Zscaler at Bank of America Conference: Zero Trust Strategy Unveiled

On Thursday, 05 June 2025, Zscaler (NASDAQ:ZS) participated in the Bank of America Global Technology Conference 2025, offering insights into its strategic direction. CEO Jay Chaudhry emphasized the company’s commitment to zero trust architecture while acknowledging challenges in a competitive landscape. Zscaler’s focus on innovation and customer satisfaction was evident, but the potential for price erosion remains a concern.

Key Takeaways

• Zscaler is expanding into data security and AI-driven operations, contributing to significant ARR growth.
• The company differentiates itself from competitors with a comprehensive zero trust approach.
• Strong upsell performance, with over 70% of new ACV driven by existing customer expansion.
• Zscaler’s sales strategy focuses on improving efficiency and account-centric approaches.
• Optimism about future growth in branch and cloud workload security.

Financial Results

• New areas like Data Security and Agentic Operations represent about $1 billion in ARR.
• New logo ACV increased by 40% year over year in the last quarter.
• Data security exceeded $350 million ARR in the previous quarter.
• Net Revenue Retention (NRR) remained flat quarter over quarter.
• Upsell comprised slightly over 70% of the new ACV in the last quarter.

Operational Updates

• Expansion of Zero Trust Exchange to cover users, workloads, devices, and AI agents.
• Announced a B2B collaboration exchange for secure engagement with customers and suppliers.
• Acquisition of Airgap Networks to enhance zero trust capabilities in branch offices.
• Sales productivity has improved with changes in the sales organization.

Future Outlook

• Continued growth expected in core user base and expansion into branch and cloud workload security.
• Bullish on zero trust solutions adoption for branches and workloads.
• Significant upside anticipated in security operations with AI and data analytics integration.
• Scheduled billings expected to stabilize as renewal rates and upsell opportunities strengthen.
• Balance between new logo acquisition and upsell efforts to drive ARR growth.

Q&A Highlights

• Shift from basic connectivity to solving holistic Zero Trust problems.
• Focus on Zero Trust for users, branches, and workloads rather than SASE solutions.
• Emphasis on lightweight agents and cloud-based solutions for endpoint security.
• Customer success stories highlight Zscaler’s value proposition.
• Price erosion countered by focusing on ROI and value delivery.

For further details, readers are encouraged to refer to the full transcript below.

Full transcript - Bank of America Global Technology Conference 2025:

Tal: So I’m happy to host today for keynote Jay Chondri. Here we go. Tomer, you should learn from her also. So as I start with

Jay Chaudhry, Zscaler: all our

Tal: companies, I kind of discuss what investors are asking us about just to set the framework for the discussion. I’ll do it very quick. SASE remains an extremely hot space with very fast growth for most companies. There are new entrants though and the question is two things. Number one, how do you respond to new entrants to the market?

Is there a risk of commoditization? Second thing, is more important is how do you grow beyond your kind of historical market of ZIA ZPA? What are the new areas you’re going after? We started to see, first of all, orders bookings are accelerating, growth is accelerating. We started to see growth outside of the ZIA ZPA.

And these are all the things I’m going to discuss. It’s basically the risks and opportunities in the core business of Zscaler. So with that, I’ll pass it on to Jay first because I know you to go over a few things and then we’ll start our Q and A.

Jay Chaudhry, Zscaler: Great. Tal, thank you for the opportunity. Sometimes it’s a little easier to visually see a few things. I’m not gonna spend a lot of time on slides, but visually you can kind of understand what kind of stuff can be done. Safe Harbor, I’m sure you know it all, so I don’t need to talk much about Safe Harbor.

So as we started in this market, in general, the markets are moving at a much faster pace. Whether it’s adoption of cloud, security, there’s no such thing as what you built five, seven years ago, you’ll compete on the same thing. Things are moving faster, companies who can keep on innovating, handling the next level of issues, they do better. Zero trust used to be the case, now it’s zero trust everywhere. We’ll talk more about that.

Data security has become bigger and bigger and more and more complex issue, especially with AI. And what we call agentic operations, it’s using AI to take advantage of disrupting security operations, even IT operations. Those are new three big areas of opportunities that we are driving. And I think we shared at the earnings call that these new areas are about a billion dollars in ARR for us now. This is how we look at the world moving.

Zero trust, sometimes they get coined as SASE. I personally think SASE is a misleading stuff. SASE is a collection that can allow any vendor to claim anything because they can be part of it. The more they can claim, the more research reports Gartner can sell, right? So from vendors, hear SASE, from customers, you hear zero trust.

That’s really what happens out there. But it is about zero trust exchange communication from any entity, any entity. I’m showing three, four entries at the bottom. It used to be users. Now cloud workloads are important entries.

IOT OT is becoming bigger and bigger. Now AI agents need to communicate securely. That becomes a big thing as well. And it used to be they needed to access SaaS, Internet cloud. Now AI applications, LLN models, securing actually becoming important.

We have been moving pretty, pretty nicely at a great speed using our core competency, zero trust exchange to deliver these solutions. So when competition says, I’m trying to do what Zscaler does, they’re basically saying, I can try to solve the user problem. Okay. The three more entities we need to deal with and that’s what’s done. In order to do that, our Zero Trust Exchange has expanded.

It used to be for internet and private. We recently announced a B2B collaboration exchange with customer suppliers can all engage in a zero trust fashion. And nobody else will talk about that because they aren’t even thinking of it. And being able to have secure access to AI application, LLL models, we expanded our exchange to be able to handle that as well. So you’re seeing Zero Trust everywhere for users, workloads, device in the branches and AI agents.

AI agents are somewhat like users. We are the best party to able to provide secure access to AI agents. Data security is becoming bigger and bigger. Customers do not want five vendors to do data security for them. Policy, it’s hard.

Data protection policies can be very complex. Doing it with one vendor is hard enough. Trying to do three vendors becomes almost impossible. So we are in a position where we are central because we sit in the data path to do DLP. Then the customer starts expanding other areas with Zscaler as well.

So this new area, for the last fifteen years, we’ve had one North Star exchange, the switchboard, who talks to who, they must talk through us. That’s the left side. On the right side is for the first time we are expanding in a new area. We’re calling agent tech operations. This taking all the logs and everything and disrupting security operations area and so the IT operations area.

This is a combination of our internal data, which is our core competency, our security research team that does amazing research combined with Avalara acquisition from last year to give us a data fabric plus Red Canary acquisition we announced to be done. This puts us in a very good position with very disruptive technologies. That’s what we like to do. So without going to detail, we’ll have two main areas under that, exposure management and threat management. I’ll hold the detail later.

Red Canary, sometimes people are confused. They think it’s an MDR company must be doing some managed service. Zscaler is fundamentally a technology company. We acquired them because they had some great agentic AI technology with lots of expertise in that research response. They understand the SOC function very well.

So they will accelerate our essentially ability to get to the most comprehensive solution by a significant amount of time. So it is getting to market faster is what drove this decision for us. And I can skip through some of that stuff. So with that, let’s jump into Q and A.

Tal: Excellent. I have a question on each and every slide here.

Jay Chaudhry, Zscaler: I

Tal: want to start from the bigger picture. When your customers call you. Five years ago, was I have a branch. I don’t want to have solutions in the branch. I don’t want to have appliances.

Give me a service to eliminate it. How is the discussion today? How do we migrate? How customers migrated from a connectivity and security problem to a more holistic Zero Trust problem? Are you still getting phone calls to say, I need a SASE solution or that the discussion is at a different level today?

Jay Chaudhry, Zscaler: Yeah, very different level. Five years ago, the discussion with Zscaler used to be, Oh, I want ZIA or ZPA, or ZDX was brand new at that time. And that discussion shifted was, Those are certain areas. I want to have zero trust access for users no matter where they go and understand their performance. So that’s where it evolved from ZIA, ZPA, ZDX to zero trust for users.

And at that time, five years ago, the branch discussion was my NPL cost is low. I need local internet breakout, but I also need SD WAN at that time. So SD WANs have evolved and grown. They have complemented us, but the customers basically were still worried about SD WAN enabling lateral track movement because the networks are mesh networks. The job of the network is the design feature is once you get on the network, you go anywhere.

It’s like once I’m on the highway, highway is supposed to let me go without hitting any lights. That’s what networks do. And now malware exploits it. Malware does the same thing. So that’s where the next big notion became.

Even in the branch, you shouldn’t be on the network. So we started coming up with the notion of zero trust branch. We have branches like an island. It’s just like your home. You’ve got a broadband connection, things work, you don’t need SD WAN, no route tables, none of this stuff.

We have been advocating that message for the last two, three years. And early on, we gave them a piece of software to do that. They said, I don’t want a piece of software to put on something. I want to be accountable. I want one party to call if I issue the branch.

So we more if we listen to the customers, we offer today plug and play appliance that reduces the need for any box in the branch other than essentially a switch. So this is the very exciting part. Now, Zero Trust branch is one of the very, very sought after solution. What made it even more compelling was the acquisition of a company, Airgap, networking we did. Airgap creates zero trust inside a branch.

What does that mean? In a branch office, take any of your offices. You say you’ve got a hundred people sitting out there. You’re connected to the network. Everyone can talk to everything.

Your infected PC can infect me. Then they’re trying to deploy one more piece of software called NAC, Network Access Control. They start doing virtual lands and all creates overhead. AirGap could do all of that without having to go through complexities. So North South access to the internet plus inside zero trust device segmentation has created tons of demand for us.

Our customers understand that the future is not about firewalls and SD WANs, future is Zero Trust. So now our journey starts, you’re done Zero Trust for users. Now let’s do Zero Trust for branches and Zero Trust for workloads.

Tal: Don’t you need to complete your vision? Don’t you need a position in endpoint, meaning to have a true cloud based endpoint solution?

Jay Chaudhry, Zscaler: You mean to do EDR?

Tal: EDR and EDR today is not just EDR, XDR. EDR today is a lot more look at CrowdStrike, how many modules they have, 30 modules. It goes well beyond EDR, but a position. The question is whether you need a position in endpoints. So we have

Jay Chaudhry, Zscaler: agent deployed in every endpoint. There’s about 55,000,000 of them on PCs, another 20,000,000 on mobile devices out there. Now, if someone thinks that you should put 10 things on the endpoint, they are moving in the wrong direction. When you’ve got millions of things out there, you want them to light test, not put too many things. More things on the endpoint means more configuration, more changes, more updates.

Endpoint should be a light test, cloud should have most of the stuff out there. So our agent does some of the core stuff. We are able to replace four or five agents that are needed out there. Now, CrowdStrike fundamentally it’s an EDR. Sure they can try to do DLP on it, but we do what needs to be done on the endpoint.

Performance management, I need to check on the endpoint, DLP on the endpoint, replacing VPN on the endpoint. We do everything on

Tal: the endpoint other than the core EDR functionality. The question you’re extremely disruptive, meaning companies need to change the way they work. They have firewalls, they have EDRs, they have endpoint protection. That tries. There is some overlap between what the endpoint if they have Sentinel-one or CrowdStrike, there is some overlap between what they’re trying to do.

The question is whether your disruption is not an inhibitor instead of being a promoter, meaning you go to traditional banks or and they tell you we cannot change the way we operate. So what is your view, for example, on the I’ll take it to another level. What’s your view, for example, on the need to have a firewall inside a company and to provide also the traditional methods of companies working in addition to your disruptive way?

Jay Chaudhry, Zscaler: Right. So first of all, yes, our technology, you can call it disruptive, it’s not technology for the sake of technology. We are driven by three biggest benefits customers want. One, cyber, on top of mind. Two, if I talk to the CEO, he wants for business agility.

I want to open a new office in two days in Kuala Lumpur, than two months the way it’s done traditionally. They want things to happen at a faster pace. And three is cost and complexity. There’s a lot of pressure on it. We are able to go and see all the three things.

Now, our sales involve dealing with senior level management. If I go to a person who’s managing firewalls or blue coat boxes, then I’m gonna say, come on, replace me, okay? So that needs to be done first. The second part is we are driven to achieve those goals. Every CIO has pressure on cost.

If they don’t have cost pressure, they could say, I’m going to keep on living with old technology. When I go in and say, if you are spending $100,000,000 on your networking and your security ecosystem, what if I can cut it down to 50? We are actually able to do that and water down to 30,000,000. There are many, many large customers. We have brought down the cost by fifty, sixty, 70 percent.

If we can end, we don’t have to eliminate everything on day one. It takes a little bit of time in IT. So quarter by quarter, we’re able to show them what we can take out, what we can save. Simplification is important. Complexity is the enemy of security.

Complexity is the enemy of resilience, and every enterprise needs both. That’s why I’m racing us now. Are there some number of customers who are late adopters? Yes, those are the ones we are out there. It used to be that early adopters will embrace these good.

Now, with over 45% of Fortune 500 companies embracing us, We are mainstream. In fact, I mean, there’s so many leaders, CXOs, who are buying Zscaler the second time in the second company, third time. It’s very exciting. So we can coexist. It’s not like either Zscaler or something else.

It’s just a matter of time, and phase one will take out this phase two, phase three, and so on and so forth. So if you look at our phases, now zero trust of users is our generally phase one. Branch becomes phase two, workloads become phase three, and so on and so forth.

Tal: How much of a risk you see from newcomers to classic SASE, meaning they don’t have your entire vision and portfolio, but they provide ZIA, ZPA kind of competition?

Jay Chaudhry, Zscaler: It’s kind of competition, but not really. If you look at the expanded people, they talk about more SASE vendors. I mean, one of them started six years ago to say, I can rip SASE’s code. The other remaining firewall companies came along and say, I need to do that too, I can do that too. But good thing for us is that taking the firewall technology is spinning up a virtual machine in the cloud and calling in SASE.

It really doesn’t that’s not zero trust. That’s why the message is generally not zero trust, zero trust. The message is sassy, sassy, sassy out there, and sassy is not zero trust. They’re trying to confuse the customer because they want to stay relevant. They don’t want to get displaced.

Our job is to show the customer the benefits. And the technology is so compelling, works so well that customers are so proud of it. I just came from our annual user conference in Vegas, Internet Live. I mean, so many customers getting on stage talking about the transformation they’ve done for business. Our customers don’t stand up there and say, Hey, I got these rules versus that rules.

They’re all driven by big business benefits. I had a customer on stage, maybe I don’t need to name it publicly, who was brought in to run this company of 150,000 employees, okay, as a CISO. That happened because his company had two breaches within one year, okay? He came and he partnered with us, rolled us out. Literally in the first three months, ZIA, a couple of months, ZPA, and CDX and all, after eighteen months, he got promoted to become the CIO, okay?

A lot of these people are seeing the opportunity to help the company and helping themselves too. It doesn’t happen very often in this space.

Tal: I understand the vision. I share the vision also, but the price difference is big. Meaning if a customer only wants to have SASE, let’s go to the extreme. The published price of Microsoft Intra is a fraction of your price, right? That you need to have E5, you need to have other things, active directory, but what they publish is a fraction of your price.

And I don’t know what is the price of Cisco or Checkpoint, but I know that Fortinet, if you use their cloud, the price is one third of your price. So how do you avoid the issue of price erosion? Because still the majority of your revenues are ZIA, ZPA.

Jay Chaudhry, Zscaler: Right, so first of all, you can look at price or you can look at ROI and the value delivered. We have a pretty good brand where almost every CIO, CISO I talk to, they say, Yes, your solutions are the best. I want to make sure I can get a reasonable price. A question gets asked. And my answer to them is, Great, I want to show you how much money you can save so from an ROI point of view, I can do a better job.

A firewall company could go to a CIO and says, and happens from time to time, Oh, you’re spending $4,000,000 on Zscaler. You’re spending $20,000,000 on firewalls. Why don’t I do this? I give you more firewalls, and for $25,000,000 or $30,000,000 I give you all, all you can eat, ELA. Okay.

And what do we say? This customer, you’re spending $20,000,000 on firewalls. That is becoming like mainframes. That’s a liability. I can bring it down to $7,000,000 and you give me $5,000,000 7 plus $512,000,000 what will you do?

Would you move to a modern platform and zero trust and $12,000,000 or would you pay $30,000,000 or $25,000,000? The math becomes very clear. It’s rare for us to lose a deal on price. The only time I will lose a deal on price is when my salesperson is engaged at some entry level stuff, hasn’t really done proper engagement. Got it.

Yeah.

Tal: If I look at your revenues today, the composition is the majority is still ZIA, ZPA, ZDX. How long does it take for the other new products you highlighted here to dominate numbers, meaning to grow and be meaningful in the numbers?

Jay Chaudhry, Zscaler: So first of all, even ZIA ZPA, whatever they bought, we have an opportunity to take it actually 4x, 5x on the customer base. The number of modules we added is growing exponentially in that space. We announced a number of new products at Xenophly. So we’re not kind of don’t underestimate what the core user base stuff does. And then data protection itself is growing very rapidly.

We have said over 40% growth we had talked about for that. Our branch, the amount of interest in our Zero Trust branch is through the roof. It’s very, very exciting. I have been talking about SD WAN being transitional technology. It takes some time to evangelize.

We have done that. The market is ready to embrace that kind of stuff. Cloud is for workloads, very exciting. We started that journey. It took some time to evangelize because customers say, I never thought about doing zero trust with workloads.

In the first couple of years, the deals we got from customers, they were intrigued. They said, I want to start small and get comfortable with it. No, we need to do bigger deals. I think if you look at five years ago, four years ago, investors will ask, You are a ZIA company. Can you go cross platform?

Will ZPA become real? Will ZDS become real? My answer used to be, I believe that it’s a matter of time that every customer will have ZIA, ZPA, ZDX for all users. We are there every new deal. I shouldn’t say every because deals chain.

The largest number of deals we do today, new deals, are for all three things together. Our upsell essentially takes you from if you’re doing ZI, it takes you to Zscaler users. I can tell you sitting here today, it’s a matter of time every customer using Zscaler for users will become branch and cloud workload user as well because the story is so compelling. It’s so simple. It’s so logical.

So we are very bullish. And then the totally new upside is security operations. You

Tal: and I spoke after you reported the results and I asked you a question and I’ll ask it again. The story of Zscaler is expansion. You’re expanding into many new areas, but your NRR was flat, slightly down, let’s say flat quarter over quarter. What is the right way to measure your success when it comes to upsell and cross sell?

Jay Chaudhry, Zscaler: Yes, it’s a good question. We look at new business coming in as new logo and upsell. That’s the number one thing we track. We do share with you guys, too. We don’t like NRR because it doesn’t represent what we want to do.

If I were a company, sales here, new customer upsell, I start with selling 50 users for application developers, then I go to 100, I go to 150, that type of stuff. Then my NRR will be very good. I want to start, I want to sell every user, ZI always start with everyone. All user want to be sold upfront and the customers are buying bigger and bigger platform upfront because we show cost savings of that. So the bigger the platform I sell upfront, lower my NRR.

And if I can upsell within four quarters, it doesn’t get picked up in NRR. So those two things kind of misrepresent NRR. I talked to my CFO a few times, Why don’t we stop talking about NRR? The answer was, well, many times people look for it. It’s kind of one of those things.

I wish we don’t even spend time on it. Upsell versus new logo is the way to answer. We also tell you new logos. Our new logo ACV went up 40% last quarter, year over year, pretty remarkable. As the base grows bigger and bigger, we are getting more and more upsell.

Think of this way, this last quarter, combination of business that we got, new ACV, slightly over 70% was upsell. We are getting a lot of upsell. In fact, right now I’m thinking, well, upsell is easier. I want to do some really programs to push for new logos as well because generally we have kind of left. It’s okay.

You bring ACV from new versus upsell. Both are big opportunities for us, And I see opportunity in both areas.

Tal: Yeah. I want to ask about products to ask about data and AI, but I want to cover first a few things on the business and then go back to the products as time permits. You made changes, enhancements of your sales organization last year. Give us an update on sales efficiency and productivity and where things are today.

Jay Chaudhry, Zscaler: Yeah, went through a fairly significant change. You know, in life, in everything, in business or technology, you tweak things, you incrementally improve things all the time. When every act’s there, you need to do some step function, bigger changes, otherwise things don’t evolve. You see that in technology, in business too. The way you run business, dollars 200,000,000 business with go to market is very different than you run a $2,000,000,000 business.

When we went public, we’re sitting at whatever $500,000,000 ARR. At that time, I knew I had to make a change in my go to market organization because it was not quite structured and methodical. Soon after IPO, I brought in a new CRO. The journey started, took us to 2,000,000,000. I could see the change that are needed.

Our team was pretty opportunistic, transactional because the world was wide open. Let’s try this customer, this customer, this customer, which is great. Then large customers start to say, I need account focused people who work with me, stay with me, understand it. So we made the move. That’s when we brought the best CRO we could find out there.

The gentleman who ran Service Knows All America’s Business, about 70% revenue. He moved on a journey to go through transition. We needed to bring leaders who were account focused, next sales reps on the process, methodology and all. The transition is complete. We’ve done a great job.

Sales productivity is up. We went through a bunch of attrition in the early stage that’s expected. It has gotten better. So we are excited and looking forward to a great fiscal twenty six.

Tal: And another thing that happened last quarter was your unscheduled bidding was schedule to schedule. It’s according to schedule. But the unscheduled grew very nicely. It grew 28%. The quarter before was 20%.

So we see acceleration. What is driving this acceleration in unscheduled biddings? So

Jay Chaudhry, Zscaler: if you look at unscheduled billings

Tal: Maybe to explain what it is first, Jasvil.

Jay Chaudhry, Zscaler: In fact, going forward, we don’t even want to talk about scheduled and unscheduled. We start talking about it because of historical reasons. There are some areas where our scheduled billings are low in the first half and second was very high. Rightfully investors are saying, something is wrong. How are you going to go up to these big numbers?

So scheduled is already due to be paid by the customer by contract. There’s nothing wrong. It gets billed and collected. Unscheduled comes from two areas. One is the renewal.

It’s unscheduled because renewal needs to be renewed. There’s a condition involved. Our renewal rates have been very, very high. For us, the renewal is kind of scheduled, okay? Because if I lose a customer, I screwed up somewhere.

It shouldn’t be happening, okay? And then the new business is the more unknown part of it. And that’s where either we upsell or we get new customers. If you look at it, our number one job is to make sure customers are happy. Happy customer renew, that’s good, but happy customer also buy more.

Our upsell was pretty strong and new logo was very strong as well. And that’s what we measure. I think the number one job of the sales team is make sure they’re able to do both. A new ACV is good and you’re seeing the ARR we are talking about will start giving you indication of how well we are doing in growing the core ARR business. And we feel bullish about it.

Tal: Got it. I want to go back to products and talk about data. I mean, it’s not new, but it’s relatively new activity for the company. Can you explain, first explain the problem before you explain the solution? What is the problem?

Why is it such an important area for you and what is the opportunity there?

Jay Chaudhry, Zscaler: People talk about network security, such a big market out there. It’s actually a silly concept. Network security means I’m going to secure the network. What is about securing the network? The packets are flowing and the packets are encrypted.

It’s an old school concept that said, if I control my network and my things hang on it, let me try to secure the network. It’s like securing a building or campus from outside. Once you’re in, you’re in. It’s not about network security. We don’t do network security, firewalls do network security.

We secure the data. The only thing that matters is data security. Data is sitting at some places. So starting fifteen, twenty years ago, there’s a notion called DLP, Data Loss Prevention. Where does data loss happen to?

Internet. If Zscaler is sitting as a gateway to the Internet, the ZIA, we are the best party to make sure nothing good leaks through the Internet. Fundamentally, ZIA does two things. Nothing bad should come in, nothing good should leak out. Our customers started out with cyber protection, nothing bad should come in.

That’s what ZI did first. It’s easy to implement. DLP takes a little bit more work. You need to classify what’s confidential, what’s not confidential. Once they do it, then we are setting the place to take care of that.

A couple of companies have done a good job in this area historically. Symantec had a company called Vontu, McAfee had some offerings and WebSense. Forcepoint had some offerings there. We have been replacing those solutions and giving them inline data protection. But data is no longer sitting in your data center.

A of data is sitting in SaaS application. So you build solution for that. A lot of data is sitting on the endpoint. You have to build endpoint solution for that. Now more and more data is sitting in the cloud.

Maybe it’s sitting in S3 bucket. Maybe it’s sitting in Snowflake. They need to be secured as well. And now more and more data is sitting in your AI models, large language models that can be stolen or queried. So about six, seven years ago, when we met a number of CISOs, they said, we are finding it so hard to DLP on just the data center.

Imagine trying to work with five vendors to do all the five solutions. You guys should invest. So we invested, but in classification of data and one set of policy that can secure data at any of the channel, at any of the source. That’s what’s driving our growth. That sets us apart.

No firewall company will come close to it because to really do inspection in line, you need to be a proxy. Firewalls are not proxy. Proxy says, here’s our attachment. I’m going open it. I’m to do X, Y, Z with it.

And then I’ll connect. Firewalls don’t work that way. So we’re in a pretty good position. We had announced at the end of last quarter or Q2 that we had exceeded about $350,000,000 ARR in data security. We’ll give you numbers at the end of this quarter as well, but we see it as a big opportunity.

So we built a solution not to go to market. We have created a special takeoff team for data protection. It needs a bit specialization. So they leverage our broad general sales team combined with these specialists to drive sales. And customers are very happy with the results.

And then AIML is further fueling the growth, further fueling the need for it.

Tal: Is data protection a single product, meaning many, many features, etcetera, but it’s a single product or customers also have a menu they can choose from? How does it work?

Jay Chaudhry, Zscaler: Yeah, there are hundreds of features. They’re packaged in eight modules And customers can pick three or five or eight to start with. They can pick and choose. In fact, some of these things took us to create something we call Z Flex, flexible pricing. In the past, they would say, these eight modules, I like them, but I can only afford four.

And they had to pick four. Then they would say, I really would rather my priority has changed. I want this. So Z Flex allows you to do three things. One, you can pick eight or six and say, but I won’t use these for one year because I won’t be able to get to it.

I want to use these four for year one and these three in year two. That’s kind of giving them flexibility to adopt with meaning, with logical pricing. Number two, I want to be able to switch something. I bought A, I want to swap it with B. It allows you to give you the flexibility to swap.

Number three, I may want two more. This pre agreed upon pricing or adding more without going to negotiation and procurement. So it’s a pretty nice model. Some of the questions we got from analysts and investors who kind of said, other vendors have different kind of flexible pricing. What I learned was they would say, we’re to do a $20,000,000 deal.

During a four year term, you have no obligations. By the end of the fourth year, you must consume 20,000,000. Man, as a CFO, how would I tell the street what is going on? It’s very hard. We don’t want to go all the way there.

We want to give you flexibility, but we also want customers’ commitment too. Anything that gets sold as a big blob never happens. If you really have plans and things to make it happen, things happen and that’s what we like. And

Tal: is data sold on its own, meaning you go to ZIA, ZPA, VDX customers and you tell them, hey, I have this is an upsell. I have something. Or can you have a situation where the customer is only a customer for data protection? They’re not even a customer for ZIA, ZPA. What’s I understand maybe the theory, but what’s the practice?

What’s happening in reality?

Jay Chaudhry, Zscaler: Overall, theta-eight data protection modules, you can have three or four greenfield, no ZIA ZPA needed. But in general, remember I said all bad things come from the internet, all good things leak to the internet. ZIA is central to make sure nothing leaks to the internet. So with a few exceptions, most of the customers who do data protection. It’s an upsell.

It’s an upsell. Got it. Or many, many times, it is part of the initial bundle. Great.

Tal: So we only have eight seconds left and I’m not gonna open the lines for Q and A, unfortunately, because we don’t have time. But I wanna tell you something. I’ve been doing it for twenty five, twenty seven years. I have questions in my pocket. I didn’t use them because I knew that with you, I can just go with a conversation because it’s going to flow.

So thank you very much for your candor and openness.

Jay Chaudhry, Zscaler: Thank you. We appreciate it. Thank you for your trust and confidence in us. We’ll keep on delighting our customers and winning more business.

Tal: Great. Thank you.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.