The solution is expensive. They recently revised the pricing and packaging. Some of our existing customers have been asking for alternate solutions for a lower price.

One thing that needs to be improved is their presence in China. I'm not sure if that's a Zscaler thing or if it's a problem with all vendors in this space, but it would be nice to have better coverage in China.

This concern is a common one for vendors across the board when dealing with the Chinese market. So, currently, there is the Great Firewall of China. This firewall can significantly impact internet performance for users in China. A better presence in China from Zscaler could mean more breakout points between China and the rest of the world. 

This would help to improve internet performance for users in China and make Zscaler a more viable solution for organizations with a presence in China.

The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments. It's quite hard to get a good report. 

Another issue is that the API documentation could be a bit more up-to-date. They're implementing stuff, but not updating the documentation all the time.

The OS capabilities and WSL support could be improved.

If they can also integrate with the multi-factor authentication to prompt users to do another, second-factor authentication, that would be ideal. 

We'd like for them to include some sort of antivirus tool. It would help if that came bundled with this product from a security standpoint. 

We'd like to have a server connector without ht need for multiple micro tunnels. 

Zscaler does not provide dedicated IPs to each customer. Hence, they share a pool of IPs provided by Zscaler. There is a chance of blacklisting these IPs. I also do not like the multi-management portal. 

I am just an end-user of the solution. I can't speak on what needs improvement from an admin's perspective. The interface of the solution needs to be clear and user-friendly. Currently, the solution's interface is not that user-friendly.

Zscaler is not like Okta. Okta has a marketplace, while Zscaler doesn't have one. Zscaler needs to have a marketplace.

Cloud App’s database should be improved. Currently, they only support and provide granular controls to around 1000 cloud applications. In Netskope, it is more than 3000. Around 65,000 applications are visible to the users in Netskope, but Zscaler only supports around 3000 to 4000. Cloud App is not good. UI is not as easily understandable as Netskope. Netskope has a source, destination, and action policy. In Zscaler, we have to click multiple tabs to get it. It's a bit tricky compared to Netskope. Once we understand it, it's simple.

Zscaler should continue to make the user interface better. They should also improve the backup network and continue to expand it so that it can handle larger numbers of customers.

One thing that they could improve is the ability to import rules from other platforms.

The performance needs improvement. Some areas create performance issues and, depending on the use cases, require reconfiguration to perform again.

They could provide more time for the onboarding the training of an IT person.

We did run into some compatibility issues. We just needed to test its configurations on the web portal and that detected the issues.

They recently improved a few things with the new version. They should enhance the audit reporting feature. They are providing a very basic DLP solution, but it needs improvement. If they improve the DLP solution, it will be a better solution in the future. They should work on the bandwidth of the CASB solution as well. 

The solution can be improved by advancing some of the newer technologies such as the DLP feature, and adding email security.

The main issue with Zscaler Internet Access is proxy IP detection, which sometimes makes sites inaccessible. Its pricing could also be improved. In the next release, I'd like Zscaler to include local-directory integration.

I wish there were a lot less products to learn, because there are a lot. They just keep surprising me with new features, even in the SaaS arena, and they keep improving in every facet. We are Zscaler partners, so I got certified in two platforms, but there is a lot room for improvement. There is just too much training, where they focus a lot on protecting the Internet as everyone is moving to the cloud. I would love for the training to be shortened.

There are some flaws which I don't like. Mostly I was an engineer for the proxy. In that case, there are limitations. There are limited categories and limited URLs which we can create.

We'd like to see a more user-friendly interface. 

Technical support could be better. They should be more technical. Also, they need to ensure when you ask for help, they communicate better amongst themselves what the issue is so that customers aren't constantly repeating themselves. 

The price of the solution could be improved. 

Zscaler needs to add client-to-client communication. It's always client-to-server communication. The cloud and branch connectors could be improved because we're still dependent on traditional firewalls. They should eliminate this. They should also provide WAN devices should to compete with the SD-WAN solutions also.

Zscaler Internet Access can improve by having more option for filtering policy which is currently only ip based (location policy). The developer need to add more option like identifying DNS and Domains names as well along with ip.

Zscaler Internet Access needs to integrate more ISPs. It is good to have more than three ISPs. 

What could be improved in Zscaler Internet Access is its price. It could be cheaper.

I would like to see more training and video documentation.

The technical support could be better. We need more of an online knowledge base, so we don't have to lodge tickets whenever we have a question or issue. 

We'd like to have more plugins and integration. 

Even in a CASB scenario, if we could get API and JSON-contained decoding, that would be helpful.

In terms of user experience, it could be better. It all depends upon the configuration, though. At the moment, they are one of the best. In terms of room of improvement, it depends upon the specific use cases of the customers.

For example, it might be that some of the users are having some kind of connectivity issue. It depends upon how those users are connected. It may not be a product issue. Or maybe they are using a VPN. Local banks won't allow connectivity to their application over a VPN or over a cloud-based proxy service, for example. In some countries, the local banks restrict these kinds of communications. There needs to be some whitelisting done to get those users connected. 

There are a couple of areas of improvement in the solution. Firstly, there are some performance issues when we add on additional controls. Zscaler Internet Access is a plain vanilla solution that allows you to add CSV or DLP on top of it. However, once you add these modules, the performance degrades for a bit, and the latency increases significantly. We're talking about a two-fold or three-fold increase in latency. They need to work on this. So the performance goes down when using a lot of features simultaneously.

Moreover, the implementation interface is not very good. It has some minor bugs, and it's not properly streamlined. However, these are not software issues that cannot be resolved. A simple reboot or a call to the reseller personnel can guide you in resolving these issues. But the experience can be more seamless if the interface is improved.

It needs better integration with other applications. It takes a fair amount of regular activity to apply the by-passes because it is very strict in its restrictions and frequently you have to go in and open things up to allow the workforce to work.

The logs that are consumed by our security solution could be a bit more definitive, from an audit perspective. It's sometimes difficult to determine which end user a particular generated alert is associated with.

Zscaler Internet Access could improve by adding a VPN feature.

The solution is a cloud service, so when you have Zscaler Internet Access, you still often require firewall appliances at the edge to act as gateways to Zscaler. There are certain elements that you can't necessarily ever extract at a network level, which makes it difficult to go completely appliance-less.

You could see it as a downside, but if there's an unavoidable reality of how networking is addressed at this point, and I think that's the only thing that for us is unfortunate, having to always retain some type of alternate firewall or router capability inside the network in order to get to Zscaler, as an example.

We've noticed a trend of Linux support being available at a mobile and workstation level, which isn't available from Zscaler yet, but we are expecting it soon. Zscaler also doesn't offer easy Cisco Meraki integration, which is also on the roadmap, even though we've seen it becoming very common. If we try and use Zscaler with Meraki, it's a fairly manual process to get Meraki to connect to Zscaler, whereas in all other SDware products, there's a lot more automation. 

The only other thing we would love to see in Africa would maybe be an additional Zscaler hub in another strategic location like Kenya to really round out Africa because there are only two hubs in over 30 countries on the continent. One is in South Africa and one is in Nigeria. Africa is kind of a black hole for all cloud providers, which makes life tough for us because there are performance issues when delivering cloud-related services. A little bit more penetration into Africa would help with this.

Sometimes it's not easy to use during large deployments of workstations. It's a bottleneck from a network point of view.

It's a technical solution, so you need to have good architects knowledgeable on Zscaler.

We don't need any other added features.

They block Zscaler IPs when the traffic origin is from Zscaler IPs. They've been blocked by certain government organizations so the end users are not able to visit those websites unless we ask them to unblock those IP. This is a bit problematic.

Zscaler Internet Access's troubleshooting is very limited, and their textbook logs need to be more informative.

I don't know whether it's Zscaler or not, however, sometimes I can't access my time management. I need to wait and try again a few hours later. Typically, if I let some time pass, I can access it again.

From time to time, there's instability in terms of the user experience. I don't know whether it's Zscaler or the time instrument server itself. I don't know the root cause here, that this is the only thing, that causes me issues. Otherwise, I'm quite happy with it.

The solution should do more in regards to handling phishing emails. They maybe should pair with a solution like Palo Alto in order to offer a more holistic view of the security and offer behavioral analytics or endpoint protection, etc., and all from one vendor. Data Lake, for example, is a product that gets the information and gives feedback to the user. There seems to be a high volume of phishing emails that we get, and I'd like to understand what the company is doing to address that. Zscaler seems like it's just a bit too static.

The tool should improve the predefined dictionaries. The product should focus on improving its current features. They are good, but they need a lot of polishing.

There are a few features that are not compatible with the Azure cloud.

It's not fully compatible with our environment because of the way that it is divided into business units. In order to get it working properly, there are some things that we had to put in for enhancements. Otherwise, everything works well.

The interface for administration could be better. They should upgrade the management portal.

Their support could also be better.

The solution can be a bit pricey.

Sometimes, support isn't available. 

Zscaler does not have any local data centers. For example, if we have our customers in Czech Republic, in the Czech Republic they don't have their data center, as the local content, in the Czech language. They should do something in the Czech Republic and ensure that the language is accessible. They should have one data center as these people want to see the local content. Everyone wants to see their first language in the available content.

Also, in Brazil, they just have two data centers in São Paulo and they should consider expanding to other data centers.

When you check the logs, you cannot see what policy is allowed. That is one thing that is lacking. If I put someone's account in Zscaler, then it should show which policy it will be applicable for. For example, in Forcepoint we have that feature. This is something that Zscaler needs to add. They just need to put the account of some users and check whether they will be able to access that or not.

They don't have MFA, or multi-factor authentication, for admins.

On the technical side, the only thing that I believe this scanner can improve is in the way they allocate traffic. For example, a big site doesn't have the ability to have its IPs inside the cloud, so Zscaler doesn't allocate you certain IPs for traffic. Your traffic goes to the nearest Zscaler point, and from there you get an IP. Sometimes that is problematic, because your users use the same IPs that another client is using so you don't get the ability to do some rules using some IPs. For example, you cannot use conditional access to high influence IP. You can't say if somebody goes to Zscaler I know that traffic is secure so I can let them past. In this scenario you cannot do this, because Zscaler is using a pool of IPs and they'll circle them for all the clients. I would like to see the ability to choose a pool of IPs for my company, set up rules based on them, and know that those IPs are not used by other companies.

In terms of usage, here in the GCC, it's still growing a growing market, so the combination of DLP, data leak prevention, to a certain extent is fine. But what it requires is user-based access or role-based access. The solution needs to grow into that, which definitely takes time. There's not an easy way to integrate it when you have a cloud-based solution.

The only DLP you can have is for the web, such as iboss. The DLP part is quite crucial for this particular region.

DLP, machine learning, artificial intelligence, and some algorithms can be built into the solution. There are certain pet algorithms for AI and machine learning which everybody is moving towards, so that needs to be added to the solution as well.

The reporting could be improved to make it a little bit easier. When it comes to individual users, I'd like to see easy reporting that can be shared with executives. Due to my technical background I don't have issues to understand the reporting. 

However, if I have to give a report to an executive to read, he may find it too confusing. He wants to see something simplistic that contains information like what the user's access time was, how long the user spent time on the site, which sites was visited, what they did etc. The current reports can, therefore, be somewhat improved and simplified. 

Another thing that I would like to see is if Zscaler could have a separate product for direct access. I looked at a private access solution, but I understand there's a separate product that isn't integrated with this. 

Zscaler should provide adjacent services, which would be complementary to their current offering that could to be more pragmatic for a customer. For example, if you take Akamai, you get multiple sets of services, all depending on the customer and the strategy and the complexity and the problems. In some areas, they are more varied in terms of coverage. For example, they also offer content delivery networks, which is complimentary, and for some customers that could solve two problems at once. By providing a wider range of services, Zscaler could reduce deployment risk and operational risk by being a one-stop-shop type of solution.

In the next release, Zscaler should offer a content delivery network.

Using location admin users should be better so we can merge any centralized authentication servers like AD, Radius, and any other server. This would help centralize the server management. v5.2 is being released shortly, and will have a lot of new features for TLS and HTTPS transactions.

Do not expect to pay for the service and start using it, like Gmail. Zscaler requires a proper implementation to be done to make it successful.

The implementation process needs improvement. Even if you have implemented it, it doesn't mean that it is done, you have to pay for the service afterward. It's not a one-shot implementation, you need to spend some more effort on it afterward.

It also needs better integration with other applications as well. There are some restrictions.

I would like to see them incorporate a user ID or application ID in the next release of this solution.