This week, the Zscaler cloud security platform reached an amazing new milestone — 100 billion transactions secured daily. To put that in perspective, you have to look at what happens daily at internet scale. The world’s population is approximately 7.6 billion of which 2.5 billion are active users on Facebook. While Google does not publicly report usage statistics, it is estimated that there are between 7 to 10 billion Google searches and around 5 billion YouTube videos viewed daily. So yes, 100 billion daily transactions through the Zscaler platform is a massive number.
What exactly is a transaction? Broadly speaking, when a user types a URL in a web browser, it generates an HTTP request. The web server responds with an HTTP response that is rendered in the user’s browser. An HTTP request and response together constitute one transaction. A modern website or cloud application may have many such transactions. Zscaler has more than 4,000 large enterprise customers with employees across the globe. All their transactions get routed through Zscaler for security and policy enforcement. Those transactions add up quickly.
No Shortcuts to Scaling Up and Scaling Out
I’ve always been fascinated by the Chinese Bamboo tree. Like any other plant, you start by sowing a tiny seed in the ground. A year goes by and very little seems to happen on the surface. The second year you water and fertilize and protect the seed...nothing happens. You continue to nurture it for the third and fourth year...still nothing! Finally, in the fifth year, the Chinese Bamboo tree begins to grow. And boy does it grow! It shoots up almost 100 feet in just six weeks! The question is, did it grow 100 feet in just six weeks? The answer, of course, is that it grew 100 feet in five years and six weeks. It took five years to grow the root system that would one day support a magnificent tree.
The Zscaler seed was sown in the summer of 2007. While the enterprise landscape for security delivered as a service in the cloud was not quite fertile, we had a singular vision. We believed fundamentally that the world would be mobile, and applications would run in the cloud. If that was the future for enterprises, traditional security appliances like proxies and firewalls that run in a company’s headquarters or data centers would become irrelevant. We said no to shortcuts and decided to build the enterprise security stack from the ground up, born and bred in the cloud.
Fast forward a decade, 5 million lines of code, and over 100 issued patents later, here we are today. The Zscaler cloud flourishes across 150 data centers, processing 100 billion transactions per day, stopping around 100 million threats daily for 4,000 global customers with employees located in 185 countries.
Much like the bamboo tree, the architectural foundation of the Zscaler cloud took time to grow. We rewrote the TCP/IP network stack to run in userspace, with extreme performance optimizations that allowed us to run a Layer7 proxy virtually at Layer2 Ethernet speeds. You may have a Gigabit Layer2 network, but by the time you get to the Layer7 application, your throughput could be down to a few hundred Megabits in a traditional TCP/IP stack. We made the bold assumption that scanning SSL-encrypted traffic would be a fundamental requirement for security and chose a proxy-based architecture over a simpler firewall-based approach that does not scan encrypted content. With over 90% of internet transactions now being encrypted and a majority of malware delivered inside SSL tunnels, it was a very smart choice. Enforcing policies and filtering malware hiding inside encrypted channels are compute-intensive and a big competitive differentiator for Zscaler. Our bare metal compute infrastructure in all 150 data centers has allowed us to efficiently scale up and out.
Secure Access Service Edge (SASE) Architecture
Necessity is the mother of invention. Serving customers with employees in virtually every country meant we needed presence everywhere to minimize latency. We invested in world-class sites that route most of the Internet traffic worldwide. We leveraged Tier 1 ISPs and regional carriers that best served customers in each geography. This resulted in a very good user experience for our customers and solid margins for the business as our compute and networking costs became substantially lower at scale compared to what it would have been if we went with third-party infrastructure. We made the smart decision early on to invest in Internet Exchange connectivity and peering with both network and cloud service providers like Microsoft, Google, and Akamai. Not only do our customers get their full security stack in every Zscaler data center, but many of the popular destinations they go to are also just a hop or two away from Zscaler as a result of low-latency peered connections.
Gartner has recently coined the term secure access service edge (SASE) for this security architecture. One of the fundamental tenets of SASE is to have compute capabilities located at the edge. It makes sense in a mobile and cloud-first world. Users want the shortest path to their content, without backhauling through security choke points in a few locations. Zscaler has been a SASE service from the very beginning. All 150 Zscaler data centers are 100% compute sites with bare-metal performance including SSL inspection. Legacy vendors trying to virtualize their security appliances and running them in third-party cloud infrastructure cannot match the performance or the economies of scale of the Zscaler platform.
A driven and passionate team
Today marks a special milestone in our journey. A journey that would have been impossible without our customers who trust us and a dedicated and passionate Zscaler team innovating and providing service to them. As I take a moment to reflect, I am reminded of a quote from Theodore Roosevelt that has always inspired me: “It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.”
To the men and women in the Zscaler family, for being in the arena, for daring greatly, for serving a worthy cause, and for continuing to win with humility, thank you.
Amit Sinha is the Zscaler President of R&D, Operations & Customer Service, CTO
