Zscaler, Inc.
CorpDigest
Zscaler, Inc.
Business Model Analysis
Annual Revenue: $2.67B
Last reviewed: 2025-07-15 · By Swet Parvadiya
The platform now processes over 500 billion transactions daily, extracting over 300 trillion signals and detecting and blocking 100 million threats, feeding machine learning models that power real-time threat detection, data loss prevention, and zero trust segmentation. Zscaler generates nearly 100% of its $2.673 billion in fiscal year 2025 revenue from subscription services, with customers paying recurring fees for access to the Zscaler Zero Trust Exchange platform. The subscription model is the engine of the business: customers sign multi-year contracts for cloud-delivered security services, paying recurring fees that create predictable revenue streams and a $2.468 billion deferred revenue balance as of July 31, 2025. The company's gross retention remains high, indicating that few subscription dollars are lost to churn annually — a figure that reflects both product stickiness and the high switching costs associated with migrating security policies and traffic flows from a unified cloud platform. The AI monetization strategy is emerging: Zscaler AI Protect and AI Guardrails are included in existing subscription tiers, but the Red Canary acquisition creates opportunities for managed security services revenue. Fortinet's hardware heritage creates skepticism among cloud-first buyers, but its pricing pressure is real. Netskope and Skyhigh Security (formerly McAfee Enterprise) compete in cloud access security broker (CASB) and data loss prevention segments. If AI becomes table stakes rather than a differentiator, Zscaler's premium pricing — justified by its cloud-native architecture and scale — could come under pressure. The company can use its massive data processing capabilities to offer threat hunting, incident response, and continuous monitoring services that generate recurring revenue beyond software subscriptions. If AI becomes commoditized, Zscaler's premium pricing could come under pressure.
This land-and-expand strategy is evidenced by the company's dollar-based net retention rate, which has historically been strong though moderating from 125% during the COVID-19 period to approximately 114% in recent quarters. This margin expansion comes from operating leverage as the fixed costs of platform development and data center infrastructure are spread across a growing customer base. The company's customer growth has decelerated from 24% in 2021 to approximately 12% in 2024, reflecting market maturation and competitive pressure. The international opportunity is substantial: while the U.S. Remains the primary market, EMEA and APAC are growing as the company invests in regional data centers, localization, and partner capacity. The SLED (state, local, and education) and healthcare verticals represent growing strengths, with the company achieving U.S. Department of Defense CMMC Level 2 certification and becoming the first ISV to earn AWS ISV Competencies in Healthcare, Education, and Government. Zscaler operates in the cloud security market, specifically in the Secure Access Service Edge (SASE) and Security Service Edge (SSE) segments, which are valued at approximately $15 – 20 billion globally and growing at a compound annual growth rate of 15 – 20% as organizations accelerate migration from on-premise firewalls and VPNs to cloud-native security platforms. This margin expansion demonstrates the operating leverage inherent in the cloud security model as fixed infrastructure costs are spread across a growing revenue base. The price-to-sales ratio of approximately 8 – 10x and enterprise value-to-revenue ratio reflect the market's premium valuation of Zscaler's growth and recurring revenue model, while the forward P/E on a non-GAAP basis suggests expectations of significant earnings growth as margins expand. While Zscaler has launched AI Protect, AI Guardrails, and acquired Red Canary for AI-powered security operations, competitors are investing comparably in AI capabilities. Zscaler's growth strategy rests on four pillars: AI-powered security innovation, platform expansion through acquisitions, international market penetration, and managed security services monetization. While North America generates the majority of revenue, EMEA and APAC are growing as the company invests in regional data centers for data sovereignty compliance, localization, and expanded partner capacity. The land-and-expand strategy remains central: new customers typically start with ZIA for internet security, then add ZPA for private application access, ZDX for digital experience monitoring, and AI Protect for AI workload security. The dollar-based net retention rate, while moderating, remains above 100%, indicating that existing customers expand their spending over time. The company's customer count growth has decelerated, suggesting that the strategy must shift from new logo acquisition to deeper penetration within existing accounts and upsell of new modules. The M&A strategy is selective and capability-focused, with acquisitions typically in the tens to hundreds of millions of dollars range — small relative to the company's cash position but adding critical capabilities that would take years to build internally. This bet is already materializing: the August 2025 acquisition of Red Canary adds managed detection and response capabilities that, when combined with Zscaler's 500 billion daily transactions, create what management describes as the 'AI-powered SOC of the future.' The company is investing aggressively in AI security capabilities, including Zscaler AI Protect for securing generative AI workloads, AI Guardrails for enforcing policies on AI applications, and agentic AI for autonomous threat response. The financial outlook is guided by revenue growth of approximately 22 – 23% and non-GAAP operating margin expansion toward 22 – 23%. The international expansion is a priority, with EMEA and APAC growing as the company invests in regional data centers, localization, and partner capacity. The long-term vision is a platform where AI agents autonomously detect, investigate, and respond to threats across the entire attack surface — from user access to cloud workloads to AI applications — with human analysts focused on strategic decisions rather than alert triage. The hours were long and the strain on the family was difficult, but in 1998, SecureIT was acquired by VeriSign.
Zscaler generates revenue primarily through multi-year subscription contracts for its Zero Trust Exchange platform, billed per user per year with pricing varying by the set of services bundled into the customer's license. The two foundational products are Zscaler Internet Access, which inspects internet and software-as-a-service traffic, and Zscaler Private Access, which replaces virtual private networks for access to internal applications. Both are priced per user per year, with list pricing in the range of $40 to $80 per user per year for entry tiers and rising to several hundred dollars per user per year for the most comprehensive bundles. Zscaler organizes its packages into editions including Business, Transformation and ZIA Advanced Plus, each layering additional capabilities like inline data loss prevention, cloud access security broker, browser isolation, and advanced threat protection. More recent additions include Zscaler Digital Experience, Posture Control for cloud workload protection, Data Protection, Risk360 and Zscaler ITDR. The customer's total contract value typically grows over time as new capabilities are added rather than per-seat expansion alone. Subscription revenue made up approximately 98% of total revenue in fiscal 2024, with professional services as a small remainder. Net retention has consistently exceeded 115%, reflecting expansion within existing accounts as a primary growth engine.
Zscaler serves more than 7,700 customers as of fiscal 2024, including more than 40% of the Forbes Global 2000 and 35 of the Fortune 100. Publicly referenced customers span virtually every industry. Microsoft is a flagship customer that deployed Zscaler Internet Access to more than 200,000 employees and contractors. Siemens migrated its entire 400,000 workforce onto the Zero Trust Exchange beginning in 2018 in one of the largest zero trust deployments to date. Schneider Electric, NOV, GE, Sanofi, Pfizer, AstraZeneca, Cigna, Unilever, BP and the U.S. federal government are among additional named customers. Customer concentration is moderate, with the largest customer representing less than 10% of revenue and the top 10 customers collectively under 25%. Customers paying more than $100,000 in annual recurring revenue reached more than 3,000 in fiscal 2024, while customers above $1 million in annual recurring revenue exceeded 540, growing more than 25% year over year. The U.S. federal government has emerged as a strategic growth vector following FedRAMP High authorization, with Zscaler securing federal agency wins under the Cybersecurity and Infrastructure Security Agency Zero Trust mandate that flowed from the May 2021 Biden administration executive order on cybersecurity.
Zscaler reported a non-GAAP gross margin of 81.4% in fiscal 2024, among the highest in the cybersecurity software industry and notably higher than peer cloud-delivered security vendors. The gross margin reflects three structural advantages. First, Zscaler owns and operates its own global data center footprint at more than 160 locations rather than running primarily on hyperscale public cloud, allowing it to optimize hardware costs and software efficiency for inline traffic inspection at scale. Second, the multi-tenant architecture creates leverage as customer growth amortizes fixed infrastructure cost across more traffic, lowering marginal cost per gigabit inspected. Third, the deeply software-driven inspection stack, including more than 200 patents, allows Zscaler to deploy more capability on the same hardware footprint over time. Operating margin on a non-GAAP basis reached 21.7% in fiscal 2024, up from 12.7% a year earlier, reflecting accelerating operating leverage. GAAP operating margin remained negative due to substantial stock-based compensation, a feature shared across high-growth security peers. Free cash flow reached $585 million in fiscal 2024, a 22% free cash flow margin, with management guiding to continued expansion. The combination of high gross margin, expanding operating margin and strong cash generation has supported Zscaler's premium valuation multiple relative to broader software peers.
Zscaler prices its platform on a per user per year subscription basis with tiered editions that bundle progressively more capability, contrasting sharply with the appliance-based pricing of legacy security vendors that historically charged for hardware, software licenses, support contracts and capacity upgrades separately. A typical enterprise might pay roughly $40 to $80 per user per year for Zscaler Internet Access Essentials at the entry tier, rising into the range of $200 to $300 per user per year for the most comprehensive Transformation bundles that include Zscaler Internet Access, Zscaler Private Access, Zscaler Digital Experience, Posture Control and advanced data protection. Pricing is negotiated rather than rate-card-driven for enterprise customers, with multi-year contracts generating discounts in exchange for revenue visibility. The model contrasts with traditional firewall vendors like Palo Alto Networks and Fortinet, where hardware refresh cycles and capacity-based licensing produce volatile customer outlays, and with seat-based SaaS pricing where the only growth lever is headcount. Zscaler's edition upsell motion targets existing accounts that started with Zscaler Internet Access and adds Private Access, then layers Digital Experience and Posture Control. The 115%-plus net retention rate reflects how effectively this edition expansion drives growth from the installed base without dependence solely on new logo wins or seat additions.