Brought to you by:
Enterprise Strategy Group  |  Getting to the Bigger Truth™


Analyzing The Economic Benefits Of The Zscaler Zero Trust Exchange

By Nathan McAfee, Economic Validation Analyst

Executive Summary

Network security is a cornerstone of any organizational plan, but the threat landscape is changing faster than today’s architecture and point product security solutions built on firewalls and VPNs can protect. The accelerated rate at which data sources, types, destinations, and risks is growing at a speed that far outpaces the capabilities of most security teams. COVID-19 has accelerated this evolution, changing the rules concerning where data needs to be accessed, and on which type of devices. Massive numbers of employees are working remotely, often using devices that were never intended to touch a corporate network. Further complicating this scenario is the fact that networks and data are endlessly under attack by sophisticated criminals with the intent of stealing intellectual property and hijacking systems causing reputational damage and financial harm with attacks like ransomware.
The concept of zero trust security seems like a perfect solution—treat every asset and data transaction as if it were a threat and verify it before it is exposed to corporate assets. However, the task of effectively implementing zero trust initially appears far beyond the capabilities of most IT organizations. ESG research shows that 94% of companies interviewed said zero trust is a strategic initiative for them, 66% said zero trust is complex, and 70% of those surveyed said it is expensive to implement.
Zscaler has solved this conundrum with the cloud-native Zero Trust Exchange by protecting users, data, and apps wherever they are located, and on whatever device they may be using. ESG evaluated the economic impact of Zscaler’s zero trust solution and found that a sample company of 5,000 employees can realize $4.1 million in annual benefits while seeing a dramatic improvement in overall security posture.


This ESG Economic Validation focused on the quantitative and qualitative benefits organizations can expect from adopting Zscaler’s Zero Trust Exchange for their security needs. To verify this analysis, ESG created a model that considered typical cost categories including physical hardware, bandwidth, and administrative costs, as well as benefit categories that included improved security posture, end-user impact, and business enablement.


The challenges of securing a corporate network environment increase in complexity with each introduction of every new method used to create, store, and use corporate resources. As cloud and hybrid environments become the norm, the goal of network security often seems diametrically opposed to enabling business goals. Employees are working from thousands of locations, and on devices that may have never touched a corporate network while using a wide variety of bandwidth pipelines. To secure this traffic, the concept of zero trust is often the end vision. Zero trust is a strategy and architecture where everything that exists inside and outside of an organization’s boundaries possesses no level of trust and, therefore, must be verified before being accessed or transmitted.
Figure 1. Organizations See the Value of Zero Trust but are Challenged to Implement

Please select a response that best reflects your opinion toward each of the following statements pertaining to zero trust. (Percent of respondents, N=46)

Source: Enterprise Strategy Group

While zero trust seems like a reasonable solution to the challenge of ever-expanding areas of cyber risk, correctly implementing it is daunting and often beyond the technical or budgetary capabilities of most organizations. In a recent research study when ESG asked participants for their opinions pertaining to zero trust, 96% said that zero trust was an on-going strategic initiative, 66% said that it was complex to implement from a technology perspective, and 70% cited that it was expensive for their organization to implement (see Figure 1). The need for a strategy like zero trust is clear but the challenges in effectively implementing zero trust are somewhat overwhelming. Organizations that rely on networking outside their technology perimeter would benefit from an enterprise-class solution that makes zero trust easy and automatic.

The Solution: The Zscaler Zero Trust Exchange

The Zscaler Zero Trust Exchange is a cloud-native platform that enables fast, secure connections that facilitate using the internet as an organization’s corporate network. With a global presence of more than 150 data centers, the Zscaler Zero Trust Exchange provides secure internet and application access that uses the shortest path between users and resources, offering industry-leading security and an exceptional user experience. The Zscaler Zero Trust Exchange consists of a collection of integrated services (as shown in Figure 2).
Figure 2. The Zscaler Zero Trust Exchange
The Zscaler Zero Trust Exchange eliminates the attack surface by keeping applications protected, preventing discovery of assets by targeted attacks.

ESG Economic Validation

ESG completed a quantitative economic analysis of the Zscaler Zero Trust Exchange. The focus of this analysis was to uncover and quantify the benefits that organizations can expect when adopting the Zscaler platform.
ESG’s Economic Validation process is a proven method for understanding, validating, quantifying, and modeling the economic value propositions of a product or solution. The process leverages ESG’s core competencies in market and industry analysis, forward-looking research, and technical/economic validation. ESG conducted in-depth interviews with end-users to better understand and quantify how Zscaler has impacted their organizations, particularly in comparison with previously deployed and/or experienced solutions. The qualitative and quantitative findings were used as the basis for a simple economic model comparing the expected costs of the Zscaler Zero Trust Exchange to traditional appliance-based network security.

Zscaler Zero Trust Exchange Economic Overview

ESG’s economic analysis revealed that organizations utilizing the Zscaler Zero Trust Exchange realized significant savings and benefits when compared to traditional network security environments. ESG found that the savings and benefits can be categorized into the following categories:
• Technology Cost Optimization – Zscaler’s cloud-based approach eliminates most of the appliances traditionally associated with security and reduces MPLS/bandwidth requirements.
• Improved Operational Efficiency – The elimination of security appliances combined with Zscaler’s ease of use dramatically reduces the number of hours needed to deploy and manage network security.
• Improved User Experience – Users in a Zscaler environment realize the elimination of wait time from latency associated with networked applications and data.
• Enhanced Security Posture – Zscaler customers report a substantial reduction in virus, ransomware, and data breach occurrences when compared to traditional network security.
• Increased Business Agility – The ease of quickly bringing up assets to the required security posture opens opportunities to expand the business, which may not have existed when using traditional network security.
• Green Sustainability/Reduced Carbon Footprint – Eliminating appliances reduces energy consumption and electronic waste.

Technology Cost Optimization

Zscaler’s cloud-based approach to network security eliminates the majority of appliances associated with network security and much of the MPLS bandwidth needed to support access to applications and data. ESG found that the Zscaler Zero Trust Exchange provided customers with:
• Reduced cost of security appliances – The need for multiple security appliances protecting each location is reduced by up to 90% for Zscaler customers. While the cost of security appliances varies widely, this 90% reduction results in substantial cost savings.
• Reduced bandwidth costs – Bandwidth costs are reduced for Zscaler organizations in two main ways: by shifting from MPLS to internet bandwidth and the use of express routing. Many companies understand the potential benefits of adopting SD-WAN but are not confident they can properly secure an SD-WAN and assets. Zscaler makes securing SD-WAN achievable, which enables companies to recognize savings of internet bandwidth.
“I was expecting Zscaler to eliminate most of the cost of hardware appliances. I was not expecting to see how much time this freed up for our security team. Without appliances to monitor, maintain, and update, they could spend time on much more strategic initiatives.”
Zscaler ensures that network traffic always takes the optimal path, eliminating many of the hops that increase demand for bandwidth capacity while reducing latency-related delays for the end-user. The elimination of VPNs also removes the requirement of routing traffic to a specific location so that the user is directly connected using the shortest path to the needed resource.

Improved Operational Efficiency

With the elimination of up to 90% of appliances, the need for installation, maintenance, monitoring, and updating hardware is dramatically reduced with Zscaler. The reduction in malware, phishing, and virus incidents that Zscaler Zero Trust customers report is typically 60-80% lower when using traditional network security methods. This results in security full-time employee (FTE) savings by reducing the need to re-image machines and eliminating end-user downtime. As shown in Figure 3, Zscaler Zero Trust Exchange frees up an average of 74% of security FTEs’ time when compared to traditional network security, allowing security FTEs to work on more value-added, strategic tasks.
“Our security teams spent quite a bit of time planning for, locating, and trying to understand incidents. With Zscaler Zero Trust Exchange, we have seen a huge drop in incidents, and the ones that do exist are fixed much quicker than before we adopted Zscaler.”
Figure 3. Zscaler Zero Trust Exchange Frees up Security FTEs to Work on More Strategic Tasks

Improved User Experience

Time spent waiting for connections to data or applications can be frustrating, especially for information workers who are dependent on consistent access to remote information throughout the day. In studying typical Zscaler customers, ESG estimates that the average information worker spends 9 stagnant minutes per day waiting for remote information to be made accessible. This number is reduced to under 3 minutes per day with Zscaler Zero Trust Exchange. While 6 minutes recovered per day does not seem to be impactful, when extrapolated across a company with 5,000 employees, this results in over $5.2 million of potential recovered productivity annually.
The ability to securely work anywhere, on any device, is empowering to workers. The elimination of VPNs reduces frustration for both the user and the technical support teams. The availability of data and applications worldwide is critical for success when user requirements change at an accelerated pace.

Why This Matters

COVID-19 has forced organizations to rapidly change to support a remote workforce. Companies that effectively implement a true zero- trust infrastructure have a distinct advantage when the needs of users change faster than planned.

Enhanced Security Posture

Security is the core of Zscaler’s Zero Trust Exchange. ESG estimates that companies that transition from traditional appliance-based security to Zscaler can expect to see a 65% reduction in virus and malware occurrences, an 85% reduction in successful ransomware attacks, and a 27% reduction in the likelihood of an unintentional data breach.
Reduction in Virus and Malware Occurences
Reduction in Successful Ransomware Attacks
Reduction in Unintentional Data Breaches
Security is the core of Zscaler’s Zero Trust Exchange. ESG estimates that companies that transition from traditional appliance-based security to Zscaler can expect to see a 65% reduction in virus and malware occurrences, an 85% reduction in successful ransomware attacks, and a 27% reduction in the likelihood of an unintentional data breach.
“Zscaler provides quite a few operational and user experience benefits, but without rock solid security nothing else would matter. Companies that adopt Zscaler Zero Trust Exchange see their occurrences of malware, ransomware, viruses, and data breaches reduce dramatically.”

Increased Business Agility

The ability to quickly expand (or contract) operations is a strategic benefit that allows companies to quickly adjust to changing business needs. Zscaler enables companies to rapidly introduce new teams and entities to the required security posture, allowing them to generate revenue faster than would have been possible using traditional security methods.
The “number of locations” metric is one that is ever changing. With the dramatic shift away from working in central offices, many companies are finding their traditional security is not capable of the rapid change required to support and protect employees working from home. While ESG used 34 as the number of locations for this modeled scenario, we found that Zscaler was uniquely capable of rapidly shifting to protect thousands of workers operating outside of the traditional office.

ESG Analysis

ESG leveraged the information collected through vendor-provided material, public and industry knowledge of economics and technologies, and the results of customer interviews to create a three-year financial model that compares the costs and benefits of Zscaler’s Zero Trust Exchange.
The modeled company ESG used for this scenario is as follows:
  • Number of employees – 5,000
  • Number of managed devices – 8,000
  • Number of locations – 34
  • Annual revenue - $900,000,000 USD
  • Number of security appliances (as-is state) – 200

ESG found the quantifiable benefits to fit in five categories:

Benefit Area Annual Benefit 3-Year Benefit
Security Profile $346,860 $1,040,580
Operational Efficiency $172,380 $517,140
Technology Costs $676,000 $2,028,000
End-user Impact $2,881,667 $8,645,000
Business Enablement $92,500 $277,500
Total Benefit $4,169,407 $12,508,220
Cost of Zscaler $3,000,000 $9,000,000
ROI 139% 139%
While ESG’s models are built in good faith and based on conservative, credible, and validated assumptions, no single modeled scenario could ever represent every potential environment. ESG recommends that every organization perform its own assessment and analysis of publicly available cloud storage services based on its own requirements to understand the savings Zscaler Zero Trust Exchange can provide.

The Bigger Truth

Security is one of the core tenets that every organization must have as a foundational piece of their operational strategy. However, with rapidly changing threats attacking a greater number of surfaces, and with increased sophistication, many companies forgo business opportunities to limit risk. With the recent changes in work environments due to COVID-19, the traditional office has been replaced with employees working from thousands of locations, and on devices that may have never touched a corporate network, while using a wide variety of bandwidth pipelines. Securing this traffic presents a challenge that few have been able to master.
The concept of zero trust seems to be built for the challenges described above, but the struggle to reach a true state of zero trust is beyond the technical or budgetary capabilities of most IT organizations.
Zscaler’s Zero Trust Exchange addresses these challenges with a solution that is built on a rock-solid security platform that allows IT organizations to shift focus from providing basic security to working with business units to provide secure and fast access to people, locations, applications, and data throughout the world. Zscaler operates more than 150 data centers worldwide and ensures user data takes the shortest path to the destination that provides an enhanced user experience while ensuring a consistent security posture.
Through interviews with Zscaler customers, along with a thorough review of existing case studies and financial models, ESG validated the value customers can realize with Zscaler Zero Trust Exchange. In addition to enhancing the overall security of an organization, ESG’s modeled scenario shows that a company with 5,000 users can realize a $4.1 million annual benefit while recognizing a 139% ROI when compared to traditional appliance-based network security.
The value of a zero trust environment is clear, but it is a challenge that few companies feel like they can implement it successfully. Zscaler has built a reputation for offering industry-leading cloud-based security at a much lower cost when compared with traditional on-premises security. With the introduction of the Zero Trust Exchange, the barrier to zero trust has been virtually eliminated. ESG recommends that companies exploring the possibility of incorporating zero trust consider Zscaler’s solution.

This ESG Economic Validation was commissioned by Zscaler and is distributed under license from ESG.

All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

Enterprise Strategy Group | Getting to the Bigger Truth™

Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.