Jay Chaudhry is an Indian-American serial entrepreneur who has successfully started and sold four companies all in the cyber security space. SecureIT was acquired by Verisign, Cipher Trust by Secure Computing Corporation, AirDefense by Motorola and CoreHarbor by AT&T.

It is his fifth company, Zscaler, which made him a multi-billionaire and to be listed amongst the top 400 richest by Forbes. In an interaction, Chaudhary spoke about his company’s ‘zero-trust’ offerings and why he thinks it is superior to conventional network security, firewalls and virtual private networks (VPN). Edited Excerpts:


How are your zero-trust offerings different from what conventional players offer in network security, firewalls and VPNs?

Big disruptive changes happen every 20 to 30 years when architecture changes. Look at the auto industry —internal combustion engines have been there for a long time. Tesla came with the electric engine and everything changed.

After getting involved in Internet security in 1996, I opened my first start-up called SecureIT and after which I did a few more security companies — they were all about using traditional network and security model. In 2007-2008, I was looking at doing the next big thing as I believed that more and more applications will move to the cloud and more people will become mobile.

You can’t do with a traditional network security of firewalls, VPNs. They’re like doors in front of a building. We have built a switchboard, where everyone is untrusted, there is no inside, no outside. You come to us and we ask who are you? We validate and recheck who you are allowed to talk to. We connect you to the right person and the right party. We are about connecting the right user to right applications. This is zero-trust security.

Cisco and (other) firewall companies are wonderful for on-premises network security because they are built for that design. They built a good firewall but they’re not good for zero-trust. What we do is fundamentally a different architecture as the world is embracing cloud. That’s why 40 per cent of Fortune 500 companies, today, depend upon Zscaler for security.


Since most companies have existing legacy investments in conventional network security, firewalls and VPNs, what is the addressable market for a player like Zscaler?

When the market fundamentally changes, the legacy versus new (argument) becomes very different. When cars were invented around the turn of the last century, in the early 1900s, the market was trying to figure out how big is the market for autos. Now there was no history.

And in New York City, they said let’s count how many horse buggies are good. That’s how they did transportation. And then they said if buggies are growing about 10 per cent, perhaps these autos will grow 20-30 per cent, that’s three times bigger. And guess what? That old investment in horse buggies no one cared about went away while autos took over at a very fast pace.

If the market is embracing cloud, where applications can be anywhere, then investment in firewalls and VPNs makes no sense. It’s useless. In the new world, customers and companies are trying to secure the data, not the network. Data sits with the application and with users.

It’s no longer meaningful to do network security. What needs to be done is securing data and you do it by connecting the right user to the right application. That’s what we do. That’s really what zero-trust is all about.

The legacy vendors figure out market size, based on how many offices you have, and how many data centres you have. Because each office needs certain appliances and all that stuff. We do our pricing and our sales based on securing users. We look at the number of users, and how many applications we need to access. We are multiple services and based on the data and bottom-up analysis, our addressable market is $72 billion. About $48 billion comes from protecting users and $24 billion from protecting workloads in the cloud.

More and more employees want to bring their own device — say a mobile phone. Last year, we came up with an additional service called browser isolation where I can stream pixels down on the device without streaming any data. That means the data will never be lost.

There are more and more technologies we’re building. It started out protecting users for internet access against cyber threats. Then we added to make sure that data loss can be prevented. People intentionally or by mistake can send confidential data out to the internet and that became the next challenge. We’re working on a lot of 5G-based technologies that’s evolving.


Can you speak about India as a talent base and a market for Zscaler?

India is a very important market for us. In fact, I opened the Bengaluru office before I opened the San Jose office. Today, we have all business functions in India. The number of employees we are getting to is just approaching about 40 per cent of the total employees (of 5,000 totally) are and then that’s probably a fairly high number as compared to most companies. We got an engineering team that’s big. About 80 per cent of the customer support team and the finance team is in India.

We dominate the high-end market because customers who are serious about cybersecurity are serious about user experience. Four of the largest six private banks in India are Zscaler customers. The majority of the big systems integrators and manufacturing companies are our customers.

India has grown at a faster rate than the rest of the world. We have five key offices. Chandigarh, Bengaluru, Pune, Hyderabad and Mumbai. Also, it will not be unnatural for us to add one or two additional locations in the next year or two.