About three years ago, Zscaler’s CEO Jay Chaudhry expressed a viewpoint in an SDxCentral article that distanced the company from the SD-WAN market. Chaudhry stated, “Network security is not really very meaningful. We decouple network access and application access with zero trust. We don’t put people on the network, we connect a person to a particular application or service. If you believe that network and security should be decoupled, there’s no reason for Zscaler to get into the SD-WAN space.” This stance highlighted a philosophy focused on securing direct application connections rather than managing the broader network layer.
Fast forward to last week’s Zscaler Zero Trust (ZT) SD-WAN announcement. Zscaler unveiled a strategic pivot that places them squarely into the SD-WAN space, indicating a significant expansion of their focus towards networking. By introducing new hardware appliances, the Z connector series, Zscaler targets small to medium-sized branches, aiming to blend zero trust security with SD-WAN capabilities. This move positions Zscaler as a competitor against existing SD-WAN behemoths like Cisco, departing from Chaudhry’s earlier assertions.
I had the opportunity to sit down with Zscaler this week for a briefing on the new Z connector appliance family encompassing three models: the ZT 400, ZT600, and ZT 800. The hardware appliances range in performance from 200Mbps to 1Gbps, which Zscaler stated was sufficient for small to medium branches. Zscaler admitted the need for higher throughput hardware and is actively investigating. Until faster hardware arrives, customers must rely on the VM-based software appliance (Zscaler Branch Connector) that can scale horizontally with 3rd-party load balancers.
A critical application of Zscaler’s strategy is enhancing IoT environments, with the appliances featuring IoT device discovery, yet, notably, they do not include Wi-Fi capabilities. Distinctively, Zscaler adopts a subscription-based model for its Z connector appliances, marking a departure from most of the industry’s standard practice of selling hardware solely through a capital expenditure (Capex) model. Details on the pricing remain confidential, with an announcement scheduled for this month (February) alongside the release of the Z connector software.
Zscaler’s SD-WAN strategy presents a streamlined, cloud-based alternative to complex traditional networking frameworks, emphasizing ease of management. The conversation underscored Zscaler’s potential to enhance or supplant current SD-WAN infrastructures. Yet, Zscaler recognizes its significant challenges in evolving into a hardware-centric enterprise. These challenges span the spectrum from regulatory compliance and establishing efficient distribution networks to ensuring next-day hardware replacement capabilities and bolstering support services. Additionally, Zscaler is focused on refining its SD-WAN solutions to enhance competitiveness and expand its offerings to support larger branch networks, necessitating integration with campus and Network Access Control (NAC) systems (in the vein of “Universal ZTNA”).
Adopting Zscaler Z-connector appliances positions Zscaler as a central network provider, managing secure application access via its Zero Trust Exchange and linking an enterprise’s operational integrity to its performance. This shift towards consuming a secure network as a service, akin to how cloud services for servers and storage are utilized, marks a significant change in enterprise networking that may feel foreign to some. Networking goes from hardware with blinking lights to an ephemeral service from the cloud. Despite this, it’s part of an industry-wide transformation, with other progressive vendors like Aryaka, Cato Networks, Cloudflare, and Versa Networks offering some or all their network services in a similar fashion.
This trend toward network as a service, the SASE framework, and multi-cloud networking are key pillars of my Distributed Cloud Network concept, which I discussed in my op-ed on SDxCentral. Collectively, these elements represent the future of enterprise networking, integrating new technology and consumption models into the broader, evolving landscape of enterprise IT strategies.
Zscaler’s evolution from sidestepping SD-WAN by exclusively relying on integrations with third-party SD-WAN vendors to now offering SD-WAN capabilities natively underscores the company’s adaptability and strategic growth. This shift highlights Zscaler’s responsiveness to changing market dynamics and marks a significant new chapter in its journey as a single-vendor SASE provider.
My SWOT analysis follows:
Strengths
- Market-leading SSE with a strong security focus with zero trust architecture.
- Simplified cloud management and deployment.
- Targeted solutions for small to medium-sized branches.
- Adoption of a modern subscription-based business model.
Weaknesses:
- New entrant in the hardware-focused networking market.
- Limited hardware portfolio breadth.
- Pricing strategy not clearly defined.
- Convincing established customers to switch from traditional vendors and approaches may pose challenges.
- ZIA and ZPA are built on separate technology stacks and operate as distinct networks, unlike some newer SASE vendors that utilize a single network with a common technology stack. Having separate technology stacks/networks increases the risk of subpar networking performance and reliability.
Opportunities:
- Rising demand for integrated security and networking solutions.
- Shift towards service-oriented and cloud-based network management.
- Opportunity to capture a niche market looking for simplified SD-WAN solutions.
Threats:
- Competition from better-established SD-WAN vendors like Cisco, Fortinet, and Palo Alto Networks.
- Resistance from customers loyal to traditional networking methods that rely on more of the security and networking smarts embedded in each SD-WAN device.
- Need for continuous innovation in a rapidly changing SD-WAN and security landscape.
- Newer SASE vendors offering a unified technology stack across functions may appeal to customers seeking streamlined solutions, posing a competitive threat to Zscaler’s dual-product approach.
