Please share with the community what you think needs improvement with Zscaler Internet Access.
What are its weaknesses? What would you like to see changed in a future version?
Zscaler should provide adjacent services, which would be complementary to their current offering that could to be more pragmatic for a customer. For example, if you take Akamai, you get multiple sets of services, all depending on the customer and the strategy and the complexity and the problems. In some areas, they are more varied in terms of coverage. For example, they also offer content delivery networks, which is complimentary, and for some customers that could solve two problems at once. By providing a wider range of services, Zscaler could reduce deployment risk and operational risk by being a one-stop-shop type of solution. In the next release, Zscaler should offer a content delivery network.
In terms of usage, here in the GCC, it's still growing a growing market, so the combination of DLP, data leak prevention, to a certain extent is fine. But what it requires is user-based access or role-based access. The solution needs to grow into that, which definitely takes time. There's not an easy way to integrate it when you have a cloud-based solution. The only DLP you can have is for the web, such as iboss. The DLP part is quite crucial for this particular region. DLP, machine learning, artificial intelligence, and some algorithms can be built into the solution. There are certain pet algorithms for AI and machine learning which everybody is moving towards, so that needs to be added to the solution as well.
The solution is a cloud service, so when you have Zscaler Internet Access, you still often require firewall appliances at the edge to act as gateways to Zscaler. There are certain elements that you can't necessarily ever extract at a network level, which makes it difficult to go completely appliance-less. You could see it as a downside, but if there's an unavoidable reality of how networking is addressed at this point, and I think that's the only thing that for us is unfortunate, having to always retain some type of alternate firewall or router capability inside the network in order to get to Zscaler, as an example. We've noticed a trend of Linux support being available at a mobile and workstation level, which isn't available from Zscaler yet, but we are expecting it soon. Zscaler also doesn't offer easy Cisco Meraki integration, which is also on the roadmap, even though we've seen it becoming very common. If we try and use Zscaler with Meraki, it's a fairly manual process to get Meraki to connect to Zscaler, whereas in all other SDware products, there's a lot more automation. The only other thing we would love to see in Africa would maybe be an additional Zscaler hub in another strategic location like Kenya to really round out Africa because there are only two hubs in over 30 countries on the continent. One is in South Africa and one is in Nigeria. Africa is kind of a black hole for all cloud providers, which makes life tough for us because there are performance issues when delivering cloud-related services. A little bit more penetration into Africa would help with this.
On the technical side, the only thing that I believe this scanner can improve is in the way they allocate traffic. For example, a big site doesn't have the ability to have its IPs inside the cloud, so Zscaler doesn't allocate you certain IPs for traffic. Your traffic goes to the nearest Zscaler point, and from there you get an IP. Sometimes that is problematic, because your users use the same IPs that another client is using so you don't get the ability to do some rules using some IPs. For example, you cannot use conditional access to high influence IP. You can't say if somebody goes to Zscaler I know that traffic is secure so I can let them past. In this scenario you cannot do this, because Zscaler is using a pool of IPs and they'll circle them for all the clients. I would like to see the ability to choose a pool of IPs for my company, set up rules based on them, and know that those IPs are not used by other companies.
The implementation process needs improvement. Even if you have implemented it, it doesn't mean that it is done, you have to pay for the service afterward. It's not a one-shot implementation, you need to spend some more effort on it afterward. It also needs better integration with other applications as well. There are some restrictions. I would like to see them incorporate a user ID or application ID in the next release of this solution.
The reporting could be improved to make it a little bit easier. When it comes to individual users, I'd like to see easy reporting that can be shared with executives. Due to my technical background I don't have issues to understand the reporting. However, if I have to give a report to an executive to read, he may find it too confusing. He wants to see something simplistic that contains information like what the user's access time was, how long the user spent time on the site, which sites was visited, what they did etc. The current reports can, therefore, be somewhat improved and simplified. Another thing that I would like to see is if Zscaler could have a separate product for direct access. I looked at a private access solution, but I understand there's a separate product that isn't integrated with this.
It needs better integration with other applications. It takes a fair amount of regular activity to apply the by-passes because it is very strict in its restrictions and frequently you have to go in and open things up to allow the workforce to work. The logs that are consumed by our security solution could be a bit more definitive, from an audit perspective. It's sometimes difficult to determine which end user a particular generated alert is associated with.