The Zero Trust Path - Zscaler and the Evolution of Enterprise Security
How an overlooked security pioneer is redefining enterprise architecture while Wall Street finally takes notice
โ
โ
In 1994, John Gage of Sun Microsystems uttered the now-famous phrase: "The network is the computer."
โ
This seemingly simple observation captured a profound shift in computing architecture, signaling the rise of connected systems over isolated machines. Twenty years later, most enterprises still secured their networks as if the opposite were true โ as if the corporate network was a castle to be protected by a moat, with firewalls standing sentry at the gates.
The problem was becoming increasingly clear. Once attackers breached the perimeter, they could move laterally throughout corporate networks with relative ease. The moat-and-castle approach created a false sense of security.
โIt wasn't a question of if the walls would be breached, but when. โ ๏ธ
โ
โ
โ
This was the problem Jay Chaudhry set out to solve when he founded Zscaler in 2007, building on his experience founding four previous security companies.
โ
His radical premise: what if we eliminated the corporate network altogether? What if nothing was trusted by default?
โ
The Dissolution of the Network
Fast forward to today, and Zscaler's recent earnings calls reveal how profoundly this vision is reshaping enterprise security.
๐ The company just reported Q2 FY2025 revenue of $648 million, up 23% year-over-year.
๐ฐ The more telling number is billings growth accelerating to 18%.
โ This validates management's earlier predictions of a second-half surge.
โ
The market has responded favorably, with the stock up significantly following the earnings report. But the financial metrics only tell part of the story. The more interesting narrative lies in how Zscaler is fundamentally redefining what enterprise security means.
โ
The first interesting shift is semantic but revealing.
โ
This isn't merely cosmetic rebranding โ it reflects a substantive expansion of their strategic vision from securing internet traffic to securing all enterprise communications, regardless of source or destination.
โ
In the Q2 earnings call, CEO Jay Chaudhry articulated this vision clearly:
"For a customer to be Zero Trust Everywhere, they need Zero Trust users, where users are untrusted and never put on the corporate network. Zero Trust Cloud, where workloads are untrusted and can communicate only through our exchange. And Zero Trust Branch, where branches, factories, warehouses or IoT, OT devices, islands of their own."
โ
The Paradigm Shift
What makes this approach revolutionary is how it inverts the fundamental premise of enterprise networking. Traditional security vendors start with the assumption that networks exist, and then build products to secure them.
Zscaler starts with the premise that networks themselves are the problem.
โ
This inversion has profound implications for the competitive landscape.
During the Q2 call, when an analyst asked about competition in the branch security space, Chaudhry's response was telling:
"Our competition is legacy. Lots of firewall vendors, in some case in a branch, NAC vendors, VLAN vendors, none of that is needed."
โ
โ
Legacy vendors are selling better moats; Zscaler is arguing that moats themselves are obsolete.
The most compelling evidence of this approach's efficacy comes from a survey Chaudhry cited during the call: at a CXO exchange summit, 96% of all attendees indicated readiness to embrace the concept of branches as "like a cafe without any firewall and any other stuff." Five years ago, such widespread acceptance of this model would have been unthinkable among security professionals.
โ
The Business Model Alignment
Zscaler's technology vision aligns perfectly with its business model.
โ๏ธ As a cloud-native platform charging on a per-user basis, Zscaler benefits when companies simplify their security infrastructure and consolidate vendors. Their economic interests align with their technological approach โ simpler architectures mean higher margins and stickier customer relationships.
๐ The fact that 65% of new annual contract value is coming from upsells rather than new logos. Once customers adopt the basic platform, they tend to expand both in user count and in product scope.
โ
The power of this expansion vector is evident in Zscaler's product strategy. They've evolved from a secure web gateway provider to offering:
๐ก Comprehensive solutions for data protection (growing 40% year-over-year),
โ๏ธ Digital experience monitoring (with their ZDX product showing 45% growth in Advanced Plus tier), and
The rise of generative AI has introduced a new dynamic. Enterprise adoption of AI tools like Microsoft Copilot and other large language model applications has created an urgent demand for securing these systems, which operate fundamentally differently than traditional applications.
Zscaler has responded by developing specific solutions for AI security, including an LLM proxy that can analyze prompt queries and detect potential data leakage or prompt injections.
๐ก๏ธ This approach naturally extends their zero-trust philosophy to a new domain where traditional security tools are ill-equipped.
One particularly revealing example cited by Chaudhry was a "Global 2000 technology services customer [who] purchased our AI-powered data protection solution, which accounted for 50% of the seven-figure ACV deal." When half of a major contract is dedicated to securing AI systems, it signals how quickly this need has evolved from theoretical to essential.
โ
The Path Forward
The most striking aspect of Zscaler's Q2 earnings wasn't the numbers themselves but the shift in tone from both management and analysts. Gone was the cautious, measured language of previous quarters, replaced by confident assertions about future growth and ambitious targets like tripling the number of "Zero Trust Everywhere" customers within 18 months.
This confidence stems from validation of Zscaler's architectural approach.
๐ญAs enterprise computing continues its inexorable shift to distributed systems โ accelerated by remote work, cloud migration, and now AI adoption โ the zero-trust model becomes not just preferable but necessary.
โโThe biggest remaining question isn't whether enterprises will adopt zero-trust architectures, but how quickly the transition will occur and which vendors will capture the largest share of this shift. Zscaler's positioning as the pioneer of this approach gives them significant advantages, but competition is intensifying as other vendors recognize the paradigm shift underway.
โ
โ
The fact that 96% of CXOs now express readiness for "branches like cafes" suggests this psychological barrier has largely been overcome. We are witnessing not just a company's growth story, but the culmination of a fundamental rearchitecting of enterprise security.
In 1994, "the network is the computer" captured the essence of a computing revolution. In 2025, "Zero Trust Everywhere" may well capture the essence of how we secure that computing environment.
The castle walls are coming down, and what replaces them will define enterprise security for decades to come.
โ
โ
โ
Disclaimer: The views in the post are for for informational purposes only and should not be considered as investment advice. Please contact your RM or Kristal.AI for investment advise.
โ
By
Kristal Investment Desk
March 6, 2025
Liked it? Share it with your friends & colleagues!
We encourage our India investors to use a financial guide. Kristal does not charge any additional fees for investing through them.
In case you already have a guide, we will try to bring them onboard. In case not, we can recommend one of our qualified partners to advise you through the journey.
This is offered only to Accredited and Institutional Investors as defined under the Securities and Futures Act, Chapter 289 of Singapore (โActโ), which broadly comprises of regulated financial Institutions, large corporates, high net worth individuals and sophisticated investors.
An Accredited Investor is an individual
Whose net personal assets exceed in value SGD 2 million (or itโs equivalent in a foreign currency) with value of his/her primary residence capped at SGD 1 million, or
Whose financial assets (net of any related liabilities) exceed in value SGD 1 million (or itโs equivalent in a foreign currency), or
Whose income in the preceding 12 months is not less than SGD 300,000 (or itโs equivalent in a foreign currency)
I agree to opt-in as Accredited Investor and will submit required documentation to confirm the same.
Proceed as Private Wealth
ยซ BACK
Barrier Reverse Convertible (BRCs)
It is a structured product issued at par. In working it is similar to a Reverse Convertible but includes the barrier feature to protect downside to some extent. The underlying can be a basket of shares where the worst performing share may be delivered on expiry at the strike price.
Itโs a structured product which is similar to ELONs, except the underlying can be a basket of stocks. This means that in addition to normal ELON factors, there are additional knock-out, knock-in rules associated with them.
An equity linked note which is issued at par. The payment is made on initiation, by the client, in the form of shares that he/she might already hold and wants to unlock more returns especially during the periods when the stock is not giving any dividends.