Truststream Security Solutions

Zscaler Cloud Security Service

Zscaler Cloud Security delivers user security as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches. By moving security to a globally distributed cloud, organisations can easily scale protection to all offices or users, regardless of location, and minimize network and appliance infrastructure.


  • Full inline content inspection including SSL inspection
  • Real-time reputation-based threat correlation and protection
  • Real-time visibility, analytics and reporting
  • URL and content filtering
  • File type control
  • Inline antivirus & antispyware
  • Standard cloud firewall and optional advanced cloud firewall
  • Advanced threat protection and sandboxing
  • Cloud application visibility (CASB) and control
  • Optional DLP and bandwidth control services


  • Secure all of your web-traffic across users, devices, and locations
  • Keep your employees safe from malicious and compromised Internet sites
  • Identify infected devices, disable malware, and block data exfiltration
  • No on-premise equipment capital and support (FTE) costs
  • Easy implementation: no code changes or complex integrations are needed
  • Apply your organisation’s security policy using the service
  • Consistent protection no matter where users connect from
  • Consistent protection even when not connected to corporate WAN
  • Threat investigation and remediation is seamless and immediate
  • Extend your security capabilities with built-in firewall and sandboxing


£0.89 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9


Truststream Security Solutions

Mike Wawro

07815 188212

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints There are no operational constraints to the service
System requirements
  • For offices, set-up a GRE/IPsec router-tunnel to the closest Zscaler-DC
  • For mobile employees, forward traffic via the ZscalerApp or PACfile

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard Support: P1 response time 2 hours, P2 response time 4 hours, P3 response time 12 hours, P4 response time 48 hours.

Premium Support: P1 response time 30 minutes, P2 response time 1 hour, P3 response time 3 hours, P4 response time 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is provided by Zscaler with the Zscaler Cloud Security service (also known as the Zscaler Internet Access (ZIA) service). Premium support is available from Truststream at 12% of the annual list cost of the service. The Truststream Zscaler Premium Support service provides a dedicated support engineer with contextual knowledge of the customer implementation. It also gives regular technical account management meetings which can be in person or by Webex. The frequency of the meetings are agreed at the time of the implementation. Typically, more frequently initially, settling to a quarterly or six-monthly frequency.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The implementation of the Zscaler Cloud Security service is not a complex nor lengthy project. For offices, simply set up a router tunnel (GRE or
IPsec) to the closest Zscaler data center. For mobile employees, you can forward traffic via our lightweight Zscaler App or PAC file. Truststream supports organisations that are new to the service every step of the way. Online training and comprehensive user documentation is provided. Often, organisations evaluate and become comfortable with the service using a proof-of-concept trial. They then purchase the service and the PoC is simply switched into production making implementation straightforward and low-risk
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We do not hold any client data
End-of-contract process The customer removes the GRE/IPsec tunnels and Z-app tunnels to the Zscaler cloud and routes Internet traffic directly to the Internet rather than via Zscaler.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility The admin monitor is viewable as an application through a web browser.
Accessibility testing Not applicable
Customisation available Yes
Description of customisation The Zscaler Cloud Security service can be customised via the administration portal. It is very comprehensive in deployment, control options and reporting. It is best evaluated by a demonstration or a proof-of-concept trial.


Independence of resources The Zscaler global network consists of over 100 data centers. If there is a problem with one DC, user traffic is simply routed to the nearest alternative DC. Zscaler has been designed as a scalable cloud service from day 1. Currently, over 5,000 organisations in 185 countries are using the service to make 30 billion requests a day, 125 million of which are blocked for protection and compliance purposes.


Service usage metrics Yes
Metrics types The interactive reporting tool in the admin portal presents a wide range of standard reports, based on your organization's subscription, and provides the ability to create up to 500 custom reports as well. It supports real-time interactive analysis. You can seamlessly drill down from any report to the logs, where you can view details such as the specific URLs that users requested, risk score of each URL, and much more.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra support
Organisation whose services are being resold Zscaler

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach We do not hold customer data
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach For compliance mandates on local log archival, Zscaler Nanolog Streaming Service (NSS) allows you to transmit your logs to your SIEM in real time for external logging or advanced threat correlation. You can even fine-tune threat feeds to receive particular data in order to accommodate SIEM Events Per Second (EPS) restrictions.
Data export formats Other
Other data export formats Customizable to send log fields based on complex log filters
Data import formats Other
Other data import formats Live user credentials from ADFS or SSO integration

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The SaaS will be available to accept Customer’s Transactions and Sessions 100% of the total hours during every month Customer uses the SaaS. Service Availability is computed as a ratio of the number of Transactions and Sessions processed by Zscaler in any affected calendar month on behalf of Customer, to the number of Transactions and Sessions that should have been processed. Excluded Transactions and Sessions would not be factored into this Service Availability computation.

Percentage of Transactions and Sessions Processed During a Month:
>= 99.999%, service credit 0 days;
< 99.999% but >= 99.99%, service credit 3 days;
< 99.99% but >= 99.00%, service credit 7 days;
< 99.00% but >= 98.00%, service credit 15 days;
< 98.00%, service credit 30 days.
Approach to resilience Available on request
Outage reporting Public Dashboard & Email. The Zscaler Service Continuity Customer Notification Protocol is available on request. Type the term into a search engine.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels Available upon request
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Brightline for Zscaler, The British Assessment Bureau for Truststream
ISO/IEC 27001 accreditation date 26/06/14 for Zscaler, 07/10/16 for Truststream
What the ISO/IEC 27001 doesn’t cover Truststream scope: provision of cyber security services. Zscaler scope: the Zscaler cloud operations for its Security as a Service platform (including operations employees and network operations center) located in Zscaler’s network operations center in San Jose, California. Everything else is out of scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Available on request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on request
Vulnerability management type Undisclosed
Vulnerability management approach Not disclosed
Protective monitoring type Undisclosed
Protective monitoring approach Available upon request
Incident management type Undisclosed
Incident management approach Available upon request

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £0.89 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full product on qualified 30-day proof-of-concept trial. When organisations satisfy themselves that the product functions as specified, they usually proceed to purchase and the PoC trial is simply switched to production and the full production user-load added.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑