems reasonable.
What other advice do I have?
What I would say is that try it, test it, and ensure that it sort of meets the company requirements. We were lucky enough to go through an extensive trial period. Zscaler, unfortunately, only allows a two-week trial regardless of where you are with the setup. They only give you coverage for a very basic setup. You have very limited time for trying anything further or trying the product as if it was in the production environment. Therefore, I would advise scoping out what you want and how you want to achieve it as quickly as possible. After that, you can really hammer home when you go through the initial deployment to ensure that it works and meets all the requirements.
We are now looking at Cisco Umbrella. We are a Cisco house predominantly, and Cisco Umbrella just interlinks with our VPN solution and our overall architecture. We're looking to migrate to a Meraki SD-WAN fabric because it allows us to just use that network overlay underneath the secure access edge and just incorporate it into what we already have.
I would rate Zscaler SASE a seven out of ten.