Zscaler is expanding its data sovereignty capabilities. Through a decentralized architecture with separate control, data, and logging planes, the company ensures that sensitive data never leaves the required jurisdiction. The expansion targets new regions and additional compliance features for organizations that must adhere to local regulations.
Encrypted traffic is decrypted and inspected locally, ensuring that sensitive files never leave the jurisdiction for analysis. Zscaler had previously built separate control planes for the U.S. and Europe, supplemented by separate logging planes in six countries. That approach is now being expanded to multiple new regions.
Users also gain full control over their encryption keys through integration with hardware security modules (HSMs). Only authorized parties can use these to decrypt traffic. At the same time, Zscaler accelerates compliance through a “Collect Once, Certify All” framework: a single set of security controls maps to overlapping regulations, speeding validation for GDPR, NIS2, and DoD IL5.
For companies with specific hardware certification requirements, Zscaler offers Private Service Edges. These are single-tenant appliances hosted by the customer and managed by Zscaler. Independent audits confirm that the platform encrypts and decrypts traffic without writing data to disk.
Resilience without a single point of failure
Unlike providers that rely on third-party infrastructure, Zscaler fully owns and manages its own cloud. As a result, an outage in a single data center has no impact on the overall service. This allows financial institutions to conduct realistic tests to verify that the platform does not constitute a single point of failure.
“Effective data sovereignty requires customers to have verified authority over their data residency, telemetry and control data plane data,” says Misha Kuperman, Chief Reliability Officer at Zscaler.
Tip: Zscaler acquires SquareX: browser is the digital front line