Umang Sota (MBA ’21) reports on the lessons in cybersecurity and entrepreneurship through the story of cybersecurity startup Zscaler.
The enterprise technology landscape has seen dramatic shifts over the last five years, including increasing permeation of the Cloud, an expanding IoT network, adoption of BYOD (Bring your own device), flexibility around remote work and burgeoning data across enterprise applications. These changes and significant advancements in cyber-weaponry have made cybersecurity a high priority across enterprises regardless of the sector. In addition to the threat of malicious attacks, enterprises face severe regulatory and financial penalties for inadequate measures to protect data.
All these factors have made cybersecurity space a great bet for entrepreneurs and investors alike. The overall cybersecurity market is expected to be $300 billion by 2024 with a growth of 12% year-over-year. Over $8 billion was invested in cybersecurity startups in 2019 alone and we have seen some amazing billion-dollar-plus exits (acquisition/IPOs) over the last few years.
I recently had the pleasure of talking with Jay Chaudhry, Founder, Chairman, and CEO of Zscaler, valued at roughly $7 billion and one of the most promising cybersecurity companies out there.
Before we get into the astounding success of Zscaler, would you mind briefly explaining, to our readers, what is Zscaler?
Back in the day when your users were all in office and on the corporate network, and your applications resided in your physical data center, it made sense to establish a secure perimeter around your network. But, in this cloud-first world, your applications are moving to the cloud—Salesforce, Office 365, and Amazon Web Services—but your security appliances are still sitting on premises, protecting your corporate network and making your network security irrelevant.
Instead, you need to put your defenses and controls where the connections occur—the internet—so that every connection is fast and secure, no matter how or where users connect or where their applications reside. With a distributed platform in over 150 data centers, Zscaler brings security closer to the user to provide that defense and control to protect our customers from cyberattacks and data loss. Zscaler is a Digital Services Exchange, it acts like a smart switchboard providing secure, fast and reliable access to right users for right applications, whether the applications are in a data center or in the cloud.
Now, global networks and associated industries have traditionally been dominated by players like Cisco and Symantec. What is it that they couldn’t do that Zscaler could?
We were ready to test, innovate and repeat.
Cisco and others, for a while, didn’t see the tectonic plates shifting in the enterprise landscape and even when they did, they were in denial mode. Incumbents also have the challenge of pivoting from legacy appliance to the cloud.
That’s the reason, when a paradigm shifts happen, incumbents rarely make it. For example, PeopleSoft at one time used to dominate HR software, but now Workday has taken their lunch. Nicholas Carr talks extensively about this phenomenon in his book, The Big Switch.
Here, at Zscaler, we have kept our focus on providing users fast, secure and reliable access to their applications and data and have consciously avoided falling in love with our technology/product. That’s what our customers value and that’s what has given us the right to win in the market.
That’s a very good transition to my next question. Who are these customers? How did you choose them?
I had spent 20 years in enterprise technology space before starting Zscaler but I still learn every day. My conventional wisdom said mid-size enterprises would be first to adopt new technology like ours while large enterprises would be the slowest. Also, winning in large enterprises without some established history was going to be a challenge. So, we thought mid-size enterprises would be our ideal target segment to start with. But as we started going to market, we learned that big enterprises have the biggest problem.
Let me give you an example. In the early days, we had some initial 10-15 customers, and our biggest customer was one with 10,000 users. But then GE came out with an RfP (Request for Proposal) for their 350,000 user base. Now, this size of accounts wasn’t really in our target segment, but the requirement or problem statement seemed like it was designed with Zscaler as the answer. We bid for it; Our solution fulfilled all criteria, but we lost it because we didn’t have a three-year financial statement which was a required part of diligence for the bid. But one year later, I got a call as the solution they chose wasn’t working for them. We deployed a pilot for 4,000 users and now we have hundreds of thousands of users. This was our entry into large accounts.
All in all, I think for a business in the early years of launch, it is important to go with a target segment in mind but at the same time be open and capitalize on the market opportunity that presents itself.
We have all seen how Zscaler has capitalized on the market opportunity with consistent growth of over 50% over the years. But what’s next? How is Zscaler preparing for future changes in the security space?
Technology is changing so fast that I will be foolish if I say I know what the world will look like in five to 10 years. However, at Zscaler, we have this relentless focus on keeping a pulse on the market and customer needs and evolving with it. When we started, we saw that our enterprise users were accessing the internet but had no secure options, we created Zscaler Internet Access (ZIA) to help solve this. Then internal applications started to move to the cloud, so we built Zscaler Private Access (ZPA). We then saw our customers needed to provide secure access to their business portals and so we will be releasing Zscaler B2B (ZB2B). With users accessing applications from anywhere on the open internet, pinpointing where the problem is can be challenging. We recently launched a Zscaler Digital Experience. This allows IT organizations to quickly find and assess users’ performance problem, no matter if it’s related to their device, their local wifi, or DNS resolution.
We also believe that the future lies in open communities to help promote a safe internet and so we have built an embedded lab called Zscaler ThreatLabZ. ThreatLabZ analyzes and eliminates threats across the Zscaler security cloud and investigates the global threat landscape for new threats while sharing the research and insights with the industry.
We will continue to listen to our customers to continue to innovate in the future as we have done over the years.
I would like to spend the next few questions on your entrepreneurial journey. How did it start?
I am a regular hard-working Indian and decided to bet on my own conviction. I come from a small village in India. I learned my work ethos from my diligent and humble father who was a farmer. I pursued computer science education in India and then moved to the U.S. to pursue my MS. When I started working in the technology space, I was fascinated by the changes happening in this space. I wanted to start something in the IT security space, but no one would give me funding because I had no start-up experience. So, my wife, who is also a tech professional, and I decided to take a gamble with our life savings and started a company called SecureIT. We gave our life and soul to the company and achieved $5 million in sales and $1 million in pre-tax profit in the first year. VeriSign, a public company acquired SecureIT. 70 of our 80 employees became millionaires because of their stock options.
I felt this must be a fluke and so wanted to replicate this. I viewed this investment as similar to having children and so I staggered them. I started different companies—AirDefense, CoreHarbor, and CipherTrust. We prodded hard to make them successful and had great exits.
That’s fascinating, So, since you exited all your previous companies, should we expect you would sell Zscaler as well? And how do you make that decision?
I never started with an intent to flip a company but as they grew, I learned that the point products that each of the companies focused on were better utilized as a part of an overall portfolio solution. So, I did what I felt was right for the company. However, when I started Zscaler, I started with the intent to build a long-lasting company. It’s something we can continue to develop and extend. From day one, Zscaler was built to be the salesforce of cloud security.
Seems like everything is sorted. But is there anything that still keeps you awake at night?
We have built Zscaler with passion and drive while staying humble. Great businesses are built by people with a hands-on approach and not the ones sitting in their ivory tower. My biggest agenda is to ensure we keep this culture as we grow. We have a globally distributed and a sizable team. While I spend time meeting people we hire for key positions, I want to ensure we keep any politics or toxic culture at bay. We have been very successful at doing this so far. My number one priority is ensuring that we maintain a passionate, learning and forward-looking culture at Zscaler.
Umang Sota (MBA ’21) is originally from India and has worked in product and business development roles in the B2B technology space across Asia and Europe. Prior to joining HBS, Umang was the Global Head of Product for Tata Communications’ Cloud & Data Center Services based out of London. In addition to technology, she is passionate about early education and has taken on active leadership roles in projects around education for the last 10+ years across India, Singapore, and the United Kingdom.
