How are your zero-trust offerings different from what conventional players offer in network security, firewalls and VPNs?
Big disruptive changes happen every 20 to 30 years when architecture changes. Look at the auto industry —internal combustion engines have been there for a long time. Tesla came with the electric engine and everything changed.
After getting involved in Internet security in 1996, I opened my first start-up called SecureIT and after which I did a few more security companies — they were all about using traditional network and security model. In 2007-2008, I was looking at doing the next big thing as I believed that more and more applications will move to the cloud and more people will become mobile. Cisco and (other) firewall companies are wonderful for on-premises network security because they are built for that design. They built a good firewall but they’re not good for zero-trust. What we do is fundamentally a different architecture as the world is embracing cloud. That’s why 40 per cent of Fortune 500 companies, today, depend upon Zscaler for security.
Since most companies have existing legacy investments in conventional network security, firewalls and VPNs, what is the addressable market for a player like Zscaler?
When the market fundamentally changes, the legacy versus new (argument) becomes very different. When cars were invented around the turn of the last century, in the early 1900s, the market was trying to figure out how big is the market for autos. Now there was no history.
And in New York City, they said let’s count how many horse buggies are good. That’s how they did transportation. And then they said if buggies are growing about 10 per cent, perhaps these autos will grow 20-30 per cent, that’s three times bigger. And guess what? That old investment in horse buggies no one cared about went away while autos took over at a very fast pace.
If the market is embracing cloud, where applications can be anywhere, then investment in firewalls and VPNs makes no sense. It’s useless. In the new world, customers and companies are trying to secure the data, not the network. Data sits with the application and with users.