Zscaler Cloud DLP needs to improve its compatibility with other security tools. Right now, it mainly works well with Microsoft Defender but lacks support for many other antivirus and performance management solutions. Also, it takes a long time to add new features based on customer feedback. This limited compatibility could be a problem for organizations using various antivirus software.

As of now, no improvements are required in the solution. Though not an improvement from a product perspective, there is no documentation related to Zscaler Cloud DLP on the internet. You won't find anything that can help you with the configuration part and other areas related to the product if you search for proper or exact details of Zscaler Cloud DLP online in very easy language. In short, you can't find any documentation about the product which is exactly arranged in a proper manner. Availability of knowledge related to the product is not there in the public domain.

Zscaler will protect PII for all users regardless of their geolocations as well it will simplify compliance requirement's by eliminating complexity of legacy systems and securing your cloud data across all channels data in motion, at rest,
and across endpoints and clouds.

On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement.

Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.

We have some limitations while checking logs. The product must allow users to check logs for an entire year in the local console. Currently, we can check logs only for the previous three to four months.

Forcepoint provides multiple services separately, but Zscaler does not provide separate DLP. It will be good if Zscaler provides the DLP module separately.

The customers would benefit from more robust documentation and conversations around configurations, as it is slightly complex. Also, there should be an option for acquiring DLP as a standalone product rather than bundling it with packages, as this would provide more flexibility for customers who only need specific features. They should also provide more reviews and guidance on selecting the best-rated engines and dictionaries, as well as facilitating reporting for DLP violations and integrations with other cloud storage solutions. 

The product has limited features. We only have the option to monitor URLs and HTTPS logs. The tool must provide IP-blocking features.

There is room for improvement in detection. From the detection perspective, like, how it detects the violations.

Another area of improvement is implementation through non-client connectors. The solution can be implemented in two ways. One uses the back file; the other one uses client connectors. So the client connector is pretty fast, but when it comes to non-client connectors and procedures, it's kind of delayed and slow. The policies don't reflect very soon. It takes, like, a day and, like, hours to get implemented. But if it's a client connector, it takes, like, two minutes. It's just so good.

In future releases, I would like to see two things. It's not more of a feature but more like an enhancement. So I would like to see an enhancement in their proximity when detecting credit card details and past support details, and PII data.

Another area of improvement is support. 

We have issues with the tool's maintenance and networking. It should be able to work in offline mode as well. 

They should work on a replica account. There could be alerts and replica files sent to the DLP team during data collection.

There could be a feature to view the VPN tunnel activities in terms of configuration.

There could be additional ways to define proximity. Additionally, they should provide some exclusion options for specific policies and an ability to control the DLP engine.

It really comes down to the Regex that's being used from Zscaler's DLP. That's the one area that we find technical limitations because the rest of the industries use an RE2, and Regex and Zscaler just aren't there. It's not because of the technology and they can't code it. It's because of the cost of these actual Regex strings from a query perspective. There's limited flexibility from a Regex perspective as far as data matching and expanding your DLP dictionaries and libraries.

In the next release, I would like to see RE2 Regex supported.

The only issue with Zscaler Cloud DLP is that it only gives you DLP protection from web traffic, which is flowing out, while a full-blown DLP solution such as Forcepoint or Symantec gives you DLP coverage for multiple channels.

Zscaler Cloud DLP doesn't give you coverage for email, fax, and USB channels, and this is the only challenge or room for improvement in the solution. It's just an extension on top of what you're buying on the proxy, so it's just an added layer, and it doesn't cover DLP on a very broad level.

I'm unsure if Zcaler is in the business of competing with a full-blown DLP solution, and if there's a plan to expand the features of Zscaler Cloud DLP beyond the web channel because you'll have to deploy a full-blown agent for it. I'm unsure if this is on the cards because the solution is just an added layer that you get with your proxy. I've asked the Zcaler team whether there's a plan to go full DLP in the future, but I didn't get a positive response.

There isn't any feature I'd like added to Zscaler Cloud DLP currently, because anything you could think of that should be in cloud or SaaS solutions is already there, except for machine learning, as it's the only functionality that seems to be lacking in the solution. Machine learning is an additional policy available in other DLP solutions in the market, but my team didn't find it in Zscaler Cloud DLP.