A challenge faced during the initial implementation involved routing and application dependency. After routing cloud workload traffic through Cloud Security Connector for Zscaler, a few applications started failing because they depended on specific external services that were getting blocked due to strict policies or SSL inspection. To resolve this, traffic was analyzed using Zscaler logs, the exact domains and services being impacted were identified, and a controlled policy exception was created while maintaining overall security. This helped strike the right balance between security and application availability, which is very important in production environments. A key learning from this was that while Cloud Security Connector for Zscaler provides strong security control, proper policy tuning and understanding application behavior is critical for smooth deployment. Cloud Security Connector for Zscaler has had a very positive impact, especially in terms of security and operational efficiency. Before implementation, cloud workloads had direct internet access through the NAT gateway, which limited visibility and control over outbound traffic. After adopting Cloud Security Connector for Zscaler, all traffic was routed through Zscaler, giving centralized visibility and full policy enforcement. One improvement observed was a significant increase in threat detection. The ability to identify and block suspicious outbound connections that were previously not visible improved the overall security posture. From an operational perspective, troubleshooting became much faster. Instead of checking multiple cloud logs, Zscaler logs could be directly used to analyze traffic behavior, which reduced incident resolution time. The dependency on traditional firewall appliances in cloud environments was reduced, which simplified the architecture and lowered operational overhead. Additionally, for compliance-driven clients in banking, it helped meet audit requirements by providing detailed logs and consistent policy enforcement across both users and workloads. Measurable improvements were observed after implementing Cloud Security Connector for Zscaler. In terms of visibility and threat detection, a 25 to 35 percent increase in identifying suspicious outbound connections was seen that were previously not visible when traffic was going through NAT. From an operational standpoint, troubleshooting time reduced by 45 to 55 percent because Zscaler logs could be directly analyzed instead of checking multiple cloud logs. Dependence on additional security appliances in the cloud was also reduced, which helped lower operational overhead and simplified the architecture. In terms of compliance, better audit readiness was achieved with centralized logging and consistent policy enforcement across workloads and users. While Cloud Security Connector for Zscaler is a strong solution, one area that could be improved, especially for teams that are new, is configuring route tables, ensuring proper traffic flow, and avoiding asymmetric routing, which can be challenging, particularly in large or multi-VPC environments. More automated deployment options or guided configurations, especially for AWS or Azure, would simplify the onboarding process. Another area for improvement is better visibility at the cloud-native level, such as tighter integration with cloud logs or more context-aware insight for workload behavior, which would make troubleshooting even faster. Once properly implemented, it works efficiently and provides strong security and visibility. In addition to deployment simplicity, improvements around policy tuning and documentation would add significant value. From a policy perspective, when Zscaler policy is extended to cloud workloads, it sometimes requires careful fine-tuning to avoid impacting application dependency. More predefined templates or workload-specific policy recommendations would help teams implement it faster with fewer disruptions. In terms of documentation, while the existing guides are helpful, more step-by-step real-world deployment examples, especially for multi-VPC or hybrid environments, would make onboarding smoother for teams. Tighter integration guidance with cloud-native tools such as AWS logging or monitoring services would further improve troubleshooting and visibility. From a support standpoint, faster access to best practice recommendations or reference architecture would help teams avoid common misconfigurations during the initial setup.
