by admin in
Zscaler is ISO27001 certified and offers 99.999% uptime guarantees, as well as additional SLAs for latency and security. The Zscaler Cloud Security platform enables large-scale SSL inspection without latency, allowing you to inspect all traffic, whether users are on the network or not. By combining SSL inspection with Zscaler`s comprehensive security stack as a cloud service, you get enhanced protection without appliance inspection limitations. Quarterly Latency Report Business Review (QBR) provided by Zscaler An SLA is a contractual agreement between a service provider and a customer that defines service level, responsibilities, and priorities. An SLA also provides guarantees regarding availability, performance, and other service metrics. 3. Focus on proxy transaction latency versus firewall packet latency If you read our SLAs carefully, you`ll find that Zscaler offers an innovative agreement based on the percentage of transactions lost due to downtime or slowness, rather than the percentage of time the service was unavailable. This user-friendly SLA closely aligns with the actual business impact of downtime and even offers credits if the service is 100% available, but the customer experiences a slowdown due to unexpected traffic jams. Since we`re talking about proxy latency, I`m going to keep this relatively short, but it`s important to understand the fundamental difference.
Packet latency is a measure of how long it takes for a physical or virtual firewall appliance to process request packets (input-output time), but this metric is incorrect. Measuring request processing time is only a fraction of total transaction latency, and the most critical aspect of latency is overlooked when retrieving information. By nature, most web traffic consists of GET with small payloads but large responses. This is a serious misconception about how latency should be measured in our web-centric world. Service Level Agreements (SLAs) – in the context of this blog – are an expression of a cloud security provider`s confidence in its ability to provide a service with integrated, scalable, and powerful security. SLAs have become more common as SaaS solutions have become more popular and have provided organizations with assurance about their service levels, such as performance and availability across a large pool of shared resources. Although SLAs are usually the focus of attorneys` concerns, all parties involved in a purchase decision should include a supplier`s SLA at: 4.1.1 Zscaler. All right and title to the Products, Zscaler Materials and Documentation, including all related intellectual property rights, belongs exclusively to Zscaler and its licensors. ZSCALER is a registered trademark or trademark of Zscaler, Inc. and/or its affiliates in the United States and/or other countries. Zscaler documentation, products, and materials are protected by patents in the United States and elsewhere in www.zscaler.com/patents.
No rights are granted to customer except as expressly set forth in this Agreement. Proxy latency is a Layer 7 metric that reflects the additional time (in milliseconds) introduced by the proxy to parse the HTTP/S request, as well as the additional time to parse the HTTP/S response. In the diagram above, the proxy latency is Xms (request) + Yms (response). As a Layer 7 proxy, Zscaler runs many security and privacy engines for the request header/payload and the response header/payload, so it`s important to capture both sides. Zscaler Web Insights Log Viewer with transaction-level proxy latency transparency A proxy latency SLA should not exclude the additional time introduced by its engines. Proof of this is in pudding – trust, but check all the latency claims from your cloud security provider. Multi-tenancy enables the Zscaler cloud architecture to protect users wherever they go because it allows policies to track users. It also provides the scale required to provide multiple security services without latency. Perhaps most importantly, pooling boosts cloud intelligence, which means that when a threat is detected to one of the Zscaler cloud`s 15 million users, protection is immediately spread to the 15 million users. Find out more.
Unfortunately, other providers are known for their creative fine print for SLA exclusions that negate the purpose of the SLA. Make sure you understand exactly what a provider excludes, how it calculates its latency, and that it doesn`t sound too good to be true. Moving packages from one page to another without doing any work is “easy.” Be careful when providers offer latency figures that sound too good to be true. In fact, if Zscaler wanted to offer an SLA without DLP threat or analysis, we could offer a 25ms and 5ms deal for the 95th percentile for decrypted HTTPS transactions and for plain text HTTP transactions respectively – 2 times better than other providers, but we think this is not a relevant metric and is very misleading to our customers. Due to the inability or reluctance to create transparency, a well-known CASB provider was forced to use sneaky tactics to hide latency issues behind an hourly average. Since they cannot register at the transaction level, the average would be artificially distorted downwards during hours of high variability. When optimizing the user experience, you need to consider both network latency and proxy latency. Optimizing network latency is a topic for another blog, but in short, network latency is the time between the client and Zscaler plus the time between Zscaler and the server. .