Secure access has improved remote work and has reduced vulnerabilities across our workforce
What is our primary use case?
I work with
Zscaler Zero Trust Exchange Platform as a user. We are an HCM company, and we wanted to utilize it as a user because it is our own product company. We have been developing the customer product because the HCM product is focusing on workforce management and payroll. We have been trying to use it as a user itself, not for deployment for different companies.
If we speak about the use cases for Zscaler Zero Trust Exchange Platform, I can use the product for various purposes, not just one. There are multiple use cases because it is basically the HCM product. We have a huge database of customers, and it has a different case-to-case basis. Our model for deployment was huge with multiple use cases. In this case, it is very difficult for me to specify or identify one particular use case. I just log in with SSO and make sure that Zscaler Zero Trust Exchange Platform is able to protect it appropriately. It is not one use case; it is multiple business models we have deployed.
What is most valuable?
The benefit is the accessibility. When we were using Cisco, especially when we were focusing on VPN, we had multiple issues. Even with the login, we also had an issue. Since we started using Zscaler Zero Trust Exchange Platform, it has auto-configuration, and wherever we have deployed the auto-configuration, we have not encountered any problem. The company is not looking for any specific change or transition from Zscaler Zero Trust Exchange Platform to a different product. Even during deployment, the referral responses were quite appropriate. That is the reason why we have a preference, and I still rate it as good to go.
The deployment is already progressing. We completed deployment last month.
What needs improvement?
Zscaler Zero Trust Exchange Platform probably needs to be more efficient because scanning takes a lot of time. Some vulnerabilities create issues, and when we wanted to identify the source of the vulnerabilities, specifically focusing on mobile ID and related areas, it was unable to provide assistance. However, according to discussions with Zscaler Zero Trust Exchange Platform, they said that by the end of mid-2026, they are exploring these features, and probably those features can be incorporated or embedded into this particular system. That is the only major negative point.
In terms of responses, Zscaler Zero Trust Exchange Platform is good. In terms of controlling vulnerability, it is good. The only cons I have noticed is that it is a bit slower, and sometimes it is unable to identify the source. These are the key areas for improvement.
For how long have I used the solution?
We started somewhere in March 2025, and it is going to be a year in March.
What do I think about the stability of the solution?
Zscaler Zero Trust Exchange Platform is very stable. I am using it on my PC, and I do not see any issues coming to me for the past one year. I have never seen any issues.
What do I think about the scalability of the solution?
Zscaler Zero Trust Exchange Platform is scalable. The only limitation I was mentioning is that it was unable to identify the sources of vulnerability, which they are going to embed by the mid of this year. That is what the promise they have made in their plan. After that, it is scalable.
How are customer service and support?
Zscaler Zero Trust Exchange Platform support is good. We have managed to find 24/7 support region-wise. We have North America, we have Asia Pacific region, Japan, China, New Zealand, and Australia. We managed to identify the 24/7 support. They have provided the numbers and contact supports, and it is almost immediate. I would rate support from Zscaler Zero Trust Exchange Platform from zero to ten points, with ten being the best. I can say seven to eight.
Which solution did I use previously and why did I switch?
I have been working with
Cisco XDR and
Cisco Secure Access. We were using
Cisco XDR and Cisco as an endpoint security, especially on VPN. Recently, we have moved from Cisco, and we have gone to Zscaler Zero Trust Exchange Platform. Currently, we are using Zscaler Zero Trust Exchange Platform. Cisco was decommissioned in late 2024, and early 2025, we moved to Zscaler Zero Trust Exchange Platform.
I used Trend Micro sometime in 2022. We were using CrowdStrike until 2024. We replaced it with Prisma. The reason we made the replacement from Prisma to Wiz is because of the cost. I can tell that it is a saving of about half a million dollars a year.
How was the initial setup?
Zscaler Zero Trust Exchange Platform is very easy to deploy with no complication. We did our implementation in-house. We have our own team and our own security team, and it was being assisted by Zscaler Zero Trust Exchange Platform directly. We did not engage any vendor.
What about the implementation team?
We did our implementation in-house. We have our own team and our own security team, and it was being assisted by Zscaler Zero Trust Exchange Platform directly. We did not engage any vendor.
What was our ROI?
I see return on investment here. When I see that I am trying to cut costs, for example, even when replacing Prisma, we have managed to save about over half a million dollars a year. I can see some of our own products where Zscaler Zero Trust Exchange Platform has been deployed, and I can say over 50,000 US dollars I am able to save a month as compared to the other products. Definitely I will consider this as ROI.
What's my experience with pricing, setup cost, and licensing?
Zscaler Zero Trust Exchange Platform is much, much cheaper when comparing price.
Which other solutions did I evaluate?
I have been working with Cisco
XDR and
Cisco Secure Access. We were using Cisco
XDR and Cisco as an endpoint security, especially on VPN. Recently, we have moved from Cisco, and we have gone to Zscaler Zero Trust Exchange Platform. Currently, we are using Zscaler Zero Trust Exchange Platform. Cisco was decommissioned in late 2024, and early 2025, we moved to Zscaler Zero Trust Exchange Platform.
I used Trend Micro sometime in 2022. We were using CrowdStrike until 2024. We replaced it with Prisma. The reason we made the replacement from Prisma to Wiz is because of the cost. I can tell that it is a saving of about half a million dollars a year.
What other advice do I have?
Zscaler Zero Trust Exchange Platform's SSL Inspection feature helps to improve security. The threat intelligence capability is true and important. When we are scanning all our applications, especially focusing on application security, we are using the product
Invicti. While we are doing vulnerability management prior to Zscaler Zero Trust Exchange Platform and this SSL Inspection feature, subsequently what we have noticed is that the vulnerabilities, especially the security bugs that were coming prior to Zscaler Zero Trust Exchange Platform, were about 20,000 to 22,000. Subsequently, after this, there is a huge reduction. It has come down more than 40 percent. That is definitely an advantage over the previous product.
It helps for the remote workforce. Ours is 100 percent remote. All the accesses have definitely improved because we are also using an SSO platform. Subsequently, what we have been noticing with this feature is the security. My job is to ensure that security is scanned from across the cloud region, across application security, and across on-premises. With this deployment, I have seen the security being in absolute control. We have not seen any incident being reported for the past one year.
We are not getting into too many details internally for metrics, except for the scanning and the results that we have been monitoring. I would rate this review eight out of ten.
Allows for strict access control, granting access to specific applications at a URL level rather than at the physical IP level
What is our primary use case?
Most people use Zscaler SASE as a replacement for VPNs. You know, with a VPN, once you establish connectivity to the network, you have unrestricted access. But with Zscaler SASE, you have strict access control. You don't get any access unless you adhere to the policies set in Zscaler.
So, you can control who has access to specific applications at a URL level rather than granting access at the physical IP level. That's what most people appreciate about it. IPs provide access to everything on the machine, whereas Zscaler SASE provides access to specific services within the network.
What is most valuable?
The most valuable feature is its ability to establish connectivity for remote users and remote endpoints. It offers a high level of granularity compared to typical VPNs, which also encapsulate a lot of I/O. By using Zscaler SASE for home access or access in remote areas, it bypasses the issues introduced by ISPs.
Sometimes ISPs block certain protocols or applications, but when everything is encapsulated within the Zscaler Cloud, the ISPs don't get a chance to interfere or block. This is especially helpful when it comes to file sharing. Sometimes ISPs block it, so we can't share files using cloud services remotely. Zscaler SASE gives non on-premise users the ability to securely access and sync with on-premise resources.
What needs improvement?
The area that requires improvement is their support. The current support is lacking.
Other than that, once you have the right people on the phone, the product performs as advertised. However, multiple clients have complained about the support.
For how long have I used the solution?
I have been working with Zscaler SASE for two years.
What do I think about the stability of the solution?
When it comes to stability, it's similar to any outsourced service. There will always be some outages because of the global nature of the network and the involvement of various cloud providers. There are many moving parts. I don't anticipate more frequent outages, but it's important to acknowledge that Zscaler is not flawless.
What do I think about the scalability of the solution?
I haven't encountered any clients who have had problems with scalability or performance issues. There were a couple of outages less than six months ago, but that's to be expected. Every service experiences occasional outages. It's like having allergies; every product at a global scale will have such issues.
How are customer service and support?
I have heard a lot of complaints from my clients about the support. Even VMware's support has declined since it got acquired by Broadcom.
So, we're not receiving the kind of support we used to get, like from Cisco. It's more akin to Microsoft and internal support.
How would you rate customer service and support?
How was the initial setup?
The initial setup does take some time to get used to. Zscaler does a good job with its specialized services in setting up and installing the product.
Once you start using the product, any issues that arise are generally handled well. The support is not as terrible as it may seem at first. While there may be instances where one technician transfers the case to another technician, it doesn't mean starting the entire process from scratch.
However, most people are deploying it on AWS or Azure. I have some clients who still prefer on-premises deployment. It depends on their specific requirements.
What's my experience with pricing, setup cost, and licensing?
The pricing is quite high, especially when it comes to the gateway. It costs around $10,000 per gateway per data center, which can be seen as ridiculous. Other cloud-based solutions charge based on the number of clients without the need for a gateway for each data center.
This pricing approach doesn't sit well with my clients anymore. When Zscaler SASE had a monopoly in the market, it could get away with it, but now there are alternatives cutting into its market share.
I would rate Zscaler's pricing model as an eight out of ten, with one being cheap and ten being expensive.
There are other solutions like VMware that also have high costs, but Zscaler SASE stands out because of the expensive gateway for each data center. It's not a cheap implementation.
Every time you set up an Azure data center, you have to spend another $10,000 to $15,000 on a gateway. It adds up quickly. Creating a VPN between data centers might be an alternative, but it introduces a single point of failure. So, that pricing policy alone makes it very expensive.
What other advice do I have?
It's a great product. My advice for those considering using it is to understand the concept of zero access. It's different from just having VPN access. If someone can perform a DNS lookup, they still have access.
People are often stuck in a VPN-centric mindset. It requires a paradigm shift, similar to transitioning from traditional applications to Microsoft applications. Instead of focusing on what services the user needs, it's about restricting access to specific applications regardless of the user. Once you embrace this mindset, it becomes easier to navigate. It's not a major impact, but it does require a change in thinking.
Overall, I would rate this product an eight out of ten, with the exception of pricing and support issues. It is one of the better implementations available, surpassing Cloudflare's capabilities. However, there are still areas for improvement, particularly in terms of pricing and support.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
